Getting started with your Kiwilight.com account
Use
If you are a
How to Configure SSH — To use public key authentication with SSH you will need to load the keys into the LDAP database. OpenSSH will not look in
The recommended asymmetric key format is 4096 bit RSA. You are free to choose whatever key format you would like, but please do not use DSA keys. They are insecure, the technology is stupid and unnecessary, and they do not work with the OpenSSH configuration on the server.
Please ensure that each of your SSH public keys has a unique comment at the end. For example this is my public key.
After you have verified that your public key is compliant upload your public key to
to insert it into the database. If you use
Note that
unless you are absolutely certain that there is only one public key in that file.
To remove a key from the database you should use:
where
Please remove
How Mail Works — You can receive mail on the Kiwilight.com server at
If you are a
If you are a
is routed to your external address. Mail that you receive at:
is stored on the server locally. This behavior can be forced using the
will be stored locally rather than being routed to your external address. You may also route your local mail elsewhere with:
Your local mail account can be accessed through Roundcube at:
How to Use HTTPD — The Kiwilight.com server runs Apache HTTPD with mod_fcgid to allow
The main site located at
If you would like to host a web site you should create the
Note that
Use
kpasswd to set your password. The official support venue is ##kiwilight on freenode.net.If you are a
tunnel user then you should assume that home directory or ~ refers to /tmp for you - you can use groups to check your affiliations. This is the only location where you have write access to the filesystem.How to Configure SSH — To use public key authentication with SSH you will need to load the keys into the LDAP database. OpenSSH will not look in
~/.ssh/authorized_keys. First use klist to retrieve to show your Kerberos tickets. The output should look likeCredentials cache: FILE:/tmp/krb5cc_1000
Principal: kaiting.chen@KIWILIGHT.COM
Issued Expires Principal
Nov 21 16:55:23 Nov 22 02:55:23 krbtgt/KIWI...If you do not have an unexpired ticket from krbtgt then you should use kinit to get one. Verify that the klist output shows a valid ticket from krbtgt before proceeding.The recommended asymmetric key format is 4096 bit RSA. You are free to choose whatever key format you would like, but please do not use DSA keys. They are insecure, the technology is stupid and unnecessary, and they do not work with the OpenSSH configuration on the server.
Please ensure that each of your SSH public keys has a unique comment at the end. For example this is my public key.
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAoQl5LgDttB6wFly3weo scjWAUT06yHs9rq6pgWS8CDd/Ylk9c4/02Zu9bdxby5yZkALkUpknp4 ... snip ... 8KCdvcKokBZF1rOb0A1nJ6LZYM02pLmV8iCmWrtisJFZPk7XCxn3yqs NUqkEkotKxnuOmxwf8dnq94hIzJ/zUP1IT0nAFFRVeJyxhrr+Ndsps= kaiting.chen@kiwilight.comYou can see that it is tagged as
kaiting.chen@kiwilight.com. Do not upload two keys with the same comment.After you have verified that your public key is compliant upload your public key to
~/pick_a_filename and use:kchlpk insert ~/the_filename_you_pickedto insert it into the database. If you use
kchlpk you should see it reported in the list. If all is well you should delete the uploaded file.Note that
kchlpk insert expects one public key per file. You should not do:Wrong!kchlpk insert ~/.ssh/authorized_keysunless you are absolutely certain that there is only one public key in that file.
To remove a key from the database you should use:
kchlpk remove index_numberwhere
index_number is the number before the key in the kchlpk output.Please remove
~/.ssh/authorized_keys when are finished inserting all of your SSH public keys into the database.How Mail Works — You can receive mail on the Kiwilight.com server at
your.username@kiwilight.com. Typically this will be routed to the mail address you provided at registration, which I will refer to as your external address.If you are a
tunnel user then all mail is routed to your external address.If you are a
turtle user then you have local storage and this becomes more complicated. Mail to:your.username@kiwilight.comis routed to your external address. Mail that you receive at:
your.username@localhost or your.usernameis stored on the server locally. This behavior can be forced using the
+local suffix so mail to:your.username+local@kiwilight.comwill be stored locally rather than being routed to your external address. You may also route your local mail elsewhere with:
echo 'other_mail_address@wherever.tld' > ~/.forwardYour local mail account can be accessed through Roundcube at:
http://mail.kiwilight.com/. This is not yet working.How to Use HTTPD — The Kiwilight.com server runs Apache HTTPD with mod_fcgid to allow
turtle users to host sites and applications. Currently the PHP is the only server side scripting language supported.The main site located at
http://www.kiwilight.com/ offers a directory/ of all turtle users on the server. It also offers the full configuration of the server minus secrets and passwords in the etc/ directory.If you would like to host a web site you should create the
~/.public/ directory with mode 755 if it does not already exist. This directory can be accessed at:http://www.kiwilight.com/~your.username/Note that
httpd must be able to access ~/.public/ for this to work; for this reason we highly recommend against setting your home directory mode 700. httpd will read this directory with Option Indexes ExecCGI which will allow pretty directory indexes to be generated and scripts to execute. It is not necessary - and we recommend against - setting your scripts to mode 755 or 700.
Posts
