blob: e4cb3529da2e6a125adb3a119dd4a75b0f6c7ca9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
Prepare computer for SSH tunneling
==================================
Setup
-----
* apt-get install realpath
* Create a new user named "support" (can be anything else).
* Disable password login (put "*" in /etc/passwd instead of "x").
* cp /etc/ssh/sshd_config /etc/ssh/sshd_support_config
* vi /etc/ssh/sshd_support_config
o Port 2222
o Protocol 2
o PermitEmptyPasswords no
o PasswordAuthentication no
o X11Forwarding no
o PrintLastLog no
o UsePAM no
o AllowUsers support
/usr/sbin/sshd -f /etc/ssh/sshd_support_config
su - support
mkdir -m 700 .ssh
touch .ssh/authorized_keys
mkdir .ssh/sock
cat > .ssh/config <<EOF
Host *
StrictHostKeyChecking no
ControlMaster auto
ControlPath ~/.ssh/sock/%r@%h:%p
EOF
* Optionally create a public/private key for local login and place the
public one in .ssh/authorized_keys.
* Copy the following files to /usr/local/bin:
o create-invitation
o finish-ra
o prepare-connect
* Change the required parameters in create-invitation (host, port and user).
* mkdir bin
* Copy from-remote to ~/bin.
Use
---
1. Connect to the intermediate computer as root and then switch to user
"support":
* su - support
2. Create invitation:
* create-invitation <port> <comment>
where,
<port> is a local port on the intermediate computer through which
connection to the remote system will be made.
<comment> a single word that must be unique among other current remote
support connections.
* remote-access.tar.gz will be created in current directory. This
file should be mailed to the client.
3. Enable login with this invitation:
* The command to enter will be printed upon invitation creation.
4. Check who can login:
* cat .ssh/authorized_keys
5. Check who is currently logged in:
* ps aux | grep sleep-ra
6. Prepare connection back to the client (should be done once after the client logs in and before being able to connect back):
* prepare-connect <comment>
7. Connect to the client:
* ssh ra-<comment>
* scp ra-<comment>:blabla .
* If you want to have remote access to the GUI then:
ssh -g -L <port1>:127.0.0.1:8088 ra-<comment>
where, port1 is any local port on intermediate computer.
You can point your Firefox to the following address:
http://<intermediate_computer_address>:<port1>/asterisk/static/config/cfgbasic.html
8. Disconnect from the client:
* Quit all ssh and scp sessions.
* ps aux | grep sleep-ra, kill the appropriate process
9. Disallow further logins via this invitation:
* finish-ra <comment>
|