gemini://bulletpr00f.host/gemlog/posts/2021-12-28.gmi

-- Leo's gemini proxy

-- Connecting to bulletpr00f.host:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

ssh applications

A while back someone emailed me to ask how I set this up.

ssh fortune@jump.bulletpr00f.host -p 2222
 _________________________________________
/ Q: How many surrealists does it take to \
| change a light bulb? A: Two, one to     |
| hold the giraffe, and the other to fill |
| the bathtub                             |
|                                         |
| with brightly colored machine tools.    |
|                                         |
| [Surrealist jokes just aren't my cup of |
\ fur. Ed.]                               /
 -----------------------------------------
   \
    \
        .--.
       |o_o |
       |:_/ |
      //   \ \
     (|     | )
    /'\_   _/`\
    \___)=(___/

Connection to jump.bulletpr00f.host closed.

It automatically logs you in and displays a a penguin saying something.

Solderpunks blog post explains how it works really well but I figured I'd write a simple step by step thing to explain it in case anyone has trouble following it. Like for example me next time I break my server and can't recall exactly how this was done.

solderpunk's post is here

Steps

Create the user with no password and blank gecos, if you want gecos leave the --gecos '' out. (gecos is the personal information like name phone number and stuff. I don't typically fill this out for service accounts.

the first command creates a user with no password, then the second deletes the password.

adduser --disabled-password --gecos '' fortune
passwd -d fortune

Put something like the following in your sshd config.

Note: some older versions of openssh-server have a bug where this does not work if you put it it in /etc/ssh/sshd_config.d/

So if you're running a version older than 8.4 you will have to put it in /etc/ssh/sshd_config directly

https://bugzilla.mindrot.org/show_bug.cgi?id=3122

Match User fortune
        PasswordAuthentication yes
        PermitEmptyPasswords yes
        ForceCommand fortune|cowsay -f tux

restart your ssh server

That should pretty much do it.

also i run this weird setup inside of an lxd container on my host so I use this to forward port 2222 to port 22 in the container

lxc config device add games ssh proxy listen=tcp:0.0.0.0:2222 connect=tcp:127.0.0.1:22

-- Response ended

-- Page fetched on Fri May 10 05:29:15 2024