加密命令:
cat {想要加密的文件名} | crypt {想要设置的密码} > {新文件名/*也可以是源文件名*/}
解密命令:
crypt { 密码} <被加密文件的文件名> <解密后生成新文件的名称/*这里决不可使用被加密的文件名*/>
现有一个文档“ricky1”
#cat ricky1 | crypt 1234 > ricky1
这样一来“ricky1”就被加密了
要想将ricky1解密则使用下面的命令
#crypt 1234 <ricky1> ricky2
http://zi0r.com/2010/02/28/freebsd-redundant-dns-with-carp.html
Improve reliability with CARP and redundant DNS on two boxes. Almost everyone already has (at least) two nameservers, so why not add CARP into the mix to make it appear as if they’re always available?
This setup assumes two nameservers. Both nameservers will have a total of 3 IPs assigned to them, two of which are the floating CARP IPs and one of which is a unique management IP for each box. Each nameserver will be the CARP backup for the other nameservers primary nameserver IP. If one goes down, the other will assume responsibility for the IP.
You’ll need to assign your nameservers two new IPs (to be used for management) and take the original pair of IPs and we’ll use those for the carp interfaces.
1. Rebuild/install your kernel with:
device carp
2. Edit /etc/rc.conf to add:
cloned_interfaces=“carp0 carp1”
ifconfig_carp0=“create”
ifconfig_carp1=“create”
3. Setup the CARP interfaces:
I set the vhid’s to be the last octet of the floaty IP, however, you can set them to be whatever you want as long as they match on both boxes.
On ns1:
Create /etc/start_if.carp0 with the following:
#!/bin/sh
ifconfig carp0 vhid XX advbase 1 advskew 10 pass supersecretpasswordhere netmask
Create /etc/start_if.carp1 with the following:
#!/bin/sh
ifconfig carp1 vhid YY advbase 2 advskew 10 pass othersupersecretpasswordhere netmask
Then run:
chmod go-rwx /etc/start_if.carp*;chmod +x /etc/start_if.carp*
On ns2:
Create /etc/start_if.carp0 with the following:
#!/bin/sh
ifconfig carp0 vhid YY advbase 1 advskew 10 pass supersecretpasswordhere netmask
Create /etc/start_if.carp1 with the following:
#!/bin/sh
ifconfig carp1 vhid XX advbase 2 advskew 10 pass othersupersecretpasswordhere netmask
Then run:
chmod go-rwx /etc/start_if.carp*;chmod +x /etc/start_if.carp*
4. Ensure named is configured to bind to the management IP (for zone transfers, etc.), ns1.ip and ns2.ip (on both boxes!) or ensure that it listens on *.
5. Add net.inet.carp.log=2 to /etc/sysctl.conf for some extra logging info.
6. Reboot. Your primary box should come up with ns1.ip as MASTER and ns2.ip as BACKUP. Your secondary box should come up with ns2.ip as MASTER and ns1.ip as BACKUP. Check ifconfig and dmesg to confirm.
实易智能DNS系统4.0.0版本,在前面几个重要版本的基础上,继续增加了许多企业级应用功能和增加更多的易用性功能。
1、增加中文域名、记录支持
2、增加双机热备、负载均衡功能
3、增加链路聚合功能
4、增加查询统计图形功能
5、增加域名、记录导出功能
6、增加在线升级功能
7、增加开启、关闭域名智能解析功能
8、增加手工同步时间功能
9、增加中文域名转码工具功能
10、增加设置https的CA证书功能
11、增加根据服务器内存大小自动调整日志、存储空间大小功能
12、增加SSH功能
13、增加IP库更新功能
14、增加system shell功能
1、增强记录查找功能,可以导出,批量修改等
2、域名、线路管理操作后跳转到当前页等
3、简化安装后初始化网卡配置
4、增加批量导入域名、记录的详细提示信息
5、简化批量导入IP库的功能
6、增加清空线路IP库功能
1、不能导入TXT记录的问题
2、记录查找时,不能翻页的问题
3、不能恢复默认WEB端口、防火墙规则和默认密码
4、whois工具查询中国域名乱码问题
5、修改admin密码后http方式不能登录
6、不能查看中文域名查询统计
7、关闭区域传送功能
1、核心系统升级到FreeBSD-8.1最新稳定版本
2、DNS 升级到9.7.2最新稳定版本
1、只有购买技术服务的用户,才能升级到4.0版。
2、从4.0版本开始采用UTF-8编码,升级前请仔细阅读“如何从3.x升级到4.0版本“的说明。
3、使用前,请仔细阅读4.0版本的使用手册!
