From 91e0245f8708c1c73141aaa45cbd1022999c783a Mon Sep 17 00:00:00 2001 From: Pete Travis Date: Sun, 18 May 2014 12:21:38 -0600 Subject: Using procedure instead of list in libvirt user instructions refreshing POTs adding .tx to repo for convenience. When new files are added, do: `create-tx-configuration` `publican update-pot` `git add pot .tx` `git commit -m "refreshing POTs" --- .tx/config | 117 +++++++++++++ .../Access_To_libvirt_Without_root.xml | 24 +-- pot/Author_Group.pot | 4 +- pot/Book_Info.pot | 4 +- pot/Cloud.pot | 4 +- pot/Communications.pot | 4 +- pot/Creating_GPG_Keys.pot | 96 +++++++++++ pot/Documenting_Fedora.pot | 4 +- pot/Documenting_Fedora/writing_recipes.pot | 4 +- pot/GPG.pot | 24 +++ pot/Multimedia.pot | 4 +- pot/Networking.pot | 4 +- pot/Preface.pot | 4 +- pot/Revision_History.pot | 4 +- pot/Security.pot | 4 +- pot/Security/ssh-keygen.pot | 183 +++++++++++++++++++++ pot/Security/ssh-proxy.pot | 170 +++++++++++++++++++ pot/Storage.pot | 4 +- pot/Virtualization.pot | 4 +- .../Access_To_libvirt_Without_root.pot | 127 ++++++++++++++ pot/git/secure-git-pull.pot | 182 ++++++++++++++++++++ 21 files changed, 937 insertions(+), 38 deletions(-) create mode 100644 .tx/config create mode 100644 pot/Creating_GPG_Keys.pot create mode 100644 pot/GPG.pot create mode 100644 pot/Security/ssh-keygen.pot create mode 100644 pot/Security/ssh-proxy.pot create mode 100644 pot/Virtualization/Access_To_libvirt_Without_root.pot create mode 100644 pot/git/secure-git-pull.pot diff --git a/.tx/config b/.tx/config new file mode 100644 index 0000000..2792856 --- /dev/null +++ b/.tx/config @@ -0,0 +1,117 @@ +[main] +host = https://www.transifex.com +lang_map = aln:aln-AL, ar:ar-SA, ast:ast-ES, as:as-IN, bal:bal-PK, bg:bg-BG, bn:bn-BD, bn_IN:bn-IN, bs:bs-BA, ca:ca-ES, cs:cs-CZ, da:da-DK, de_CH:de-CH, de:de-DE, el:el-GR, en_GB:en-GB, es:es-ES, et:et-EE, eu:eu-ES, fa:fa-IR, fi:fi-FI, fr:fr-FR, gl:gl-ES, gu:gu-IN, he:he-IL, hi:hi-IN, hr:hr-HR, hu:hu-HU, id:id-ID, is:is-IS, it:it-IT, ja:ja-JP, kn:kn-IN, ko:ko-KR, lt:lt-LT, lv:lv-LV, mai:mai-IN, ml:ml-IN, mr:mr-IN, ms:ms-MY, nb:nb-NO, nds:nds-DE, nl:nl-NL, nn:nn-NO, or:or-IN, pa:pa-IN, pl:pl-PL, pt_BR:pt-BR, pt:pt-PT, ro:ro-RO, ru:ru-RU, si:si-LK, sk:sk-SK, sl:sl-SI, sq:sq-AL, sr:sr-RS, sr@latin:sr-Latn-RS, sv:sv-SE, ta:ta-IN, te:te-IN, tg:tg-TJ, tr:tr-TR, uk:uk-UA, ur:ur-PK, vi:vi-VN, zh_CN:zh-CN, zh_HK:zh-HK, zh_TW:zh-TW + +[fedora-cookbook.Communications] +file_filter = /Communications.po +source_file = pot/Communications.pot +source_lang = en +type = PO + +[fedora-cookbook.Security] +file_filter = /Security.po +source_file = pot/Security.pot +source_lang = en +type = PO + +[fedora-cookbook.Storage] +file_filter = /Storage.po +source_file = pot/Storage.pot +source_lang = en +type = PO + +[fedora-cookbook.Multimedia] +file_filter = /Multimedia.po +source_file = pot/Multimedia.pot +source_lang = en +type = PO + +[fedora-cookbook.Virtualization] +file_filter = /Virtualization.po +source_file = pot/Virtualization.pot +source_lang = en +type = PO + +[fedora-cookbook.Revision_History] +file_filter = /Revision_History.po +source_file = pot/Revision_History.pot +source_lang = en +type = PO + +[fedora-cookbook.Documenting_Fedora] +file_filter = /Documenting_Fedora.po +source_file = pot/Documenting_Fedora.pot +source_lang = en +type = PO + +[fedora-cookbook.Creating_GPG_Keys] +file_filter = /Creating_GPG_Keys.po +source_file = pot/Creating_GPG_Keys.pot +source_lang = en +type = PO + +[fedora-cookbook.Author_Group] +file_filter = /Author_Group.po +source_file = pot/Author_Group.pot +source_lang = en +type = PO + +[fedora-cookbook.Preface] +file_filter = /Preface.po +source_file = pot/Preface.pot +source_lang = en +type = PO + +[fedora-cookbook.Cloud] +file_filter = /Cloud.po +source_file = pot/Cloud.pot +source_lang = en +type = PO + +[fedora-cookbook.GPG] +file_filter = /GPG.po +source_file = pot/GPG.pot +source_lang = en +type = PO + +[fedora-cookbook.Book_Info] +file_filter = /Book_Info.po +source_file = pot/Book_Info.pot +source_lang = en +type = PO + +[fedora-cookbook.Networking] +file_filter = /Networking.po +source_file = pot/Networking.pot +source_lang = en +type = PO + +[fedora-cookbook.ssh-keygen] +file_filter = /Security/ssh-keygen.po +source_file = pot/Security/ssh-keygen.pot +source_lang = en +type = PO + +[fedora-cookbook.ssh-proxy] +file_filter = /Security/ssh-proxy.po +source_file = pot/Security/ssh-proxy.pot +source_lang = en +type = PO + +[fedora-cookbook.writing_recipes] +file_filter = /Documenting_Fedora/writing_recipes.po +source_file = pot/Documenting_Fedora/writing_recipes.pot +source_lang = en +type = PO + +[fedora-cookbook.Access_To_libvirt_Without_root] +file_filter = /Virtualization/Access_To_libvirt_Without_root.po +source_file = pot/Virtualization/Access_To_libvirt_Without_root.pot +source_lang = en +type = PO + +[fedora-cookbook.secure-git-pull] +file_filter = /git/secure-git-pull.po +source_file = pot/git/secure-git-pull.pot +source_lang = en +type = PO diff --git a/en-US/Virtualization/Access_To_libvirt_Without_root.xml b/en-US/Virtualization/Access_To_libvirt_Without_root.xml index 3109fb3..2c826e0 100644 --- a/en-US/Virtualization/Access_To_libvirt_Without_root.xml +++ b/en-US/Virtualization/Access_To_libvirt_Without_root.xml @@ -32,8 +32,8 @@ email: ignatenkobrain@fedoraproject.org
