From af8699727275f9498772ed728f1f9b4d5e8f3fbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Frieder=20Grie=C3=9Fhammer?= Date: Tue, 6 Jan 2015 11:10:37 +0100 Subject: [PATCH] try to use.shorter.sentences. --- docs/user/accessing-nodes.rst | 28 +++++++++++++++------------- docs/user/authentication.rst | 14 ++++++++------ 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/docs/user/accessing-nodes.rst b/docs/user/accessing-nodes.rst index 7d494497..921bc95f 100644 --- a/docs/user/accessing-nodes.rst +++ b/docs/user/accessing-nodes.rst @@ -8,8 +8,8 @@ for customized setups, or to just look what is going on when a node does not per as expected. **Access** may mean a mere ``ping``/``traceroute`` to determine if a host can be reached. -To truly enter a machine, one will use SSH. How to prepare the Nodes for this either -via password or a SSH public key is described in :doc:`/user/authentication`. +To truly enter a machine, one will use SSH. See :doc:`/user/authentication` for information +how to set it up. How to find the IPv6 address of a desired node ---------------------------------------------- @@ -19,18 +19,18 @@ Consequently, one needs to determine the IPv6 address only once per device. To find the IPv6 address one can: - * Look at the bottom of the device and find the MAC address there - * Directly connect via LAN-Cable and use the **next_node** addresses (if configured) + * Look at the bottom of the device and find the MAC address there. + * Directly connect via LAN-Cable and use the **next_node** addresses (if configured). * There are rules for an automated transcription of MAC addresses into IPv6 - addresses, you can find one implementation with some description at - `ben.akrin.com `_ + addresses. + You can find one implementation with some description at `ben.akrin.com `_. - The procedure is basically an insertion of ff:ef in the middle, some bit - swapping and adding fe80:: as prefix. + The procedure is basically an insertion of ``ff:ef`` in the middle, some bit + swapping and adding ``fe80::`` as prefix. * - If you know the IPv4 address of a client accessing the network through desired - node and perform ``batctl traceroute`` to that device from any other Node + You can find a node address if you know the IPv4 address of a client connected + to it. If you perform a ``batctl traceroute`` to that client from any other Node in the mesh, the MAC address can be found in the last hub:: $ batctl traceroute 10.135.17.193 @@ -39,7 +39,8 @@ To find the IPv6 address one can: 1: 12:fe:ed:3b:3f:cb 22.418 ms 23.008 ms 24.980 ms 2: 26:a4:3c:f0:b5:0a 28.733 ms 26.018 ms 22.403 ms * - check response times - the nodes answering first are the ones connected the query host:: + Check response times - the nodes answering first are those connected directly + to the querying host:: $ ping6 -I bat0 ff02::2 | head -n 5 @@ -52,8 +53,9 @@ To find the IPv6 address one can: These addresses are local-link IPv6 addresses and can be contacted directly. .. note:: - Since WLAN and Ethernet are different devices, each with it's own MAC address, - it is expected that these MAC addresses are not always exactly the same as + WLAN and Ethernet are different devices, each with it's own MAC address. + + It is expected that these MAC addresses are not always exactly the same as the ones seen underneath the device. Only one of either devices is depicted. Contacting the device diff --git a/docs/user/authentication.rst b/docs/user/authentication.rst index e5d43866..e1ce849c 100644 --- a/docs/user/authentication.rst +++ b/docs/user/authentication.rst @@ -3,7 +3,7 @@ SSH Authentication The methods described here can also be configured via :doc:`/features/configmode`. -Telnet access is only possible when booting into safe-mode. How boot into safe-mode +Telnet access is only possible when booting into failsafe-mode. How boot into failsafe-mode is explained in the `openwrt wiki `_. SSH login will be possible after the start of dropbear, which is regularly performed @@ -16,8 +16,8 @@ Setting a password for any user on the Nodes - especially for root - is *not enc It comes handy, though, especially when logging in from via a remote machine that does not have your own SSH private key, e.g. directly from a gateway machine. -But passwords are always too short or too easy to guess/brutforce and therefore -mostly insecure. Always consider using SSH public keys. +Passwords keep certain pitfalls, mostly they are too short or too easy to guess/brutforce +and therefore insecure. If in doubt consider using SSH public keys. If setting a password via :doc:`/features/configmode` was disabled for security reasons, please: @@ -33,8 +33,10 @@ For users other than root, please perform as you would do with any other Linux m Adding SSH public keys ---------------------- -If it is not possible to set a SSH public key via :doc:`/features/configmode`, you -may use a temporary password or use the safe-mode to append your key to ``/etc/dropbear/authorized_keys`` -manually. +If it is not possible to set a SSH public key via :doc:`/features/configmode`, you can +append your key to ``/etc/dropbear/authorized_keys`` manually using: + + * a (temporary) password + * the failsafe-mode .. seealso:: For Information how to add SSH public keys to the images while compiling see :doc:`/features/authorized-keys`