user=bar
target=~/.paraslash/server.users
- key=~/.paraslash/key.pub.$user
+ key=~/.paraslash/id_rsa.pub.$user
perms=AFS_READ,AFS_WRITE,VSS_READ,VSS_WRITE
mkdir -p ~/.paraslash
echo "user $user $key $perms" >> $target
Next, change to the "bar" account on client_host and generate the
key pair with the commands
- key=~/.paraslash/key.$LOGNAME
- mkdir -p ~/.paraslash
- (umask 077 && openssl genrsa -out $key 2048)
+ ssh-keygen -t rsa -b 2048
+ # hit enter twice to create a key with no passphrase
-para_server only needs to know the public key of the key pair just
-created. It can be extracted with
+This generates the two files id_rsa and id_rsa.pub in ~/.ssh. Note
+that paraslash can also read keys generated by the "openssl genrsa"
+command. However, since keys created with ssh-keygen can also be used
+for ssh, this method is recommended.
- pubkey=~/.paraslash/key.pub.$LOGNAME
- openssl rsa -in $key -pubout -out $pubkey
+Note that para_server refuses to use a key if it is shorter than 2048
+bits. In particular, the RSA keys of paraslash 0.3.x will not work
+with version 0.4.x. Moreover, para_client refuses to use a (private)
+key which is world-readable.
-Copy the public key just created to server_host (you may skip this step
-for a single-user setup, i.e. if foo=bar and server_host=client_host):
+para_server only needs to know the public key of the key pair just
+created. Copy this public key to server_host:
- scp $pubkey foo@server_host:.paraslash/
+ src=~/.ssh/id_rsa.pub
+ dest=.paraslash/id_rsa.pub.$LOGNAME
+ scp $src foo@server_host:$dest
Finally, tell para_client to connect to server_host:
contains in the third column the permissions needed to execute the
command.
-A new RSA key can be created with
-
- openssl genrsa -out <private_key> 2048
-
-and the public part may be extracted with
-
- openssl rsa -in <private_key> -pubout -out <public_key>
-
-Note that para_server refuses to use a key if it is shorter than 2048
-bits. In particular, the RSA keys of paraslash 0.3.x will not work
-with version 0.4.x. Moreover, para_client refuses to use a (private)
-key which is world-readable.
-
It is possible to make para_server reread the user_list file by
executing the paraslash "hup" command or by sending SIGHUP to the
PID of para_server.
FEC parameters: The slice size, the number of data slices k, and the
total number of slices n. It is crucial to choose the slice size
such that no fragmentation of network packets takes place because
-FEC only guards against losses and reodering but fails if slices are
+FEC only guards against losses and reordering but fails if slices are
received partially.
FEC decoding in paralash is performed through the fecdec filter which
protocol, only minimal internal state about the connection is
maintained, which means that there is no protection against packet
loss or network congestion. Error checking and correction (if at all)
-are performed in the application.'
+are performed in the application.
*DCCP*. The _Datagram Congestion Control Protocol_ combines the
connection-oriented state maintenance known from TCP with the