Merge pull request #2 from LCTT/master

update 2015/12/04
This commit is contained in:
ivo wang 2015-12-04 15:28:10 +08:00
commit fb646ac1d8
7 changed files with 188 additions and 570 deletions

View File

@ -0,0 +1,44 @@
Let's Encrypt:Entering Public Beta
================================================================================
Were happy to announce that Lets Encrypt has entered Public Beta. Invitations are no longer needed in order to get free
certificates from Lets Encrypt.
Its time for the Web to take a big step forward in terms of security and privacy. We want to see HTTPS become the default.
Lets Encrypt was built to enable that by making it as easy as possible to get and manage certificates.
Wed like to thank everyone who participated in the Limited Beta. Lets Encrypt issued over 26,000 certificates during the
Limited Beta period. This allowed us to gain valuable insight into how our systems perform, and to be confident about moving
to Public Beta.
Wed also like to thank all of our [sponsors][1] for their support. Were happy to have announced earlier today that
[Facebook is our newest Gold sponsor][2]/
We have more work to do before were comfortable dropping the beta label entirely, particularly on the client experience.
Automation is a cornerstone of our strategy, and we need to make sure that the client works smoothly and reliably on a
wide range of platforms. Well be monitoring feedback from users closely, and making improvements as quickly as possible.
Instructions for getting a certificate with the [Lets Encrypt client][3] can be found [here][4].
[Lets Encrypt Community Support][5] is an invaluable resource for our community, we strongly recommend making use of the
site if you have any questions about Lets Encrypt.
Lets Encrypt depends on support from a wide variety of individuals and organizations. Please consider [getting involved][6]
, and if your company or organization would like to sponsor Lets Encrypt please email us at [sponsor@letsencrypt.org][7].
--------------------------------------------------------------------------------
via: https://letsencrypt.org/2015/12/03/entering-public-beta.html
作者:[Josh Aas][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://letsencrypt.org/2015/12/03/entering-public-beta.html
[1]:https://letsencrypt.org/sponsors/
[2]:https://letsencrypt.org/2015/12/03/facebook-sponsorship.html
[3]:https://github.com/letsencrypt/letsencrypt
[4]:https://letsencrypt.readthedocs.org/en/latest/
[5]:https://community.letsencrypt.org/
[6]:https://letsencrypt.org/getinvolved/
[7]:mailto:sponsor@letsencrypt.org

View File

@ -1,3 +1,4 @@
[bazz2222]
Why did you start using Linux?
================================================================================
> In today's open source roundup: What got you started with Linux? Plus: IBM's Linux only Mainframe. And why you should skip Windows 10 and go with Linux

