expo/expoweb
1
0
Fork 0
mirror of https://expo.survex.com/repositories/expoweb/.git/ synced 2025-01-18 17:02:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

removing confusing language and fixing link to our PuTTy and tortoise instrucitons

Browse Source
This commit is contained in:
Philip Sargent 2020-01-09 21:29:42 +00:00
parent f560ba6daf
commit 85c4de8c9d
5 changed files with 33 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
handbook/computing/keyexchange.html
View File

@ -1,21 +1,24 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Handbook placeholder page</title>
<link rel="stylesheet" type="text/css" href="../../css/main2.css" />
</head>
<body>
<h2 id="tophead">CUCC Expedition Handbook</h2>
<h1>Cryptographic Key Exchange</h1>
<p>As of the server move in spring 2019 you need authorisation on the expo server to log in. This takes the form of an ssh key. You generate it on the machine you use for access, then send the public half to the server. Once done all logins are automatic - no passwords needed.</p>
<h1>Key-Pair Setup</h1>
<p>As of the server move in spring 2019 you need authorisation on the expo server to log in. This takes the form of an ssh key. You generate a key-pair on the machine you use for access, then send the public half to the server. Once done all logins are automatic - no passwords needed.</p>
<p>'ssh' is 'secure shell' and is widely used for secure access to machines and services.</p>
<h2>What do I need to do?</h2>
<p>You will need to run ssh-keygen/PuTTYgen on your device, email the public key to someone who already has ssh access (Wookey, Paul Fox, Philip Sargent, Sam Wenham). Once installed by them you should be able to log in as 'expo' over ssh (and other software like tortoise will also use this behind the scenes). This only needs doing once (for any machine you want access from).</p>
<p>Explanation of how <a href="https://www.ssh.com/ssh/keygen/">ssh keys</a> work.</p>
<p>Our own documentation for <a href="../tortoise/tortoise-win.htm">installing PuTTy on Windows</a>.
<p>Explanation of <a href="https://www.ssh.com/ssh/keygen/">key-pairs and the ssh-keygen command</a>.</p>
<p>A public key file looks like this: <tt>ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApc9+PAMrDtWa8D8/ZneLP2X9UOYmTITAhTd2DRs8SE+NDgis5pYo/Xhtbrg86ePMAC2YM5xAkYx3jNA/VZ/PkB3gTzYJW3T/zTH+cc7YeWhy9l1zIMaYqeyvw7FxeSBaR4XoLPVtVUlai8DUDiWAEm7VvOKj1n68z1LxVh1MZXLm7btckf6fske2YU9UpjqT++AURQvFheRJ4la7KBJ7LXZ3A/TQ7HQaTpqmcQKCiRj/yZ5FNHxBk0M+ShbHUtz1GhXRCMJ3LZHaw24OJyVJ8YNzBiStBb1qcWCXX7HR9CUNhz7tA5HZyc1lau/1vwk8MSe93lyyLntzJKkqmkW/cQ== wookey@kh</tt>i.e. a long string of characters with 'ssh-rsa' at the start and a 'user'@'machine' ID at the end.</p>
@ -36,6 +39,8 @@
<li>If not, run <tt>ssh-keygen</tt>. It may ask about passwords: you can add a password for extra
security, but a passwordless key is fine, and more convenient.</li>
<li>That will create a file: <tt>.ssh/id_rsa.pub</tt> in your home directory. Email that file to one of the admins listed above. </li>
<li>Run Pageant (it will have been installed in your Start menu, otherwise find it it "C:\Program Files\PuTTY\pageant.exe"). Click the "Add Key" button. Select the .ppk file in the pop-up file list. You only need to do this once.
</ol>
<h3>MacOS</h3>
@ -53,9 +58,8 @@
<li>There is apparently a version of the <a href="https://play.google.com/store/apps/details?id=com.server.auditor.ssh.client&hl=en">Termius app</a>
for iPhones. Please try it out and document it here.
</ul>
</li>
<li>Erm, dunno...please fill in</li>
<h2>Your second machine</h2>
<p>OK, you have an uploaded and usable key and you can ssh into the expo server. Now you want to set up a key for another machine such as your phone. You don't need a nerd admin now, you can do this yorself.

