&My::Web::footer call is deprecated now, use just: exit;

[www.jankratochvil.net.git] / project / ssht / Index.pm

# $Id$
# Main page of 'My::Project::ssht'
# Copyright (C) 2003-2005 Jan Kratochvil <project-www.jankratochvil.net@jankratochvil.net>
# 
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; exactly version 2 of June 1991 is required
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA


package project::ssht::Index;
require 5.6.0;  # at least 'use warnings;' but we need some 5.6.0+ modules anyway
our $VERSION=do { my @r=(q$Revision$=~/\d+/g); sprintf "%d.".("%03d"x$#r),@r; };
our $CVS_ID=q$Id$;
use strict;
use warnings;

use My::Web;
Wuse 'project::Lib';


our @ListItem=(
                "name"=>"ssht",
                "platform"=>"unixuser",
                "priority"=>90,
                "cvs"=>"ssht",
                "summary"=>sub {
                                return 'Unattended intranet host accessibility by '.a_href('http://www.openssh.org/','SSH').' tunnel';
                                },
                "license"=>"PD",
                "maintenance"=>"ready",
                "sponsorship"=>sub { return a_href('http://www.jklabs.cz/','JKLabs'); },
                "language"=>"bash",
                "description"=>sub { return <<"HERE"; },
<p>Do you need to admin remote host placed in the intranet behind firewall out of your control?
If the firewall performat NAT (masquerade) where you can connect from
the intranet to the outer world by @{[ a_href 'http://www.openssh.org/','SSH' ]}
you can use these security safe scripts.</p>
<p>If you are able to set up port forwarding on the firewall you do not need any such scripts.
In the case of HTTP-only proxy you cannot use these scripts - look elsewhere.</p>
HERE
                );

sub handler
{
project::Lib->init();


my $cvsfile=sub ($) {
my($file)=@_;

        return a_href $W->{"project_viewcvs"}.'/*checkout*/ssht/hostintranet/etc-inittab?rev=HEAD',
                        escapeHTML($file);
};

print <<"HERE";

<ul>
        <li>
                <p>Replace all strings <b>hostintranet</b> by the name of your firewalled
                intranet machine (without any dots - it must be valid string token).</p>
        </li>
        <li>
                <p>Replace all strings <b>public.internet.com</b> by the hostname of your
                server in public Internet. Replace <b>1.2.3.4-IP-of-public.internet.com</b>
                with IP address of this host</p>
        </li>
        <li>
                <p>Generate new keypair by '<b>ssh-keygen -t dsa</b>'.</p>
                <p>Place its public key part to
                @{[ &{$cvsfile}('public.internet.com/home-hostintranet-ssht/.ssh/authorized_keys') ]}.</p>
                <p>Place its private key part to
                @{[ &{$cvsfile}('hostintranet/public.internet.com--hostintranet-ssht--identity') ]}.
                Protect this file by '<i>chmod 600 hostintranet/public.internet.com--hostintranet-ssht--identity</i>'.</p>
        </li>
        <li>
                <p>Append line from @{[ &{$cvsfile}('public.internet.com/etc-passwd') ]}
                to the file <b>/etc/passwd</b> on your server in public Internet.</p>
        </li>
        <li>
                <p>Append line from @{[ &{$cvsfile}('hostintranet/etc-inittab') ]} to
                the file <b>/etc/inittab</b> on your firewalled intranet machine.</p>
                <p>Execute '<i>init q</i>' command there.</p>
        </li>
</ul>
HERE


exit;
}
1;