View File

@ -1,429 +0,0 @@
Installation Guide for Puppet on Ubuntu 15.04
================================================================================
Hi everyone, today in this article we'll learn how to install puppet to manage your server infrastructure running ubuntu 15.04. Puppet is an open source software configuration management tool which is developed and maintained by Puppet Labs that allows us to automate the provisioning, configuration and management of a server infrastructure. Whether we're managing just a few servers or thousands of physical and virtual machines to orchestration and reporting, puppet automates tasks that system administrators often do manually which frees up time and mental space so sysadmins can work on improving other aspects of your overall setup. It ensures consistency, reliability and stability of the automated jobs processed. It facilitates closer collaboration between sysadmins and developers, enabling more efficient delivery of cleaner, better-designed code. Puppet is available in two solutions configuration management and data center automation. They are **puppet open source and puppet enterprise**. Puppet open source is a flexible, customizable solution available under the Apache 2.0 license, designed to help system administrators automate the many repetitive tasks they regularly perform. Whereas puppet enterprise edition is a proven commercial solution for diverse enterprise IT environments which lets us get all the benefits of open source puppet, plus puppet apps, commercial-only enhancements, supported modules and integrations, and the assurance of a fully supported platform. Puppet uses SSL certificates to authenticate communication between master and agent nodes.
In this tutorial, we will cover how to install open source puppet in an agent and master setup running ubuntu 15.04 linux distribution. Here, Puppet master is a server from where all the configurations will be controlled and managed and all our remaining servers will be puppet agent nodes, which is configured according to the configuration of puppet master server. Here are some easy steps to install and configure puppet to manage our server infrastructure running Ubuntu 15.04.
### 1. Setting up Hosts ###
In this tutorial, we'll use two machines, one as puppet master server and another as puppet node agent both running ubuntu 15.04 "Vivid Vervet" in both the machines. Here is the infrastructure of the server that we're gonna use for this tutorial.
puppet master server with IP 44.55.88.6 and hostname : puppetmaster
puppet node agent with IP 45.55.86.39 and hostname : puppetnode
Now we'll add the entry of the machines to /etc/hosts on both machines node agent and master server.
# nano /etc/hosts
45.55.88.6 puppetmaster.example.com puppetmaster
45.55.86.39 puppetnode.example.com puppetnode
Please note that the Puppet Master server must be reachable on port 8140. So, we'll need to open port 8140 in it.
### 2. Updating Time with NTP ###
As puppet nodes needs to maintain accurate system time to avoid problems when it issues agent certificates. Certificates can appear to be expired if there is time difference, the time of the both the master and the node agent must be synced with each other. To sync the time, we'll update the time with NTP. To do so, here's the command below that we need to run on both master and node agent.
# ntpdate pool.ntp.org
17 Jun 00:17:08 ntpdate[882]: adjust time server 66.175.209.17 offset -0.001938 sec
Now, we'll update our local repository index and install ntp as follows.
# apt-get update && sudo apt-get -y install ntp ; service ntp restart
### 3. Puppet Master Package Installation ###
There are many ways to install open source puppet. In this tutorial, we'll download and install a debian binary package named as **puppetlabs-release** packaged by the Puppet Labs which will add the source of the **puppetmaster-passenger** package. The puppetmaster-passenger includes the puppet master with apache web server. So, we'll now download the Puppet Labs package.
# cd /tmp/
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
--2015-06-17 00:19:26-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7384 (7.2K) [application/x-debian-package]
Saving to: puppetlabs-release-trusty.deb
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.06s
2015-06-17 00:19:26 (130 KB/s) - puppetlabs-release-trusty.deb saved [7384/7384]
After the download has been completed, we'll wanna install the package.
# dpkg -i puppetlabs-release-trusty.deb
Selecting previously unselected package puppetlabs-release.
(Reading database ... 85899 files and directories currently installed.)
Preparing to unpack puppetlabs-release-trusty.deb ...
Unpacking puppetlabs-release (1.0-11) ...
Setting up puppetlabs-release (1.0-11) ...
Then, we'll update the local respository index with the server using apt package manager.
# apt-get update
Then, we'll install the puppetmaster-passenger package by running the below command.