8
handbook/computing/qstart-hg.html
View File

@ -1,5 +1,7 @@
<td>|</td>
<td><a href="years/2018/">2018</a></td>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Handbook placeholder page</title>
<link rel="stylesheet" type="text/css" href="../../css/main2.css" />
</head>
@ -11,7 +13,7 @@
<p>This is NOT a tutorial. This is a set of reminders for people who already know all this stuff.
<p>Since 2019 all use of version control software requires that you
have <a href="keyexchange.html">cryptographic key exchange</a> already set up before any of this will work on your own machine.
have <a href="keyexchange.html">key-pair setup</a> already set up before any of this will work on your own machine.
<p>You can, however, do all this on the <i>expo laptop</i> as this has already been configured with the right keys.
<dl>

30
handbook/computing/winlaptop.html
View File

@ -32,7 +32,7 @@
<p>Anything where the file upload and download is done via the verson control client software works really well.
<h4>Key management using PuTTy</h4>
<p>Most Windows software that we recommend "just works" if you have set up PuTTy and have done the <a href="keyexchange.html">cryptographic key exchange</a> and are running a local ssh agent (pagent) automatically at boot up on your laptop.
<p>Most Windows software that we recommend "just works" if you have set up PuTTy and have done the <a href="keyexchange.html">key-pair setup</a> and are running a local ssh agent (pagent) automatically at boot up on your laptop.
<p>Some software, such as the commercial (but free) GitKraken, requires that you click a checkbox to say that you are "using local SSH agent" rather than specifying ssh private keys explicitly (File->Preferences->Authentication in GitKraken).
<p>Some software (such as FIlezilla) defaults to using the local agent and it "just works".
@ -56,7 +56,7 @@ is a link to the file <span style="font-family:monospace; size=x-small; backgrou
There are two types of linux links: hard links and symbolic links. Symbolic links are much the same thing as Window's "Shortcuts" but there is no equivalent on Windows to Linux hard links. Fortunately we don't <em>seem</em> to have any hard links anywhere.
<p>What really makes things unpleasant is that sFTP software won't tell you when it comes across a link and will just do something stupid. Our recommended sFTP software - Filezilla - is guilty of this,as it pftp (PuTTY) working in eith sFTP or scp mode.. So what happens is that when you download a load of files onto your laptop using Filezilla it will simply turn every link it finds into a complete copy of the file. Then when you upload those files to the server, the copied file overwrites the link. So the server now has two files with the same content - which is a maintenance nightmare. This is painfully stupid because if it is a symbolic link there is no reason why Filezilla couldn't just create a Windows Shortcut which would do exactly the same thing. But it doesn't.
<p>What really makes things unpleasant is that sFTP software won't tell you when it comes across a link and will just do something stupid. Our recommended sFTP software - Filezilla - is guilty of this,as it pftp (PuTTy) working in eith sFTP or scp mode.. So what happens is that when you download a load of files onto your laptop using Filezilla it will simply turn every link it finds into a complete copy of the file. Then when you upload those files to the server, the copied file overwrites the link. So the server now has two files with the same content - which is a maintenance nightmare. This is painfully stupid because if it is a symbolic link there is no reason why Filezilla couldn't just create a Windows Shortcut which would do exactly the same thing. But it doesn't.
<p>So the ordinary user won't notice any problems, but the nerds behind the scenes start to cuss and shout and generally carry-on in an expletive-heavy manner.
@ -80,9 +80,9 @@ it downloads a <em>copy</em> of the contents of essentials.gpx and not a link.
</ul>
<h3 id="hard">Things that are really quite involved</h3>
<p>The core problem is integrating the PuTTy key management software (pagent.exe) with a terminal window. We need a terminal window to run rsync as none of the packaged software (Filezilla, PuTTY) includes an rsync client.
<p>The solution we have now is to use WSL1 and to create another key, distinct from the PuTTY one, and to upload that key to the expo server. Because this is treating WSL as if it were a different machine requiring its own key quite separate from the Windows key, we expect this to continue to work when WSL2 becomes the default behaviour on Windows10.
<p>So on a machine with WSL enabled, create an ordinary cmd window and get intot he WSL environment using the wsl command:<br>
<p>The core problem is integrating the PuTTy key management software (pagent.exe) with a terminal window. We need a terminal window to run rsync as none of the packaged software (Filezilla, PuTTy) includes an rsync client.
<p>The solution we have now is to use WSL1 and to create another key, distinct from the PuTTy one, and to upload that key to the expo server. Because this is treating WSL as if it were a different machine requiring its own key quite separate from the Windows key, we expect this to continue to work when WSL2 becomes the default behaviour on Windows10.
<p>So on a machine with WSL enabled, create an ordinary cmd window and get into the WSL environment using the wsl command:<br>
<span style="font-family:monospace; size=x-small; background-color: lightgray">
D:\CUCC-Expo\expoweb\ <font color=red>wsl</font>
</span>
@ -119,7 +119,7 @@ $
</tt>
</pre>
The generated key is in the current directory and you need to move them to ~/.ssh/ as is standard on Linux (which is not at all the same place that PuTTy uses to keep keys on Windows).
<p>Now you have to complete the <a href="keyexchange.html">key exchange process</a> with the new key "id_ras_wsl.pub". But you don't need anyone else's help this time as you can use PuTTy to ssh into the server and copy your key to the right place yourself.
<p>Now you have to complete the <a href="keyexchange.html">key-pair setup</a> with the new key "id_ras_wsl.pub". But you don't need anyone else's help this time as you can use PuTTy to ssh into the server and copy your key to the right place yourself.
<p>
Now finally you can use all the usual command line tools at yor wsl command line to communicate with the server with ssh, scp, rsync, such as:
<pre>
@ -130,22 +130,24 @@ Now finally you can use all the usual command line tools at yor wsl command line
<p>So here is the current wild frontier. Currently these are the ways to get a terminal window which might work:
<ul>
<li>cmd window - the old faithful going all the way back to MS-DOS. But no path to an rsync.exe executable as standard.
<li>PowerShell terminal window - nope, no rsync.
<li>bash window - installed by default when you install <A href="https://gitforwindows.org/">gitforwindows</a>. Unfortunately while this <a href="https://en.wikipedia.org/wiki/MinGW">MINGW32</a> setup includes a comamnd-line git executable it doesn't include rsync.