Create polkit policy for libvirt - - + + Create polkit policy for libvirt: @@ -42,8 +42,8 @@ email: ignatenkobrain@fedoraproject.org touch /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla - - + + Open the policy file in an editor. @@ -52,8 +52,8 @@ touch /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla $EDITOR /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla - - + + Paste in the rule below. @@ -65,8 +65,8 @@ ResultAny=yes ResultInactive=yes ResultActive=yes - - + + Create group for users that can access libvirt without root privileges: @@ -76,8 +76,8 @@ ResultActive=yes groupadd libvirt - - + + Add your users to the special group: @@ -86,8 +86,8 @@ groupadd libvirt usermod -a -G libvirt user_name - - + +
References diff --git a/pot/Author_Group.pot b/pot/Author_Group.pot index 3a070f8..94c66b3 100644 --- a/pot/Author_Group.pot +++ b/pot/Author_Group.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Book_Info.pot b/pot/Book_Info.pot index 3509715..a7c46ac 100644 --- a/pot/Book_Info.pot +++ b/pot/Book_Info.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Cloud.pot b/pot/Cloud.pot index ff2de83..12b77c7 100644 --- a/pot/Cloud.pot +++ b/pot/Cloud.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Communications.pot b/pot/Communications.pot index 4150f53..274cdde 100644 --- a/pot/Communications.pot +++ b/pot/Communications.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Creating_GPG_Keys.pot b/pot/Creating_GPG_Keys.pot new file mode 100644 index 0000000..c6db715 --- /dev/null +++ b/pot/Creating_GPG_Keys.pot @@ -0,0 +1,96 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "Creating GPG keys." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Creating GPG keys is easy. gpg --gen-key" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +"$ gpg --gen-key \n" +"gpg (GnuPG) 1.4.16; Copyright (C) 2013 Free Software Foundation, Inc.\n" +"This is free software: you are free to change and redistribute it.\n" +"There is NO WARRANTY, to the extent permitted by law.\n" +"\n" +"Please select what kind of key you want:\n" +" (1) RSA and RSA (default)\n" +" (2) DSA and Elgamal\n" +" (3) DSA (sign only)\n" +" (4) RSA (sign only)\n" +"Your selection? 1\n" +"RSA keys may be between 1024 and 4096 bits long.\n" +"What keysize do you want? (2048) 3072\n" +"Requested keysize is 3072 bits\n" +"Please specify how long the key should be valid.\n" +" 0 = key does not expire\n" +" <n> = key expires in n days\n" +" <n>w = key expires in n weeks\n" +" <n>m = key expires in n months\n" +" <n>y = key expires in n years\n" +"Key is valid for? (0) 1y\n" +"Key expires at Wed 15 Apr 2015 09:40:08 PM EDT\n" +"Is this correct? (y/N) y\n" +"\n" +"You need a user ID to identify your key; the software constructs the user ID\n" +"from the Real Name, Comment and Email Address in this form:\n" +" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\"\n" +"\n" +"Real name: Beefy\n" +"Email address: beefy@fedoraproject.org\n" +"Comment: FAKE\n" +"You selected this USER-ID:\n" +" \"Beefy (FAKE) <beefy@fedoraproject.org>\"\n" +"\n" +"Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o\n" +"You need a Passphrase to protect your secret key.\n" +"\n" +"You don't want a passphrase - this is probably a *bad* idea!\n" +"I will do it anyway. You can change your passphrase at any time,\n" +"using this program with the option \"--edit-key\".\n" +"\n" +"We need to generate a lot of random bytes. It is a good idea to perform\n" +"some other action (type on the keyboard, move the mouse, utilize the\n" +"disks) during the prime generation; this gives the random number\n" +"generator a better chance to gain enough entropy.\n" +"..+++++\n" +"...+++++\n" +"We need to generate a lot of random bytes. It is a good idea to perform\n" +"some other action (type on the keyboard, move the mouse, utilize the\n" +"disks) during the prime generation; this gives the random number\n" +"generator a better chance to gain enough entropy.