Fix missunderstanding of sshd activated hosts

Related-to: https://github.com/jgm/pandoc/issues/5811

tuto3.yml

@@ -1,5 +1,5 @@
 kernel:
-  image: linuxkit/kernel:5.10.92
+  image: linuxkit/kernel:5.15.27
 #  cmdline: "console=ttyS0 root=/dev/sda1 root=/dev/sr0 adlin.token=LqCdJDfniA"
   cmdline: "console=tty0"
 
@@ -130,8 +130,7 @@ services:
       - /var/lib/adlin/wks-rh1resolv.conf:/etc/resolv.conf
 
   - name: mainrouter
-    #image: nemunaire/adlin-tuto3:485bb9556ca3bc33e7fee16edd93c05f35eb1455
-    image: nemunaire/router-tuto3:c07718ca23c03ff5033c4042f0cbeca6c26d4e6f
+    image: nemunaire/router-tuto3:ad91a16906567e1dcf90b39519691bea16954053
     net: /run/netns/router
     pid: new
     ipc: new
@@ -154,7 +153,7 @@ services:
       - /lib/preinit/30_failsafe_wait:/lib/preinit/30_failsafe_wait
       - /lib/preinit/99_10_failsafe_login:/lib/preinit/99_10_failsafe_login
   - name: matrix
-    image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1
+    image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f
     net: /run/netns/chat
     pid: new
     ipc: new
@@ -170,7 +169,7 @@ services:
       - /etc/hosts:/etc/hosts:ro
       - /etc/dresolv.conf:/etc/resolv.conf
   - name: ns-resolv
-    image: nemunaire/resolver:4988e30d81f3b1782e7bc520d2d24123930d72a6
+    image: nemunaire/resolver:37943d61abe99963ca57666576af76461add2948
     net: /run/netns/ns
     pid: new
     ipc: new
@@ -186,7 +185,7 @@ services:
       - /etc/unbound:/etc/unbound:ro
       - /etc/services:/etc/services:ro
   - name: ns-auth
-    image: nemunaire/nsd:b96e6b002e08afd42e4c77ee71766264c42cac57
+    image: docker.io/nemunaire/nsd:37be535f826c14608bff17e2ab0688df526282c0
     net: /run/netns/ns-auth
     pid: new
     ipc: new
@@ -209,7 +208,7 @@ services:
         - /var/lib/adlin/nsd
         - /var/lib/adlin/nsd-db
   - name: db
-    image: postgres:alpine
+    image: postgres:10-alpine
     net: /run/netns/db
     pid: new
     ipc: new
@@ -221,7 +220,7 @@ services:
       - LANG=en_US.utf8
       - PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/"
       - PGDATA=/var/lib/postgresql/data
-      - POSTGRES_PASSWORD=adlin2022
+      - POSTGRES_PASSWORD=adlin2023
     binds:
       - /etc/services:/etc/services:ro
       - /initdb/:/docker-entrypoint-initdb.d/:ro
@@ -238,7 +237,7 @@ services:
 #    env:
 #      - MM_USERNAME=mattermost
 #      - MM_DBNAME=mattermost
-#      - MM_PASSWORD=adlin2022
+#      - MM_PASSWORD=adlin2023
 #    binds:
 #      - /etc/services:/etc/services:ro
 #      - /etc/hosts:/etc/hosts:ro
@@ -253,18 +252,18 @@ services:
       - all
     command: ["/bin/sh", "-c", "sleep 10; /usr/bin/miniflux"]
     env:
-      - DATABASE_URL=postgres://miniflux:adlin2022@db/miniflux?sslmode=disable
+      - DATABASE_URL=postgres://miniflux:adlin2023@db/miniflux?sslmode=disable
       - RUN_MIGRATIONS=1
       - CREATE_ADMIN=1
       - ADMIN_USERNAME=adeline
-      - ADMIN_PASSWORD=adlin2022
+      - ADMIN_PASSWORD=adlin2023
       - LISTEN_ADDR=0.0.0.0:8080
     binds:
       - /etc/hosts:/etc/hosts:ro
       - /etc/dresolv.conf:/etc/resolv.conf
       - /etc/services:/etc/services:ro
   - name: web
-    image: nemunaire/tinydeb:2ec3c0260da7242df267799dfe08fe2eb0d014b1
+    image: nemunaire/tinydeb:642bb2fd0ed04a0f72ff21096c7aa656cce5d34f
     net: /run/netns/web
     pid: new
     ipc: new
@@ -281,7 +280,7 @@ services:
 