<li>cygwin - a cmd terminal where you have downloaded and installed <a href="https://www.cygwin.com/">Cygwin</a>. Yes, if you have selected the rsync package you will be able to run the rysnc executable, but it won't have access to the cyptographic key so it can't connect to the expo server. Please feel free to work out how to make this work. A more recent, graphical variant is <a href="https://hackaday.com/2017/03/29/swan-better-linux-on-windows/">Swan</a>.
<li>PowerShell terminal window - nope, no rsync.
<li><a href="https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux">Windows Subsystem for Linux</a> aka WSL1 available on all Windows10 machines since the November 2019 update.
<li><img src="wsl.jpg" align="right" hspace="10"><a href="https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux">Windows Subsystem for Linux</a> aka WSL1 available on all Windows10 machines since the November 2019 update. (The first versions of WSL1 didn't do the ssh key-pair setup easily: <a href="https://blog.anaisbetts.org/using-github-credentials-in-wsl2/">"fairly annoying because of how out-to-lunch SSH Agent is"</a> but it works now.)
<ul>
<li> <a href="https://code.visualstudio.com/remote-tutorials/wsl/enable-wsl">Install it like this</a>. This does all we want. This works using a key generated by its own version of ssh-keygen if you follow the instructions above about putting it in the right place. This will shortly be made obsolete by:
<li><a href="https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux#WSL_2">WSL2</a> - the new wonderful system which will solve all our problems, make the tea and carry our gear up to topcamp. Allegedly.
<li>WSL1 <a href="https://code.visualstudio.com/remote-tutorials/wsl/enable-wsl">Install it like this</a>. This does all we want. This works using a key generated by its own version of ssh-keygen if you follow the instructions above about putting it in the right place.
<li>WSL1: <a href="https://hackaday.com/2019/12/23/linux-fu-wsl-tricks-blur-the-windows-linux-line/"> Converting Windows paths to Linux paths and vice-versa</a>.
<li>WSL1 will shortly be made obsolete by <a href="https://en.wikipedia.org/wiki/Windows_Subsystem_for_Linux#WSL_2">WSL2</a> - the new wonderful system which will solve all our problems, make the tea and carry our gear up to topcamp. Allegedly.
<li>The <a href="https://docs.microsoft.com/en-us/windows/wsl/install-win10">2019 WSL2 release</a> includes a selection of complete Linux kernels. If you want to use this, then please do - and then write the handbook documentation too. But beware that it has <a href="https://docs.microsoft.com/en-us/windows/wsl/wsl2-index">two different modes</a> which behave differently.
</ul>
<li><a href="https://www.theregister.co.uk/2019/12/18/multipass/">Canonical Multipass</a> - a completely different alternative to WSL: more isolation, more understandable behaviour (?)
<li>A full <a href="https://www.brianlinkletter.com/installing-debian-linux-in-a-virtualbox-virtual-machine/">virtual Linux machine</a> running using a hypervisor such as <a href="https://www.virtualbox.org/">VirtualBox</a> which has its own virtual Linux filesystem. This setup has the advantage that you don't have to partitition your hard drive but the disadvantage that you can't get at any of the files from Windows itself except via a network protocol \\wsl$. Which may be no hardship.
</ul>
<p><img src="wsl.jpg" align="right" hspace="10">
WSL: the Windows Subsystem for Linux, variant 1. The first versions of WSL1 didn't do the ssh key exchange process easily: <a href="https://blog.anaisbetts.org/using-github-credentials-in-wsl2/">"fairly annoying because of how out-to-lunch SSH Agent is"</a> but it works now.
<p>WSL1 also introduces a wonderful new problem of file permissions. Every file on the Windows filesystem NTFS has a set of permissions managed by the filesystem. Every NTFS file that WSL knows about (if mounted with -o metadata) acquires a completely parallel set of file permissions that "mirror" the NTFS permissions but can get out of sync. <a href="https://devblogs.microsoft.com/commandline/chmod-chown-wsl-improvements/">All sorts of fun</a> results: <em>"With network file systems, DrvFs does not set the correct Linux permissions bits on a file; instead, all files are reported with full access (0777) and the only way to determine if you can actually access the file is by attempting to open it."</em>. This will be fixed by WSL2 which will have <a href="https://docs.microsoft.com/en-us/windows/wsl/wsl2-ux-changes">an entirely separate filesystem</a>, a Virtual Hardware Disk (VHD). Which will introduce a quite different set of interesting problems.
<h4>WSL1 tricks and tips</h4>
<p>WSL1 unfortunately introduces a wonderful new problem of file permissions. Every file on the Windows filesystem NTFS has a set of permissions managed by the filesystem. Every NTFS file that WSL knows about (if mounted with -o metadata) acquires a completely parallel set of file permissions that "mirror" the NTFS permissions but can get out of sync. <a href="https://devblogs.microsoft.com/commandline/chmod-chown-wsl-improvements/">All sorts of fun</a> results: <em>"With network file systems, DrvFs does not set the correct Linux permissions bits on a file; instead, all files are reported with full access (0777) and the only way to determine if you can actually access the file is by attempting to open it."</em>. This will be fixed by WSL2 which will have <a href="https://docs.microsoft.com/en-us/windows/wsl/wsl2-ux-changes">an entirely separate filesystem</a>, a Virtual Hardware Disk (VHD). Which will introduce a quite different set of interesting problems.
<p>If you are disturbed by the instructions to produce an entirely different key for WSL1 to use when your PC already has a perfectly good PuTTy key installed on the server, then you are right. It is inelegant. But it works, the instructions are shorter and there are fewer things that go wrong. If you are terribly offended by that then you can set your PC up to use one key shared between WSL and normal-Windows as described in <a href="https://devblogs.microsoft.com/commandline/sharing-ssh-keys-between-windows-and-wsl-2/">this October 2019 article</a>. (Don't set up a password on the key because then you don't need to install keychain.) But beware, this sort of thing goes out of date quite rapidly and WSL2 is looming.
@ -153,7 +155,7 @@ WSL: the Windows Subsystem for Linux, variant 1. The first versions of WSL1 didn
<ul>
<li><a href="https://www.hanselman.com/blog/CoolWSLWindowsSubsystemForLinuxTipsAndTricksYouOrIDidntKnowWerePossible.aspx">Cool WSL tricks</a> - running Windows commands from WSL environment and running Linux commands from Windows terminal.
<li><a href="https://code.visualstudio.com/blogs/2019/09/03/wsl2">deep integration</a> - Don't use gitforwindows, install the linux git client in WSL2
<li><a href="https://hackaday.com/2019/12/23/linux-fu-wsl-tricks-blur-the-windows-linux-line/">Converting Windows paths to Linux paths and vice-versa.
<li><a href="https://blog.anaisbetts.org/using-github-credentials-in-wsl2/">using-github-credentials-in-wsl2</a> - How to use gitforwindows and WSL to connect to GitHub.
<li><a href="https://code.visualstudio.com/blogs/2019/09/03/wsl2">WSL2 & Visual Studio Code</a>