# apt-get install puppetmaster-passenger
**Note**: While installing we may get an error **Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')** but we no need to worry, we'll just simply ignore this as it says that the templatedir is deprecated so, we'll simply disbale that setting in the configuration. :)
To check whether puppetmaster has been installed successfully in our Master server not not, we'll gonna try to check its version.
# puppet --version
3.8.1
We have successfully installed puppet master package in our puppet master box. As we are using passenger with apache, the puppet master process is controlled by apache server, that means it runs when apache is running.
Before continuing, we'll need to stop the Puppet master by stopping the apache2 service.
# systemctl stop apache2
### 4. Master version lock with Apt ###
As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a new file **/etc/apt/preferences.d/00-puppet.pref** using our favorite text editor.
# nano /etc/apt/preferences.d/00-puppet.pref
Then, we'll gonna add the entries in the newly created file as:
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common puppetmaster-passenger
Pin: version 3.8*
Pin-Priority: 501
Now, it will not update the puppet while running updates in the system.
### 5. Configuring Puppet Config ###
Puppet master acts as a certificate authority and must generate its own certificates which is used to sign agent certificate requests. First of all, we'll need to remove any existing SSL certificates that were created during the installation of package. The default location of puppet's SSL certificates is /var/lib/puppet/ssl. So, we'll remove the entire ssl directory using rm command.
# rm -rf /var/lib/puppet/ssl
Then, we'll configure the certificate. While creating the puppet master's certificate, we need to include every DNS name at which agent nodes can contact the master at. So, we'll edit the master's puppet.conf using our favorite text editor.
# nano /etc/puppet/puppet.conf
The output seems as shown below.
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN
ssl_client_verify_header = SSL_CLIENT_VERIFY
Here, we'll need to comment the templatedir line to disable the setting as it has been already depreciated. After that, we'll add the following line at the end of the file under [main].
server = puppetmaster
environment = production
runinterval = 1h
strict_variables = true
certname = puppetmaster
dns_alt_names = puppetmaster, puppetmaster.example.com
This configuration file has many options which might be useful in order to setup own configuration. A full description of the file is available at Puppet Labs [Main Config File (puppet.conf)][1].
After editing the file, we'll wanna save that and exit.
Now, we'll gonna generate a new CA certificates by running the following command.
# puppet master --verbose --no-daemonize
Info: Creating a new SSL key for ca
Info: Creating a new SSL certificate request for ca
Info: Certificate Request fingerprint (SHA256): F6:2F:69:89:BA:A5:5E:FF:7F:94:15:6B:A7:C4:20:CE:23:C7:E3:C9:63:53:E0:F2:76:D7:2E:E0:BF:BD:A6:78
...
Notice: puppetmaster has a waiting certificate request
Notice: Signed certificate request for puppetmaster
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/ca/requests/puppetmaster.pem'
Notice: Removing file Puppet::SSL::CertificateRequest puppetmaster at '/var/lib/puppet/ssl/certificate_requests/puppetmaster.pem'
Notice: Starting Puppet master version 3.8.1
^CNotice: Caught INT; storing stop
Notice: Processing stop
Now, the certificate is being generated. Once we see **Notice: Starting Puppet master version 3.8.1**, the certificate setup is complete. Then we'll press CTRL-C to return to the shell.
If we wanna look at the cert information of the certificate that was just created, we can get the list by running in the following command.
# puppet cert list -all
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
### 6. Creating a Puppet Manifest ###
The default location of the main manifest is /etc/puppet/manifests/site.pp. The main manifest file contains the definition of configuration that is used to execute in the puppet node agent. Now, we'll create the manifest file by running the following command.
# nano /etc/puppet/manifests/site.pp
Then, we'll add the following lines of configuration in the file that we just opened.
# execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
}
# install apache2 package
package { 'apache2':
require => Exec['apt-update'], # require 'apt-update' before installing
ensure => installed,
}
# ensure apache2 service is running
service { 'apache2':
ensure => running,
}
The above lines of configuration are responsible for the deployment of the installation of apache web server across the node agent.
### 7. Starting Master Service ###
We are now ready to start the puppet master. We can start it by running the apache2 service.
# systemctl start apache2
Here, our puppet master is running, but it isn't managing any agent nodes yet. Now, we'll gonna add the puppet node agents to the master.
