From b92b74422f12024a791229f7a130fe4f207608a1 Mon Sep 17 00:00:00 2001 From: Andika Triwidada Date: Mar 10 2022 10:48:39 +0000 Subject: [PATCH 1/2] Fix some typos --- diff --git a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc index b06b2dc..a1c02c4 100644 --- a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc +++ b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc @@ -750,7 +750,7 @@ HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub ~]#{nbsp}systemctl restart sshd.service ---- -. On user's systems. remove keys belonging to hosts from the `~/.ssh/known_hosts` file if the user has previously logged into the host configured above. When a user logs into the host they should no longer be presented with the warning about the hosts authenticity. +. On user's systems, remove keys belonging to hosts from the `~/.ssh/known_hosts` file if the user has previously logged into the host configured above. When a user logs into the host they should no longer be presented with the warning about the hosts authenticity. To test the host certificate, on a client system, ensure the client has set up the global `/etc/ssh/known_hosts` file, as described in xref:proc-Trusting_the_Host_Signing_Key[Trusting the Host Signing Key], and that the server's public key is not in the `~/.ssh/known_hosts` file. Then attempt to log into the server over SSH as a remote user. You should not see a warning about the authenticity of the host. If required, add the [option]`-v` option to the SSH command to see logging information. @@ -784,7 +784,7 @@ The default behavior of OpenSSH is that a user is allowed to log in as a remote @cert-authority principals="name1,name2" *.example.com ssh-rsa pass:quotes[_AAAAB5Wm._] ---- -* On the server, create an `AuthorizedPrincipalsFile` file, either per user or glabally, and add the principles' names to the file for those users allowed to log in. Then in the `/etc/ssh/sshd_config` file, specify the file using the [command]#AuthorizedPrincipalsFile# directive. +* On the server, create an `AuthorizedPrincipalsFile` file, either per user or globally, and add the principles' names to the file for those users allowed to log in. Then in the `/etc/ssh/sshd_config` file, specify the file using the [command]#AuthorizedPrincipalsFile# directive. [[proc-Generating_a_User_Certificate]] .Generating a User Certificate @@ -964,7 +964,7 @@ To view a certificate, use the [option]`-L` to list the contents. For example, f permit-user-rc ---- -To vew a host certificate: +To view a host certificate: ---- ~]# ssh-keygen -L -f /etc/ssh/ssh_host_rsa_key-cert.pub @@ -984,7 +984,7 @@ To vew a host certificate: [[sec-Revoking_an_SSH_CA_Certificate]] === Revoking an SSH CA Certificate -If a certificate is stolen, it should be revoked. Although OpenSSH does not provide a mechanism to distribute the revocation list it is still easier to create the revocation list and distribute it by other means then to change the CA keys and all host and user certificates previously created and distributed. +If a certificate is stolen, it should be revoked. Although OpenSSH does not provide a mechanism to distribute the revocation list it is still easier to create the revocation list and distribute it by other means than to change the CA keys and all host and user certificates previously created and distributed. Keys can be revoked by adding them to the `revoked_keys` file and specifying the file name in the `sshd_config` file as follows: From 31ac85e41542e4de7f4df336b4118ec22c0116c7 Mon Sep 17 00:00:00 2001 From: Andika Triwidada Date: Mar 10 2022 10:58:58 +0000 Subject: [PATCH 2/2] Fix typo --- diff --git a/modules/system-administrators-guide/pages/Preface.adoc b/modules/system-administrators-guide/pages/Preface.adoc index 4e4a454..7abc8b2 100644 --- a/modules/system-administrators-guide/pages/Preface.adoc +++ b/modules/system-administrators-guide/pages/Preface.adoc @@ -83,7 +83,7 @@ xref:monitoring-and-automation/OProfile.adoc[OProfile] covers [application]*OPro xref:kernel-module-driver-configuration/intro-kernel-module-driver-configuration.adoc[Kernel, Module and Driver Configuration]:: This part covers various tools that assist administrators with kernel customization. + -xref:kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc[Working with the GRUB 2 Boot Loader] der>> describes the GNU GRand Unified Boot loader (GRUB) version 2 boot loader, which enables selecting an operating system or kernel to be loaded at system boot time. +xref:kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc[Working with the GRUB 2 Boot Loader] describes the GNU GRand Unified Boot loader (GRUB) version 2 boot loader, which enables selecting an operating system or kernel to be loaded at system boot time. + xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc[Manually Upgrading the Kernel] provides important information on how to manually update a kernel package using the [command]#rpm# command instead of [command]#dnf#. Read this chapter if you cannot update a kernel package with the [application]*DNF* package manager. +