-* in /etc/ssh/sshd_config:
-** disable the DSA hostkey, so that it only does RSA
-** remove old host keys: <BR>{{{
- cd /etc/ssh/ && rm ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub
-}}}
-** disable X11 forwarding
-** Tell it to use alternate authorized_keys locations
-{{{
- | HostKey /etc/ssh/ssh_host_rsa_key
- | X11Forwarding no
- | AuthorizedKeysFile /etc/ssh/userkeys/%u
- | AuthorizedKeysFile2 /var/lib/misc/userkeys/%u
-
- vi /etc/ssh/sshd_config
- (cd / && env -i /etc/init.d/ssh restart)
-}}}
-
- * maybe link root's auth key there:
-{{{
- mkdir -p /etc/ssh/userkeys && ln -s /root/.ssh/authorized_keys /etc/ssh/userkeys/root
-}}}
-
-
-* install userdir-ldap
-{{{
- apt-get update && apt-get install userdir-ldap
-}}}
-
-
-* on draghi, add the host to /home/sshdist/.ssh/authorized_keys and generate.conf
-(you want the host's rsa host key there: {{{cat /etc/ssh/ssh_host_rsa_key.pub}}})
-{{{
- : :: draghi :: && sudo vi /home/sshdist/.ssh/authorized_keys
- : :: draghi :: && sudo vi /etc/userdir-ldap/generate.conf
-}}}
-* run generate, or wait until cron runs it for you
-{{{
- : :: draghi :: && sudo -u sshdist ud-generate
-}}}
-
-* fix nsswitch for ud fu.
-{{{
- sed -i -e 's/^passwd:\[[:space:]]\+compat$/passwd: compat db/;
- s/^group:\[[:space:]]\+compat$/group: db compat/;
- s/^shadow:\[[:space:]]\+compat$/shadow: compat db/' \
- /etc/nsswitch.conf
-}}}