**Note**: If you get an error **Job for apache2.service failed. See "systemctl status apache2.service" and "journalctl -xe" for details.** then it must be that there is some problem with the apache server. So, we can see the log what exactly has happened by running **apachectl start** under root or sudo mode. Here, while performing this tutorial, we got a misconfiguration of the certificates under **/etc/apache2/sites-enabled/puppetmaster.conf** file. We replaced **SSLCertificateFile /var/lib/puppet/ssl/certs/server.pem with SSLCertificateFile /var/lib/puppet/ssl/certs/puppetmaster.pem** and commented **SSLCertificateKeyFile** line. Then we'll need to rerun the above command to run apache server.
### 8. Puppet Agent Package Installation ###
Now, as we have our puppet master ready and it needs an agent to manage, we'll need to install puppet agent into the nodes. We'll need to install puppet agent in every nodes in our infrastructure we want puppet master to manage. We'll need to make sure that we have added our node agents in the DNS. Now, we'll gonna install the latest puppet agent in our agent node ie. puppetnode.example.com .
We'll run the following command to download the Puppet Labs package in our puppet agent nodes.
# cd /tmp/
# wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb\
--2015-06-17 00:54:42-- https://apt.puppetlabs.com/puppetlabs-release-trusty.deb
Resolving apt.puppetlabs.com (apt.puppetlabs.com)... 192.155.89.90, 2600:3c03::f03c:91ff:fedb:6b1d
Connecting to apt.puppetlabs.com (apt.puppetlabs.com)|192.155.89.90|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7384 (7.2K) [application/x-debian-package]
Saving to: puppetlabs-release-trusty.deb
puppetlabs-release-tr 100%[===========================>] 7.21K --.-KB/s in 0.04s
2015-06-17 00:54:42 (162 KB/s) - puppetlabs-release-trusty.deb saved [7384/7384]
Then, as we're running ubuntu 15.04, we'll use debian package manager to install it.
# dpkg -i puppetlabs-release-trusty.deb
Now, we'll gonna update the repository index using apt-get.
# apt-get update
Finally, we'll gonna install the puppet agent directly from the remote repository.
# apt-get install puppet
Puppet agent is always disabled by default, so we'll need to enable it. To do so we'll need to edit /etc/default/puppet file using a text editor.
# nano /etc/default/puppet
Then, we'll need to change value of **START** to "yes" as shown below.
START=yes
Then, we'll need to save and exit the file.
### 9. Agent Version Lock with Apt ###
As We have puppet version as 3.8.1, we need to lock the puppet version update as this will mess up the configurations while updating the puppet. So, we'll use apt's locking feature for that. To do so, we'll need to create a file /etc/apt/preferences.d/00-puppet.pref using our favorite text editor.
# nano /etc/apt/preferences.d/00-puppet.pref
Then, we'll gonna add the entries in the newly created file as:
# /etc/apt/preferences.d/00-puppet.pref
Package: puppet puppet-common
Pin: version 3.8*
Pin-Priority: 501
Now, it will not update the Puppet while running updates in the system.
### 10. Configuring Puppet Node Agent ###
Next, We must make a few configuration changes before running the agent. To do so, we'll need to edit the agent's puppet.conf
# nano /etc/puppet/puppet.conf
It will look exactly like the Puppet master's initial configuration file.
This time also we'll comment the **templatedir** line. Then we'll gonna delete the [master] section, and all of the lines below it.
Assuming that the puppet master is reachable at "puppet-master", the agent should be able to connect to the master. If not we'll need to use its fully qualified domain name ie. puppetmaster.example.com .
[agent]
server = puppetmaster.example.com
certname = puppetnode.example.com
After adding this, it will look alike this.
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
#templatedir=$confdir/templates
[agent]
server = puppetmaster.example.com
certname = puppetnode.example.com
After done with that, we'll gonna save and exit it.
Next, we'll wanna start our latest puppet agent in our Ubuntu 15.04 nodes. To start our puppet agent, we'll need to run the following command.
# systemctl start puppet
If everything went as expected and configured properly, we should not see any output displayed by running the above command. When we run an agent for the first time, it generates an SSL certificate and sends a request to the puppet master then if the master signs the agent's certificate, it will be able to communicate with the agent node.
**Note**: If you are adding your first node, it is recommended that you attempt to sign the certificate on the puppet master before adding your other agents. Once you have verified that everything works properly, then you can go back and add the remaining agent nodes further.
### 11. Signing certificate Requests on Master ###
While puppet agent runs for the first time, it generates an SSL certificate and sends a request for signing to the master server. Before the master will be able to communicate and control the agent node, it must sign that specific agent node's certificate.
To get the list of the certificate requests, we'll run the following command in the puppet master server.
# puppet cert list
"puppetnode.example.com" (SHA256) 31:A1:7E:23:6B:CD:7B:7D:83:98:33:8B:21:01:A6:C4:01:D5:53:3D:A0:0E:77:9A:77:AE:8F:05:4A:9A:50:B2