4.0.0-RELEASE 32位安装包
4.0.0-RELEASE 32位升级包
昨天发现 http://svn.bluelife.at/nightlies/ 上面最新的ports包里的开发版本已经升级到4.0.0版了。趁着make world升级完系统后,也将VirtualBox升级到4.0版。老习惯了,每次make world升级完系统,都重新编译安装下VirtualBox。
新版本增加了USB,远程桌面等功能。不过USB不会用,远程桌面暂时用不着。
抱着尝新和测试的态度,使用VirtualBox4。如果有什么问题,反馈给ports维护作者,也是一个贡献嘛。
为连接ssh,自己开发了个 pam 模块,命名为 pam_fedns.so。在i386环境,连接ssh没问题,amd64的环境连接就提示加载pam_fedns.so失败。
在网上找了个测试例子,检测发现少md5的连接库。加上-lmd 就搞定了。
#include <dlfcn.h>
#include <stdio.h>int
main (int argc, char **argv) {void *dlh;
dlh = dlopen(argv[1], RTLD_NOW);
if (dlh) {
printf(“dlopen %s worked\n”, argv[1]);
} else {
printf(“dlopen %s failed: %s\n”, argv[1], dlerror());
}
return 0;
}
原文链接:
http://freebsd.monkey.org/freebsd-stable/200709/msg00136.html
先帖个man,回头再仔细整理。
# man puttygen
Formatting page, please wait…Done.
puttygen(1) PuTTY tool suite puttygen(1)NAME
puttygen – public-key generator for the PuTTY toolsSYNOPSIS
puttygen ( keyfile | -t keytype [ -b bits ] )
[ -C new-comment ] [ -P ] [ -q ]
[ -O output-type | -l | -L | -p ]
[ -o output-file ]DESCRIPTION
puttygen is a tool to generate and manipulate SSH public and private
key pairs. It is part of the PuTTY suite, although it can also interop-
erate with the private key formats used by some other SSH clients.When you run puttygen, it does three things. Firstly, it either loads
an existing key file (if you specified keyfile), or generates a new key
(if you specified keytype). Then, it optionally makes modifications to
the key (changing the comment and/or the passphrase); finally, it out-
puts the key, or some information about the key, to a file.All three of these phases are controlled by the options described in
the following section.OPTIONS
In the first phase, puttygen either loads or generates a key. The
options to control this are:keyfile
Specify a private key file to be loaded. This private key file
can be in the (de facto standard) SSH-1 key format, or in
PuTTY’s SSH-2 key format, or in either of the SSH-2 private key
formats used by OpenSSH and ssh.com’s implementation.-t keytype
Specify a type of key to generate. The acceptable values here
are rsa and dsa (to generate SSH-2 keys), and rsa1 (to generate
SSH-1 keys).-b bits
Specify the size of the key to generate, in bits. Default is
1024.-q Suppress the progress display when generating a new key.
