diff options
| author | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2007-12-23 13:05:45 +0000 |
|---|---|---|
| committer | Tzafrir Cohen <tzafrir.cohen@xorcom.com> | 2007-12-23 13:05:45 +0000 |
| commit | 6eb4fc959e0e2e1d42bee50ab9f874f3bd40663a (patch) | |
| tree | db54b2be29df2d997faa86a132b1470bf5cf1474 | |
| parent | def7ed2832cbb6d183b8c195ac7f58b788053487 (diff) | |
Add documentation.
git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@5168 283159da-0705-0410-b60c-f2062b4bb6ad
| -rw-r--r-- | README | 77 |
1 files changed, 77 insertions, 0 deletions
@@ -0,0 +1,77 @@ +Prepare computer for SSH tunneling +================================== +Setup +----- +* apt-get install realpath +* Create a new user named "support" (can be anything else). +* Disable password login (put "*" in /etc/passwd instead of "x"). +* cp /etc/ssh/sshd_config /etc/ssh/sshd_support_config +* vi /etc/ssh/sshd_support_config + o Port 2222 + o Protocol 2 + o PermitEmptyPasswords no + o PasswordAuthentication no + o X11Forwarding no + o PrintLastLog no + o UsePAM no + o AllowUsers support + + /usr/sbin/sshd -f /etc/ssh/sshd_support_config + su - support + mkdir -m 700 .ssh + touch .ssh/authorized_keys + mkdir .ssh/sock + cat > .ssh/config <<EOF + Host * + StrictHostKeyChecking no + ControlMaster auto + ControlPath ~/.ssh/sock/%r@%h:%p + EOF + +* Optionally create a public/private key for local login and place the + public one in .ssh/authorized_keys. +* Copy the following files to /usr/local/bin: + o create-invitation + o finish-ra + o prepare-connect +* Change the required parameters in create-invitation (host, port and user). +* mkdir bin +* Copy from-remote to ~/bin. + +Use +--- + +1. Connect to the intermediate computer as root and then switch to user + "support": + * su - support +2. Create invitation: + * create-invitation <port> <comment> + where, + <port> is a local port on the intermediate computer through which + connection to the remote system will be made. + <comment> a single word that must be unique among other current remote + support connections. + * remote-access.tar.gz will be created in current directory. This + file should be mailed to the client. +3. Enable login with this invitation: + * The command to enter will be printed upon invitation creation. +4. Check who can login: + * cat .ssh/authorized_keys +5. Check who is currently logged in: + * ps aux | grep sleep-ra +6. Prepare connection back to the client (should be done once after the client logs in and before being able to connect back): + * prepare-connect <comment> +7. Connect to the client: + * ssh ra-<comment> + * scp ra-<comment>:blabla . + * If you want to have remote access to the GUI then: + ssh -g -L <port1>:127.0.0.1:8088 ra-<comment> + where, port1 is any local port on intermediate computer. + You can point your Firefox to the following address: + http://<intermediate_computer_address>:<port1>/asterisk/static/config/cfgbasic.html +8. Disconnect from the client: + * Quit all ssh and scp sessions. + * ps aux | grep sleep-ra, kill the appropriate process +9. Disallow further logins via this invitation: + * finish-ra <comment> + |