As we just setup our first agent node, we will see one request. It will look something like the following, with the agent node's Domain name as the hostname.
Note that there is no + in front of it which indicates that it has not been signed yet.
Now, we'll go for signing a certification request. In order to sign a certification request, we should simply run **puppet cert sign** with the **hostname** as shown below.
# puppet cert sign puppetnode.example.com
Notice: Signed certificate request for puppetnode.example.com
Notice: Removing file Puppet::SSL::CertificateRequest puppetnode.example.com at '/var/lib/puppet/ssl/ca/requests/puppetnode.example.com.pem'
The Puppet master can now communicate and control the node that the signed certificate belongs to.
If we want to sign all of the current requests, we can use the -all option as shown below.
# puppet cert sign --all
### Removing a Puppet Certificate ###
If we wanna remove a host from it or wanna rebuild a host then add it back to it. In this case, we will want to revoke the host's certificate from the puppet master. To do this, we will want to use the clean action as follows.
# puppet cert clean hostname
Notice: Revoked certificate with serial 5
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/ca/signed/puppetnode.example.com.pem'
Notice: Removing file Puppet::SSL::Certificate puppetnode.example.com at '/var/lib/puppet/ssl/certs/puppetnode.example.com.pem'
If we want to view all of the requests signed and unsigned, run the following command:
# puppet cert list --all
+ "puppetmaster" (SHA256) 33:28:97:86:A1:C3:2F:73:10:D1:FB:42:DA:D5:42:69:71:84:F0:E2:8A:01:B9:58:38:90:E4:7D:B7:25:23:EC (alt names: "DNS:puppetmaster", "DNS:puppetmaster.example.com")
### 12. Deploying a Puppet Manifest ###
After we configure and complete the puppet manifest, we'll wanna deploy the manifest to the agent nodes server. To apply and load the main manifest we can simply run the following command in the agent node.
# puppet agent --test
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for puppetnode.example.com
Info: Applying configuration version '1434563858'
Notice: /Stage[main]/Main/Exec[apt-update]/returns: executed successfully
Notice: Finished catalog run in 10.53 seconds
This will show us all the processes how the main manifest will affect a single server immediately.
If we wanna run a puppet manifest that is not related to the main manifest, we can simply use puppet apply followed by the manifest file path. It only applies the manifest to the node that we run the apply from.
# puppet apply /etc/puppet/manifest/test.pp
### 13. Configuring Manifest for a Specific Node ###
If we wanna deploy a manifest only to a specific node then we'll need to configure the manifest as follows.
We'll need to edit the manifest on the master server using a text editor.
# nano /etc/puppet/manifest/site.pp
Now, we'll gonna add the following lines there.
node 'puppetnode', 'puppetnode1' {
# execute 'apt-get update'
exec { 'apt-update': # exec resource named 'apt-update'
command => '/usr/bin/apt-get update' # command this resource will run
}
# install apache2 package
package { 'apache2':
require => Exec['apt-update'], # require 'apt-update' before installing
ensure => installed,
}
# ensure apache2 service is running
service { 'apache2':
ensure => running,
}
}
Here, the above configuration will install and deploy the apache web server only to the two specified nodes having shortname puppetnode and puppetnode1. We can add more nodes that we need to get deployed with the manifest specifically.
### 14. Configuring Manifest with a Module ###
Modules are useful for grouping tasks together, they are many available in the Puppet community which anyone can contribute further.
On the puppet master, we'll gonna install the **puppetlabs-apache** module using the puppet module command.
# puppet module install puppetlabs-apache
**Warning**: Please do not use this module on an existing apache setup else it will purge your apache configurations that are not managed by puppet.
Now we'll gonna edit the main manifest ie **site.pp** using a text editor.
# nano /etc/puppet/manifest/site.pp
Now add the following lines to install apache under puppetnode.
node 'puppet-node' {
class { 'apache': } # use apache module
apache::vhost { 'example.com': # define vhost resource
port => '80',
docroot => '/var/www/html'
}
}
Then we'll wanna save and exit it. Then, we'll wanna rerun the manifest to deploy the configuration to the agents for our infrastructure.
### Conclusion ###
Finally we have successfully installed puppet to manage our Server Infrastructure running Ubuntu 15.04 "Vivid Vervet" linux operating system. We learned how puppet works, configure a manifest configuration, communicate with nodes and deploy the manifest on the agent nodes with secure SSL certification. Controlling, managing and configuring repeated task in several N number of nodes is very easy with puppet open source software configuration management tool. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/linux-how-to/install-puppet-ubuntu-15-04/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/
[1]:https://docs.puppetlabs.com/puppet/latest/reference/config_file_main.html