1
handbook/computing/yourlaptop.html
View File

@ -75,6 +75,7 @@ but all the recommended software here is open source (and please don't install p
<p>For Windows users only:
<ul>
<li>Read our instructions for setting up TortoiseHg in <a href="../tortoise/tortoise-win.htm">Tortoise-on-Windows</a>. (But this won't work at all until you set up the key exchange using PuTty/Pageant.)
<li><a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html">PuTTY</a> including pagent. Version 0.73 was released on 2019-09-29. You need this to generate and to use ssh keys on Windows. Otherwise none of git, mercurial, scp, ftp or rsync will work. It includes command line tools ssh, scp (pscp) and sFTP (psftp).
<li><a href="https://gitforwindows.org/">Git for Windows</a>
<li><a href="https://tortoisegit.org/support/faq/#prerequisites">TortoiseGit</a> - GUI interface to git

2
years/2018/logbook.html
View File

@ -1742,7 +1742,7 @@ in under an hour.
<p><b>Day 2</b></p>
We took our long rope +14m rope to the muddy, drafty end of Radio Silence where the previous
(Anthony/Chris/Hydra) camping trip had got to + unenthusiastically started to rig (George) and
to shiver (Becka + Adam). After some time (we cracked and got intot he bothy) George
to shiver (Becka + Adam). After some time (we cracked and got into the bothy) George
shouted that he was past the worst of the drips
(we're haviung a drought, itwould probably be nasty in the rain)
+ we should come down.