From 6eb4fc959e0e2e1d42bee50ab9f874f3bd40663a Mon Sep 17 00:00:00 2001
From: Tzafrir Cohen <tzafrir.cohen@xorcom.com>
Date: Sun, 23 Dec 2007 13:05:45 +0000
Subject: Add documentation.

git-svn-id: svn+ssh://xorcom/home/svn/debs/components/rapid-tunneling@5168 283159da-0705-0410-b60c-f2062b4bb6ad
---
 README | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 77 insertions(+)
 create mode 100644 README

diff --git a/README b/README
new file mode 100644
index 0000000..e4cb352
--- /dev/null
+++ b/README
@@ -0,0 +1,77 @@
+Prepare computer for SSH tunneling
+==================================
+Setup
+-----
+* apt-get install realpath
+* Create a new user named "support" (can be anything else).
+* Disable password login (put "*" in /etc/passwd instead of "x").
+* cp /etc/ssh/sshd_config /etc/ssh/sshd_support_config
+* vi /etc/ssh/sshd_support_config
+ o Port 2222
+ o Protocol 2
+ o PermitEmptyPasswords no
+ o PasswordAuthentication no
+ o X11Forwarding no
+ o PrintLastLog no
+ o UsePAM no
+ o AllowUsers support
+
+   /usr/sbin/sshd -f /etc/ssh/sshd_support_config
+   su - support
+   mkdir -m 700 .ssh
+   touch .ssh/authorized_keys
+   mkdir .ssh/sock
+   cat > .ssh/config <<EOF
+   Host *
+   	StrictHostKeyChecking no
+   	ControlMaster auto
+   	ControlPath ~/.ssh/sock/%r@%h:%p
+   EOF
+
+* Optionally create a public/private key for local login and place the 
+  public one in .ssh/authorized_keys.
+* Copy the following files to /usr/local/bin:
+  o create-invitation
+  o finish-ra
+  o prepare-connect 
+* Change the required parameters in create-invitation (host, port and user).
+* mkdir bin
+* Copy from-remote to ~/bin. 
+
+Use
+---
+
+1. Connect to the intermediate computer as root and then switch to user 
+   "support":
+   * su - support 
+2. Create invitation:
+   * create-invitation <port> <comment>
+     where,
+     <port> is a local port on the intermediate computer through which 
+     connection to the remote system will be made.
+     <comment> a single word that must be unique among other current remote 
+     support connections.
+     * remote-access.tar.gz will be created in current directory. This 
+       file should be mailed to the client. 
+3. Enable login with this invitation:
+   * The command to enter will be printed upon invitation creation. 
+4. Check who can login:
+   * cat .ssh/authorized_keys 
+5. Check who is currently logged in:
+   * ps aux | grep sleep-ra 
+6. Prepare connection back to the client (should be done once after the client logs in and before being able to connect back):
+   * prepare-connect <comment> 
+7. Connect to the client:
+   * ssh ra-<comment>
+   * scp ra-<comment>:blabla .
+   * If you want to have remote access to the GUI then:
+     ssh -g -L <port1>:127.0.0.1:8088 ra-<comment>
+     where, port1 is any local port on intermediate computer.
+     You can point your Firefox to the following address:
+     http://<intermediate_computer_address>:<port1>/asterisk/static/config/cfgbasic.html 
+8. Disconnect from the client:
+   * Quit all ssh and scp sessions.
+   * ps aux | grep sleep-ra, kill the appropriate process 
+9. Disallow further logins via this invitation:
+   * finish-ra <comment> 
+
-- 
cgit v1.2.3