View File

@ -1,3 +1,4 @@
translated by iov-wang
How to Install OsTicket Ticketing System in Fedora 22 / Centos 7
================================================================================
In this article, we'll learn how to setup help desk ticketing system with osTicket in our machine or server running Fedora 22 or CentOS 7 as operating system. osTicket is a free and open source popular customer support ticketing system developed and maintained by [Enhancesoft][1] and its contributors. osTicket is the best solution for help and support ticketing system and management for better communication and support assistance with clients and customers. It has the ability to easily integrate with inquiries created via email, phone and web based forms into a beautiful multi-user web interface. osTicket makes us easy to manage, organize and log all our support requests and responses in one single place. It is a simple, lightweight, reliable, open source, web-based and easy to setup and use help desk ticketing system.

View File

@ -1,139 +0,0 @@
wyangsun translating
How to use Mutt email client with encrypted passwords
================================================================================
Mutt is an open-source email client written for Linux/UNIX terminal environment. Together with [Alpine][1], Mutt has the most devoted followers among Linux command-line enthusiasts, and for good reasons. Think of anything you expect from an email client, and Mutt has it: multi-protocol support (e.g., POP3, IMAP and SMTP), S/MIME and PGP/GPG integration, threaded conversation, color coding, customizable macros/keybindings, and so on. Besides, terminal-based Mutt is a lightweight alternative for accessing emails compared to bulky web browser-based (e.g., Gmail, Ymail) or GUI-based email clients (e.g., Thunderbird, MS Outlook).
When you want to use Mutt to access or send emails via corporate SMTP/IMAP servers or replace web mail services, one concern you may have is how to protect your email credentials (e.g., SMTP/IMAP passwords) stored in a plain-text Mutt configuration file (~/.muttrc).
For those who are security-conscious, there is actually an easy way to **encrypt Mutt configuration** to prevent such risk. In this tutorial, I describe how you can encrypt sensitive Mutt configuration such as SMTP/IMAP passwords using GnuPG (GPG), an open-source implementation of OpenPGP.
### Step One (Optional): Create GPG Key ###
Since we are going to use GPG to encrypt Mutt configuration, the first step is to create a GPG key (public/private keypair) if you don't have one. If you do, skip this step.
To create a new GPG key, type the following.
$ gpg --gen-key
Choose the key type (RSA), keysize (2048 bits), and expiration date (0: no expiration). When prompted for a user ID, type your name (Dan Nanni) and email address (myemail@email.com) to be associated with the private/public keypair. Finally, type a passphrase to protect your private key.
![](https://c2.staticflickr.com/6/5726/22808727824_7735f11157_c.jpg)
Generating a GPG key requires a lot of random bytes for entropy, so make sure to perform some random actions on your system (e.g., type on a keyboard, move a mouse or read/write a disk) during key generation. Depending on keysize, it may take a few minutes or more to generate a GPG key.
![](https://c1.staticflickr.com/1/644/23328597612_6ac5a29944_c.jpg)
### Step Two: Encrypt Sensitive Mutt Configuration ###
Next, create a new text file in ~/.mutt directory, and put in the file any sensitive Mutt configuration you want to hide. In this example, I specify SMTP/IMAP passwords.
$ mkdir ~/.mutt
$ vi ~/.mutt/password
----------
set smtp_pass="XXXXXXX"
set imap_pass="XXXXXXX"
Now encrypt this file with gpg using your public key as follows.
$ gpg -r myemail@email.com -e ~/.mutt/password