In the second phase, puttygen optionally alters properties of the key
it has loaded or generated. The options to control this are:-C new-comment
Specify a comment string to describe the key. This comment
string will be used by PuTTY to identify the key to you (when
asking you to enter the passphrase, for example, so that you
know which passphrase to type).-P Indicate that you want to change the key’s passphrase. This is
automatic when you are generating a new key, but not when you
are modifying an existing key.In the third phase, puttygen saves the key or information about it. The
options to control this are:-O output-type
Specify the type of output you want puttygen to produce. Accept-
able options are:private
Save the private key in a format usable by PuTTY. This
will either be the standard SSH-1 key format, or PuTTY’s
own SSH-2 key format.public Save the public key only. For SSH-1 keys, the standard
public key format will be used (`1024 37 5698745…’).
For SSH-2 keys, the public key will be output in the for-
mat specified by RFC 4716, which is a multi-line text
file beginning with the line `—- BEGIN SSH2 PUBLIC KEY
—-’.public-openssh
Save the public key only, in a format usable by OpenSSH.
For SSH-1 keys, this output format behaves identically to
public. For SSH-2 keys, the public key will be output in
the OpenSSH format, which is a single line (`ssh-rsa
AAAAB3NzaC1yc2…’).fingerprint
Print the fingerprint of the public key. All fingerprint-
ing algorithms are believed compatible with OpenSSH.private-openssh
Save an SSH-2 private key in OpenSSH’s format. This
option is not permitted for SSH-1 keys.private-sshcom
Save an SSH-2 private key in ssh.com’s format. This
option is not permitted for SSH-1 keys.If no output type is specified, the default is private.
-o output-file
Specify the file where puttygen should write its output. If this
option is not specified, puttygen will assume you want to over-
write the original file if the input and output file types are
the same (changing a comment or passphrase), and will assume you
want to output to stdout if you are asking for a public key or
fingerprint. Otherwise, the -o option is required.-l Synonym for `-O fingerprint’.
-L Synonym for `-O public-openssh’.
-p Synonym for `-O public’.
The following options do not run PuTTYgen as normal, but print informa-
tional messages and then quit:-h, –help
Display a message summarizing the available options.-V, –version
Display the version of PuTTYgen.–pgpfp
Display the fingerprints of the PuTTY PGP Master Keys, to aid in
verifying new files released by the PuTTY team.EXAMPLES
To generate an SSH-2 RSA key pair and save it in PuTTY’s own format
(you will be prompted for the passphrase):puttygen -t rsa -C “my home key” -o mykey.ppk
To generate a larger (2048-bit) key:
puttygen -t rsa -b 2048 -C “my home key” -o mykey.ppk
To change the passphrase on a key (you will be prompted for the old and
new passphrases):puttygen -P mykey.ppk
To change the comment on a key:
puttygen -C “new comment” mykey.ppk
To convert a key into OpenSSH’s private key format:
puttygen mykey.ppk -O private-openssh -o my-openssh-key
To convert a key from another format (puttygen will automatically
detect the input key type):puttygen my-ssh.com-key -o mykey.ppk
To display the fingerprint of a key (some key types require a