   # Workstation testers
   - name: minichecker-wks-rh2
-    image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
+    image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
     net: /run/netns/wks-rh2
     pid: new
     ipc: new
@@ -291,7 +290,7 @@ services:
       - /var/lib/adlin/wks-rh2resolv.conf:/etc/resolv.conf
       - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
   - name: minichecker-wks-dg1
-    image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
+    image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
     net: /run/netns/wks-dg1
     pid: new
     ipc: new
@@ -302,7 +301,7 @@ services:
       - /var/lib/adlin/wks-dg1resolv.conf:/etc/resolv.conf
       - /var/lib/adlin/wireguard/:/etc/wireguard/:ro
   - name: minichecker-wks-cm1
-    image: nemunaire/minichecker:a5d37bb2ebed6df0e586184582763eb0cf727b51
+    image: nemunaire/minichecker:58a22accfab97d6c9bcabfc03c66904ebc6e5cf6
     net: /run/netns/wks-cm1
     pid: new
     ipc: new
@@ -377,7 +376,7 @@ files:
       #!/bin/sh
       set -e
       psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
-          CREATE USER miniflux WITH PASSWORD 'adlin2022';
+          CREATE USER miniflux WITH PASSWORD 'adlin2023';
           CREATE DATABASE miniflux;
           GRANT ALL PRIVILEGES ON DATABASE miniflux TO miniflux;
       EOSQL
@@ -388,14 +387,14 @@ files:
 
   - path: /initdb/init-matrix.sql
     contents: |
-      CREATE USER matrix WITH PASSWORD 'adlin2022';
+      CREATE USER matrix WITH PASSWORD 'adlin2023';
       CREATE DATABASE matrix ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER matrix;
       GRANT ALL PRIVILEGES ON DATABASE matrix TO matrix;
     mode: "0444"
 
   - path: /initdb/init-website.sql
     contents: |
-      CREATE USER website WITH PASSWORD 'adlin2022';
+      CREATE USER website WITH PASSWORD 'adlin2023';
       CREATE DATABASE website ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' TEMPLATE template0 OWNER website;
       GRANT ALL PRIVILEGES ON DATABASE website TO website;
     mode: "0444"
@@ -572,13 +571,13 @@ files:
       [ -f /var/lib/adlin/wrt-etc/config/network ] || cat > /var/lib/adlin/wrt-etc/config/network <<EOF
 
       config interface 'loopback'
-          option ifname 'lo'
+          option device 'lo'
           option proto 'static'
           option ipaddr '127.0.0.1'
           option netmask '255.0.0.0'
 
       config interface 'wan'
-          option ifname 'eth0'
+          option device 'eth0'
           option proto 'dhcp'
 
       EOF
@@ -628,7 +627,7 @@ files:
           option endpoint_port '42912'
 
       config interface 'srv'
-          option ifname 'ethsrv'
+          option device 'ethsrv'
           option proto 'static'
           option netmask '255.255.255.0'
           option ipaddr '172.23.42.1'
@@ -685,7 +684,7 @@ files:
   - path: /etc/init.d/800-rw-passwd.sh
     contents: |
       #!/bin/sh
-      sed -ri '/^root/s@^root::.*$@root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
+      sed -ri '/^root/s@^root::.*$@root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7:::@' /var/lib/adlin/wrt-etc/shadow
       mkdir -p /var/lib/adlin/wrt-etc/dropbear/
       [ -f /var/lib/adlin/authorized_keys ] && ! [ -f /var/lib/adlin/wrt-etc/dropbear/authorized_keys ] && cp /var/lib/adlin/authorized_keys /var/lib/adlin/wrt-etc/dropbear/authorized_keys
 