\n" +"......+++++\n" +".........................+++++\n" +"gpg: key 20EE698C marked as ultimately trusted\n" +"public and secret key created and signed.\n" +"\n" +"gpg: checking the trustdb\n" +"gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model\n" +"gpg: depth: 0 valid: 2 signed: 48 trust: 0-, 0q, 0n, 0m, 0f, 2u\n" +"gpg: depth: 1 valid: 48 signed: 50 trust: 47-, 0q, 0n, 0m, 1f, 0u\n" +"gpg: depth: 2 valid: 8 signed: 16 trust: 8-, 0q, 0n, 0m, 0f, 0u\n" +"gpg: next trustdb check due at 2014-09-09\n" +"pub 3072R/20EE698C 2014-04-16 [expires: 2015-04-16]\n" +" Key fingerprint = E6FE 3BF4 F307 00BD 6517 050F C159 309E 20EE 698C\n" +"uid Beefy (FAKE) <beefy@fedoraproject.org>\n" +"sub 3072R/C68ACE5D 2014-04-16 [expires: 2015-04-16]\n" +"" +msgstr "" + diff --git a/pot/Documenting_Fedora.pot b/pot/Documenting_Fedora.pot index 176f09d..d959949 100644 --- a/pot/Documenting_Fedora.pot +++ b/pot/Documenting_Fedora.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Documenting_Fedora/writing_recipes.pot b/pot/Documenting_Fedora/writing_recipes.pot index 08736c8..1407ec4 100644 --- a/pot/Documenting_Fedora/writing_recipes.pot +++ b/pot/Documenting_Fedora/writing_recipes.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/GPG.pot b/pot/GPG.pot new file mode 100644 index 0000000..43d6a16 --- /dev/null +++ b/pot/GPG.pot @@ -0,0 +1,24 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "GnuPG" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "GNU Privacy Guard or GnuPG or just plain GPG is an open source iteration of Pretty Good Privacy (PGP) and provides authentication and encryption for email and files based on asymmetric cryptography. Using GPG allows an individual or organization to help protect their coorespondances as they cross the Internet or other medium." +msgstr "" + diff --git a/pot/Multimedia.pot b/pot/Multimedia.pot index 16ac4a8..be5350a 100644 --- a/pot/Multimedia.pot +++ b/pot/Multimedia.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Networking.pot b/pot/Networking.pot index 1e4d25c..249719a 100644 --- a/pot/Networking.pot +++ b/pot/Networking.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Preface.pot b/pot/Preface.pot index 8acdc3c..6cdaf1a 100644 --- a/pot/Preface.pot +++ b/pot/Preface.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Revision_History.pot b/pot/Revision_History.pot index fc6c702..c1c37e2 100644 --- a/pot/Revision_History.pot +++ b/pot/Revision_History.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Security.pot b/pot/Security.pot index 4e5d3be..d9d7ef8 100644 --- a/pot/Security.pot +++ b/pot/Security.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Security/ssh-keygen.pot b/pot/Security/ssh-keygen.pot new file mode 100644 index 0000000..b909fee --- /dev/null +++ b/pot/Security/ssh-keygen.pot @@ -0,0 +1,183 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "Creating SSH Keys" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Secure Shell, or SSH, is a powerful and popular tool for connecting to Fedora systems over local or global networks. SSH is more secure when used with keys. Like a physical key and lock, an ssh public and private key are paired to work only with each other. Using keys can make connecting easier, and systems that use keys can be made more secure by turning off ssh password access." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Required Ingredients" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "openssh-clients - Package, comes by default on most systems." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "openssh - Package, comes by default on most systems." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Working Network Connection - Network services need a network!" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Target host - Another computer that you have network and password access to. You will need either an IP address or a domain name for this machine." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Local testing" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "To test ssh access against the local machine instead of another on the network, use localhost as the target hostname." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Directions" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Setting up SSH Keys" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Create the key." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" ssh-keygen -b 4096 -N \"secret\" -f ~/.ssh/target_id_isa\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If you don't declare any options, ssh-keygen will ask for the required minimum interactively. Read about the example's options below, or find more options in man ssh-keygen." +msgstr "" + +#. Tag: member +#, no-c-format +msgid "-b 4096 : Generates a 4096-bit key, stronger than the default." +msgstr "" + +#. Tag: member +#, no-c-format +msgid "-n secret : A passphrase for the key. Optional, but strongly recommended." +msgstr "" + +#. Tag: member +#, no-c-format +msgid "-f ~/.ssh/target_id_rsa : The file to create. Call the file anything, but store it in ~/.ssh/" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Copy the public key to your target." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" \n" +" ssh-copy-id -i ~/.ssh/target_id_rsa.pub target_ip\n" +" \n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The ssh-copy-id utility opens an ssh connection to the target using password authentication and adds the contents of the public key to ~/.ssh/authorized_keys`. The file can also be shared by other means and appended to authorized_keys manually, a method used for systems where password authentication cannot be turned on." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" cat target_id_rsa.pub >> ~/.ssh/authorized_keys\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Test the key:" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" \n" +" ssh -i ~/.ssh/target_id_rsa -o PasswordAuthentication=no target_ip\n" +" \n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Add an entry in your client ssh configuration for the key. ssh will try all keys in ~/.ssh/ when connecting to any host unless configured otherwise, so configuring it to only use keys that are explicitly paired to a host will reduce rejected authentication attempts and speed connections." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Editing ~/.ssh/config" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" Host *\n" +" IdentitiesOnly yes\n" +"\n" +" Host target_ip\n" +" PasswordAuthentication No\n" +" IdentityFile ~/.ssh/target_id_rsa\n" +" " +msgstr "" + +#. Tag: title +#, no-c-format +msgid "References" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "ssh-keygen(1) - manual for ssh-keygen" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "ssh-copy-id(1) - manual for ssh-copy-id" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "ssh-config(5) - manual for ssh client configuration files" +msgstr "" + diff --git a/pot/Security/ssh-proxy.pot b/pot/Security/ssh-proxy.pot new file mode 100644 index 0000000..386407e --- /dev/null +++ b/pot/Security/ssh-proxy.pot @@ -0,0 +1,170 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "SSH access to hosts on an internal network" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "On a private network, such as the NAT network used by most homes, a machine can be accessed using ssh by forwarding the incoming port 22 on the router to a single machine inside the network. To access more than one machine from outside the network, proxy requests through that host." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "This approach is more straightforward than forwarding multiple ports, because it only requires one forwarding rule to be configured, one change in the ssh client configuration for the outside machine, and no additional configuration on the other hosts." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Required Ingredients" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "A port forwarding rule for one host on the internal network. Log in to your router to setup the rule. Because router interfaces vary, consult your router's manual for help." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "A target for the above port forwarding rule configured to accept ssh connections (default on most systems)." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "An internal network with other ssh accessible hosts." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The outside address for your internal network. Home users with dynamically assigned IP addresses should read " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The address space for your internal network. On many home routers, this will be 192.168.1.* or 192.168.0.1" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Address Space Reuse" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Adddresses like 192.168.1.0/24 are reserved for use in private networks. Because the proxy rule is applied based on the address space of the target, you should configure your router to use a less common set of addresses." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "If your router can give addresses in the 192.168.42.0/24 network, for example, your proxy rule won't get in the way when connecting to machines on a different network that uses 192.168.1.0/24 addresses." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Directions" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Configuring an ssh proxy" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Configure your router to forward incoming traffic on port 22 to one machine that will act as the proxy. If you choose, configure the router to use a less common subnet then reboot it." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Open the firewall on all machines to ssh traffic. This is the default on most systems. Use the graphical firewall application firewall-config, or issue the commands below as root." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" firewall-cmd --permanent --add-service=ssh\n" +" firewall-cmd --reload\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Ensure sshd is enabled and running on all target systems by running the commands below as root." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" systemctl enable sshd\n" +" systemctl start sshd\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Edit ~/.ssh/config on the initiating system as below:" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" Host 192.168.42.*\n" +" ProxyCommand ssh -W %h:%p external_address\n" +" #suggested optional ssh key declaratons:\n" +" IdentityFile ~/.ssh/internal_id_rsa\n" +" Host external_address\n" +" IdentityFile ~/.ssh/proxy_id_rsa\n" +" \n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Test the configuration from inside and outside the network. Using ssh verbosely will show how the ProxyCommand statement relays your connection." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" ssh -vvv 192.168.42.7\n" +" " +msgstr "" + +#. Tag: title +#, no-c-format +msgid "References" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "ssh-config(5) - ssh client configuration manual." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "firewall-cmd(1) - manual for firewalld command line utility." +msgstr "" + +#. Tag: para +#, no-c-format +msgid " - recommended reading on ssh authentication." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "RFC1918 - defines private address spaces." +msgstr "" + diff --git a/pot/Storage.pot b/pot/Storage.pot index 5bd4a36..06c6938 100644 --- a/pot/Storage.pot +++ b/pot/Storage.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Virtualization.pot b/pot/Virtualization.pot index fd9191a..508c408 100644 --- a/pot/Virtualization.pot +++ b/pot/Virtualization.pot @@ -4,8 +4,8 @@ msgid "" msgstr "" "Project-Id-Version: 0\n" -"POT-Creation-Date: 2014-03-23 09:20-0400\n" -"PO-Revision-Date: 2014-03-23 09:20-0400\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" diff --git a/pot/Virtualization/Access_To_libvirt_Without_root.pot b/pot/Virtualization/Access_To_libvirt_Without_root.pot new file mode 100644 index 0000000..d74cb64 --- /dev/null +++ b/pot/Virtualization/Access_To_libvirt_Without_root.pot @@ -0,0 +1,127 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "Access to libvirt without root privileges" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "By default, only root can administer virtual machines using libvirt. Use these instructions to create a special group whose members will be able to use libvirt." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Required Ingredients" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Package 'polkit'" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Package 'libvirt'" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Create polkit policy for libvirt" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Create polkit policy for libvirt:" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +"\n" +"touch /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla\n" +"\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Open the policy file in an editor." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +"\n" +"$EDITOR /etc/polkit-1/localauthority/50-local.d/50-org.libvirt-group-access.pkla\n" +"\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Paste in the rule below." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +"[libvirt group Management Access]\n" +"Identity=unix-group:libvirt\n" +"Action=org.libvirt.unix.manage\n" +"ResultAny=yes\n" +"ResultInactive=yes\n" +"ResultActive=yes\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Create group for users that can access libvirt without root privileges:" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +"\n" +"groupadd libvirt\n" +"\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Add your users to the special group:" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +"\n" +"usermod -a -G libvirt user_name\n" +"\n" +" " +msgstr "" + +#. Tag: title +#, no-c-format +msgid "References" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Libvirt policykit documentation" +msgstr "" + diff --git a/pot/git/secure-git-pull.pot b/pot/git/secure-git-pull.pot new file mode 100644 index 0000000..a632dca --- /dev/null +++ b/pot/git/secure-git-pull.pot @@ -0,0 +1,182 @@ +# +# AUTHOR , YEAR. +# +msgid "" +msgstr "" +"Project-Id-Version: 0\n" +"POT-Creation-Date: 2014-05-18 12:18-0600\n" +"PO-Revision-Date: 2014-05-18 12:18-0600\n" +"Last-Translator: Automatically generated\n" +"Language-Team: None\n" +"MIME-Version: 1.0\n" +"Content-Type: application/x-publican; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Tag: title +#, no-c-format +msgid "Secure deployment with Git and SSH" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Git, a distributed version control system, can be used to transfer software and other files to remote systems. By configuring the remote system to pull content from a git repository on a schedule, deployment can be accomplished with a simple local merge. Configuring the system that hosts the repository to restrict access from the remote system enhances security without affecting the method's usefulness." +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Required Ingredients" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Two computers running Fedora with a working network connection." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Git installed on both systems, and a git repository on one." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "A dedicated user account." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "A dedicated SSH authentication key" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Directions" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Configuring the host" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Create and configure a new user account to use for the transfer. For security reasons, this account will only be allowed to interact with git." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "First, identify the path to your git repository. Store it in a shell variable, for convenience." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" \n" +" repo_directory=/srv/repos/my-project.git\n" +" \n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Create the user account." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" \n" +" useradd --home $repo_directory --shell /usr/bin/git-shell puller\n" +" \n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "The options given to useradd restrict the user's account. Refer to the explanation below, and man useradd for further insight." +msgstr "" + +#. Tag: member +#, no-c-format +msgid "--home $repo_directory - sets the account's home directory as the repository, using the shell variable from the previous step." +msgstr "" + +#. Tag: member +#, no-c-format +msgid "--shell /usr/bin/git-shell - Sets the login shell to git shell, a special utility provided with git that will only allow the user to execute git commands." +msgstr "" + +#. Tag: member +#, no-c-format +msgid "puller - The name of the user to create. Name the account something that will remind you of its purpose." +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Copy the public half of your ssh key into the user's home directory." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" mkdir $repo_directory/.ssh/\n" +" \n" +" cp puller_id_rsa.pub $repo_direcory/.ssh/\n" +" \n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Give the user read only access to the repository" +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" \n" +" \n" +" \n" +" " +msgstr "" + +#. Tag: title +#, no-c-format +msgid "Optional: tell git to ignore the ssh key" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "You can add the ssh public key to your git repository to share it, or tell git to ignore they key with the instructions below." +msgstr "" + +#. Tag: screen +#, no-c-format +msgid "\n" +" pushd $repo_directory\n" +" echo \".ssh/\" >> .gitignore\n" +" git add .gitignore\n" +" git commit -m \"Ignore $repo_directory/.ssh\"\n" +" popd\n" +" " +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Configure the remote host to use your repository" +msgstr "" + +#. Tag: title +#, no-c-format +msgid "References" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "Upstream Documentation" +msgstr "" + +#. Tag: para +#, no-c-format +msgid "" +msgstr "" + -- cgit