This will create ~/.mutt/password.gpg, which is a GPG-encrypted version of the original file.
Go ahead and remove ~/.mutt/password, leaving only the GPG-encrypted version.
### Step Three: Create Full Mutt Configuration ###
Now that you have encrypted sensitive Mutt configuration in a separate file, you can specify the rest of your Mutt configuration in ~/.muttrc. Then add the following line at the end of ~/.muttrc.
source "gpg -d ~/.mutt/password.gpg |"
This line will decrypt ~/.mutt/password.gpg when you launch Mutt, and apply the decrypted content to your Mutt configuration.
The following shows an example of full Mutt configuration which allows you to access Gmail with Mutt, without revealing your SMTP/IMAP passwords. Replace yourgmailaccount with your Gmail ID.
set from = "yourgmailaccount@gmail.com"
set realname = "Your Name"
set smtp_url = "smtp://yourgmailaccount@smtp.gmail.com:587/"
set imap_user = "yourgmailaccount@gmail.com"
set folder = "imaps://imap.gmail.com:993"
set spoolfile = "+INBOX"
set postponed = "+[Google Mail]/Drafts"
set trash = "+[Google Mail]/Trash"
set header_cache =~/.mutt/cache/headers
set message_cachedir =~/.mutt/cache/bodies
set certificate_file =~/.mutt/certificates
set move = no
set imap_keepalive = 900
# encrypted IMAP/SMTP passwords
source "gpg -d ~/.mutt/password.gpg |"
### Step Four (Optional): Configure GPG-agent ###
At this point, you will be able to use Mutt with encrypted IMAP/SMTP passwords. However, every time you launch Mutt, you will first be prompted to enter a GPG passphrase in order to decrypt IMAP/SMTP passwords using your private key.
![](https://c2.staticflickr.com/6/5667/23437064775_20c874940f_c.jpg)
If you want to avoid such GPG passphrase prompts, you can set up gpg-agent. Running as a daemon, gpg-agent securely caches your GPG passphrase, so that gpg automatically obtains your GPG passphrase from gpg-agent without you typing it manually. If you are using Linux desktop, you can use desktop-specific ways to configure something equivalent to gpg-agent, for example, gnome-keyring-daemon for GNOME desktop.
You can install gpg-agent on Debian-based systems with:
$ sudo apt-get install gpg-agent
gpg-agent comes pre-installed on Red Hat based systems.
Now add the following to your .bashrc file.
envfile="$HOME/.gnupg/gpg-agent.env"
if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
eval "$(cat "$envfile")"
else
eval "$(gpg-agent --daemon --allow-preset-passphrase --write-env-file "$envfile")"
fi
export GPG_AGENT_INFO
Reload .bashrc, or simply log out and log back in.
$ source ~/.bashrc
Now confirm that GPG_AGENT_INFO environment variable is set properly.
$ echo $GPG_AGENT_INFO
----------
/tmp/gpg-0SKJw8/S.gpg-agent:942:1
Also, when you type gpg-agent command, you should see the following message.
$ gpg-agent
----------
gpg-agent: gpg-agent running and available
Once gpg-agent is up and running, it will cache your GPG passphrase the first time you type it at the passphrase prompt. Subsequently when you launch Mutt multiple times, you won't be prompted for a GPG passphrase (as long as gpg-agent is up and the cache entry does not expire).
![](https://c1.staticflickr.com/1/664/22809928093_3be57698ce_c.jpg)
### Conclusion ###
In this tutorial, I presented a way to encrypt sensitive Mutt configuration such as SMTP/IMAP passwords using GnuPG. Note that if you want to use GnuPG within Mutt to encrypt or sign your email message, you can refer to the [official guide][2] on using GPG with Mutt.
If you know of any security tips for using Mutt, feel free to share it.
--------------------------------------------------------------------------------
via: http://xmodulo.com/mutt-email-client-encrypted-passwords.html
作者:[Dan Nanni][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://xmodulo.com/gmail-command-line-linux-alpine.html
[2]:http://dev.mutt.org/trac/wiki/MuttGuide/UseGPG