@@ -697,11 +696,11 @@ files:
 
       for svc in matrix ns-auth ns-resolv web
       do
-          sed -ri '/^root/s@^.*$@root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow
+          sed -ri '/^root/s@^.*$@root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7:::@' /containers/services/${svc}/rootfs/etc/shadow
           cp /etc/services /containers/services/${svc}/rootfs/etc/services
           mkdir -p /containers/services/${svc}/rootfs/root/.ssh
           [ -f /var/lib/adlin/authorized_keys ] && cp /var/lib/adlin/authorized_keys /containers/services/${svc}/rootfs/root/.ssh/authorized_keys
-          nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- ssh-keygen -A
+          nsenter -t $(ctr -n services.linuxkit t ls | grep ${svc} | awk '{ print $2 }') -a -- sh -c 'ssh-keygen -A; service sshd restart;'
       done
 
       exit 0
@@ -718,7 +717,7 @@ files:
     contents: |
       #!/bin/sh
       sleep 20
-      nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2022 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null
+      nsenter -t $(pgrep procd | head -1) -a -- curl -s -u adeline:adlin2023 -d @- http://172.23.42.6:8080/v1/import < /root/feeds.opml 2> /dev/null > /dev/null
       exit 0
     mode: "0555"
 
@@ -907,7 +906,7 @@ files:
 
   - path: etc/rshadow
     contents: |
-      root:$1$ChIJgCib$1IYTTG.wKCXqbo1RMEQCc0:18706:0:99999:7:::
+      root:$1$XMaL.0yJ$Z9imHkT2P9ddci.FeYhVK0:18706:0:99999:7:::
       daemon:*:0:0:99999:7:::
       ftp:*:0:0:99999:7:::
       network:*:0:0:99999:7:::
@@ -945,7 +944,7 @@ files:
 
   - path: etc/wshadow
     contents: |
-      root:$6$4/xWhDY0JERkg6eg$ZKglx2TQT2ITM525di2aOhda9r9L.kUjYArPTF5pVTzi3/SRe.My4Z5Cg9vabK0ax2kZ.lLPFHA8v7jw.0N/8.:18707:0:99999:7:::
+      root:$6$R0XGKnrwzA4kTcET$6JsBy0Ib7xzy3OUZLq81/Cu4XswmOzv4VmCBJ76jAq/lJ049rxrHsyzGhUY8TONLdlbKfm0.EhCKB4NLivdck/:18707:0:99999:7:::
       daemon:*:17575:0:99999:7:::
       bin:*:17575:0:99999:7:::
       sys:*:17575:0:99999:7:::

tutorial/header.tex

@@ -18,6 +18,7 @@
 \renewcommand{\maketitlehooka}{\sffamily}
 
 % Use monospaced font for URLs
+\usepackage{hyperref}
 \urlstyle{tt}
 
 % In french, list item starts with dash, not bullet

tutorial/nat/netfilter.md

@@ -98,8 +98,9 @@ Depuis le routeur, vous pouvez vous SSH en utilisant le nom d'hôte attribué au
 machines :
 
 <div lang="en-US">
-  - `ssh root@news`
   - `ssh root@matrix`
+  - `ssh root@ns`
+  - `ssh root@ns-auth`
   - `ssh root@web`
 </div>
 

tutorial/nat/what.md

@@ -86,7 +86,7 @@ pris en compte.
 ### Connexions SSH
 
 Vous pouvez vous connecter en utilisant le compte `root` et le mot de passe
-`adlin2022`. Comme au précédent TP, si vous disposez d'une ou plusieurs [clefs
+`adlin2023`. Comme au précédent TP, si vous disposez d'une ou plusieurs [clefs
 SSH enregistrées au CRI](https://cri.epita.fr/users/nemunaire/ssh-keys/),
 celles-ci sont automatiquement ajoutées aux différents serveurs. Cependant,
 seuls les clefs RSA et DSA sont utilisables pour se connecter sur le routeur,