passphrase to extract even this much information):puttygen -l mykey.ppk
To add the OpenSSH-format public half of a key to your authorised keys
file:puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys
BUGS
There’s currently no way to supply passphrases in batch mode, or even
just to specify that you don’t want a passphrase at all.PuTTY tool suite 2004-03-24 puttygen(1)
http://www.electrictoolbox.com/putty-rsa-dsa-keys/
今天配置了个pptp,自己懒得写文档,就转一篇网文。
这是防火墙规则,做NAT转发:
lop_if = “lo0″
ext_if = “re0″
sync_if= “re0″
ext_carp = “carp0″set block-policy drop
set loginterface $ext_ifset skip on $lop_if
scrub in
# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat-anchor “ftp-proxy/*”
rdr-anchor “ftp-proxy/*”
#block in#pass in keep state
pass out keep stateanchor “ftp-proxy/*”
pass quick on { $sync_if } proto pfsync keep state (no-sync)
pass on { $ext_if } proto carp keep state
下面是转载内容:
---------------------------
mpd5 on FreeBSD 8.0-RELEASE-p2
步驟1.安裝 mpd5 套件
切換至 Ports Tree 路徑安裝 mpd 套件
#cd /usr/ports/net/mpd5 //切換到安裝路徑
#make install clean //安裝套件並清除安裝過程中產生不必要檔案
步驟2.修改 mpd 設定檔 (mpd.conf)
修改 mpd 設定檔 (mpd.conf) 內容如下
#vi /usr/local/etc/mpd5/mpd.conf //修改內容如下
startup:
set user weithenn weithenn1688 //使用 Web 登入查看 VPN 狀態時的登入帳號及密碼
set web self 61.60.59.58 5006 //Web 查看 VPN 狀態的 IP 及 Port (此例為 http://61.60.59.58:5006)
set web open //開啟 Web
default:
load pptp_server
### Server IP 為 Gateway IP (192.168.88.1)
### Client IP 為 VPN Client 屆時連通後發給的 IP (192.168.88.56 ~ 60)
pptp_server:
set ippool add LANPOOL 192.168.88.56 192.168.88.60
create bundle template VPN
set iface disable on-demand
set iface idle 0
set iface enable proxy-arp
set iface enable tcpmssfix
set ipcp yes vjcomp
set ipcp ranges 192.168.88.1/32 ippool LANPOOL
set bundle enable compression
set ccp yes mppc
set mppc no e40
set mppc yes e128
set mppc yes stateless
create link template VPNLINK pptp
set link action bundle VPN
set link enable multilink
set link yes acfcomp protocomp
set link no pap chap
set link enable chap
set link keep-alive 30 300
set link mtu 1460
set pptp self 61.60.59.58
set link enable incoming
步驟3.修改 mpd 密碼檔 (mpd.secret)
修改 mpd 密碼檔 (mpd.secret) 內容如下,由於此密碼檔為 明碼 的文字檔案,因此設定完成後建議將檔案權限設定為 600。
#/usr/local/etc/mpd/mpd.secret //修改內容如下
weithenn “vpn123″ //設定 VPN 帳號及密碼
#chmod 600 mpd.secret //設定檔案權限
步驟4.修改 rc.conf
修改 /etc/rc.conf 檔以便系統重新開機時能自動啟動 mpd 服務
#vi /etc/rc.conf //修改 rc.conf 內容如下
gateway_enable=”YES” //啟動 Forwarding IP Packet (net.inet.ip.forwarding:1)
mpd_flags=”-b” //加入此行,背景執行
mpd_enable=”YES” //加入此行
步驟 5.建立 mpd.log
建立 mpd.log 及修改 /etc/syslog.conf 檔以便將 mpd5 運作相關訊息寫入 mpd.log 內
#vi /etc/syslog.conf //加入下列二行
!mpd
*.* /var/log/mpd.log
#touch /var/log/mpd.log //建立 Log 檔
#/etc/rc.d/syslogd reload //重新載入 syslog.conf 設定
步驟6.啟動 mpd 服務
鍵入如下指令啟動 mpd 服務
#/usr/local/etc/rc.d/mpd5 start //啟動
stop //停止
restart //重新啟動
rcvar //顯示可加入至 rc.conf 的參數
status //目前執行狀態
檢查 mpd 執行序是否執行
#ps aux |grep mpd
root 1751 0.0 0.3 13452 5596 ?? Is 12:26PM 0:00.24 /usr/local/sbin/mpd5 -p /var/run/mpd5.pid -b
檢查 mpd 服務是否開啟對應 Port 1723 (可參考 /etc/service) 及剛才指定 Web 觀看 VPN 狀態的 Port 5006
#sockstat | grep mpd
root mpd5 23468 15 tcp4 61.60.59.58:1723 *:*
root mpd5 23468 15 tcp4 61.60.59.58:5006 *:*
下面的指导性设计原则描述了我们的设计理念
摘自 Scheifler & Gettys: “X Window System”
http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/developers-handbook/introduction-archguide.html
最新评论