View File

@ -1,3 +1,5 @@
Vic020
How to use the Linux ftp command to up- and download files on the shell
================================================================================
In this tutorial, I will explain how to use the Linux ftp command on the shell. I will show you how to connect to an FTP server, up- and download files and create directories. While there are many nice desktops FTP clients available, the FTP command is still useful when you work remotely on a server over an SSH session and e.g. want to fetch a backup file from your FTP storage.

View File

@ -0,0 +1,138 @@
如何使用加密过密码的Mutt邮件客户端
================================================================================
Mutt是一个开源的Linux/UNIX终端环境下的邮件客户端。连同[Alpine][1]Mutt有充分的理由在Linux命令行热衷者中有最忠诚的追随者。想一下你对邮件客户端的期待的事情Mutt拥有多协议支持e.g., POP3, IMAP and SMTPS/MIME和PGP/GPG集成线程会话颜色编码可定制宏/快捷键等等。另外基于命令行的Mutt相比笨重的web浏览器GmailYmail或可视化邮件客户端ThunderbirdMS Outlook是一个轻量访问电子邮件的选择。
当你想使用Mutt通过公司的SMTP/IMAP服务器访问或发送邮件或取代网页邮件服务可能所关心的一个问题是如何保护您的邮件凭据SMTP/IMAP密码存储在一个纯文本Mutt配置文件~/.muttrc
对于一些人安全的担忧,确实有一个容易的方法来**加密Mutt配置文件***防止这种风险。在这个教程中我描述了如何加密Mutt敏感配置比如SMTP/IMAP密码使用GnuPGGPG一个开源的OpenPGP实现。
### 第一步 可选创建GPG密钥 ###
因为我们将要使用GPG加密Mutt配置文件如果你没有第一步就是创建一个GPG密钥公有/私有 密钥对)。如果有,忽略这步。
创建一个新GPG密钥输入下面的。
$ gpg --gen-key
选择密钥类型RSA密钥长度2048 bits和过期时间0不过期。当出现用户ID提示时输入你的名字Dan Nanni 和邮箱地址myemail@email.com关联到私有/公有密钥对。最后,输入一个密码来保护你的私钥。
![](https://c2.staticflickr.com/6/5726/22808727824_7735f11157_c.jpg)
生成一个GPG密钥需要大量的随机字节熵所以在生成密钥期间确保在你的系统上执行一些随机行为打键盘移动鼠标或者读写磁盘。根据密钥长度决定生成GPG密钥要花几分钟或更多时间。
![](https://c1.staticflickr.com/1/644/23328597612_6ac5a29944_c.jpg)
### 第二部加密Mutt敏感配置 ###
下一步,在~/.mutt目录创建一个新的文本文件然后把一些你想隐藏的Mutt敏感配置放进去。这个例子里我指定了SMTP/IMAP密码。
$ mkdir ~/.mutt
$ vi ~/.mutt/password
----------
set smtp_pass="XXXXXXX"
set imap_pass="XXXXXXX"
现在gpg用你的公钥加密这个文件如下。
$ gpg -r myemail@email.com -e ~/.mutt/password
这将创建~/.mutt/password.gpg这个是一个GPG加密原始版本文件。
继续删除~/.mutt/password只保留GPG加密版本。
### 第三部创建完整Mutt配置文件 ###
由于你已经在一个单独的文件加密了Mutt敏感配置你可以在~/.muttrc指定其余的Mutt配置。然后增加下面这行在~/.muttrc末尾。
source "gpg -d ~/.mutt/password.gpg |"
当你使用Mutt这行将解密~/.mutt/password.gpg然后将解密内容应用到你的Mutt配置。
下面展示一个完整Mutt配置例子这允许你用Mutt访问Gmail没有暴露你的SMTP/IMAP密码。取代你用Gmail ID登陆你的账户。
set from = "yourgmailaccount@gmail.com"
set realname = "Your Name"
set smtp_url = "smtp://yourgmailaccount@smtp.gmail.com:587/"
set imap_user = "yourgmailaccount@gmail.com"
set folder = "imaps://imap.gmail.com:993"
set spoolfile = "+INBOX"
set postponed = "+[Google Mail]/Drafts"
set trash = "+[Google Mail]/Trash"
set header_cache =~/.mutt/cache/headers
set message_cachedir =~/.mutt/cache/bodies
set certificate_file =~/.mutt/certificates
set move = no
set imap_keepalive = 900
# encrypted IMAP/SMTP passwords
source "gpg -d ~/.mutt/password.gpg |"
### 第四部可选配置GPG代理 ###
这时候你将可以使用加密了IMAP/SMTP密码的Mutt。无论如何每次你运行Mutt你都要先被提示输入一个GPG密码来使用你的私钥解密IMAP/SMTP密码。
![](https://c2.staticflickr.com/6/5667/23437064775_20c874940f_c.jpg)
如果你想避免这样的GPG密码提示你可以部署gpg代理。运行一个后台程序gpg代理安全的缓存你的GPG密码无需手工干预gpg自动从gpg代理获得你的GPG密码。如果你正在使用Linux桌面你可以使用桌面特定方式来配置一些东西等价于gpg代理例如GNOME桌面的gnome-keyring-daemon。
你可以在基于Debian系统安装gpg代理
$ sudo apt-get install gpg-agent
gpg代理是基于Red Hat系统预装的。
现在增加下面这些道你的.bashrc文件。
envfile="$HOME/.gnupg/gpg-agent.env"
if [[ -e "$envfile" ]] && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then
eval "$(cat "$envfile")"
else
eval "$(gpg-agent --daemon --allow-preset-passphrase --write-env-file "$envfile")"
fi
export GPG_AGENT_INFO
重载.bashrc或单纯的登出然后登陆回来。
$ source ~/.bashrc
现在确认GPG_AGENT_INFO环境变量已经设置妥当。
$ echo $GPG_AGENT_INFO
----------
/tmp/gpg-0SKJw8/S.gpg-agent:942:1
并且当你输入gpg-agent命令时你应该看到下面的信息。
$ gpg-agent
----------
gpg-agent: gpg-agent running and available
一旦gpg-agent启动运行它将会在第一次提示你输入密码时缓存你的GPG密码。随后你运行Mutt多次你将不会被提示要GPG密码gpg-agent一直开着缓存就不会过期
![](https://c1.staticflickr.com/1/664/22809928093_3be57698ce_c.jpg)
### 结论 ###
在这个指导里我提出一个方法加密Mutt敏感配置如SMTP/IMAP密码使用GnuPG。注意如果你想在Mutt上使用GnuPG或者登陆你的邮件信息你可以参考[官方指南][2]在使用GPG与Mutt结合。
如果你知道任何使用Mutt的安全技巧随时分享他。
--------------------------------------------------------------------------------
via: http://xmodulo.com/mutt-email-client-encrypted-passwords.html
作者:[Dan Nanni][a]
译者:[wyangsun](https://github.com/wyangsun)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://xmodulo.com/gmail-command-line-linux-alpine.html
[2]:http://dev.mutt.org/trac/wiki/MuttGuide/UseGPG