README


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

Prepare computer for SSH tunneling
==================================
Setup
-----
* apt-get install realpath
* Create a new user named "support" (can be anything else).
* Disable password login (put "*" in /etc/passwd instead of "x").
* cp /etc/ssh/sshd_config /etc/ssh/sshd_support_config
* vi /etc/ssh/sshd_support_config
 o Port 2222
 o Protocol 2
 o PermitEmptyPasswords no
 o PasswordAuthentication no
 o X11Forwarding no
 o PrintLastLog no
 o UsePAM no
 o AllowUsers support

   /usr/sbin/sshd -f /etc/ssh/sshd_support_config
   su - support
   mkdir -m 700 .ssh
   touch .ssh/authorized_keys
   mkdir .ssh/sock
   cat > .ssh/config <<EOF
   Host *
   	StrictHostKeyChecking no
   	ControlMaster auto
   	ControlPath ~/.ssh/sock/%r@%h:%p
   EOF

* Optionally create a public/private key for local login and place the 
  public one in .ssh/authorized_keys.
* Copy the following files to /usr/local/bin:
  o create-invitation
  o finish-ra
  o prepare-connect 
* Change the required parameters in create-invitation (host, port and user).
* mkdir bin
* Copy from-remote to ~/bin. 

Use
---

1. Connect to the intermediate computer as root and then switch to user 
   "support":
   * su - support 
2. Create invitation:
   * create-invitation <port> <comment>
     where,
     <port> is a local port on the intermediate computer through which 
     connection to the remote system will be made.
     <comment> a single word that must be unique among other current remote 
     support connections.
     * remote-access.tar.gz will be created in current directory. This 
       file should be mailed to the client. 
3. Enable login with this invitation:
   * The command to enter will be printed upon invitation creation. 
4. Check who can login:
   * cat .ssh/authorized_keys 
5. Check who is currently logged in:
   * ps aux | grep sleep-ra 
6. Prepare connection back to the client (should be done once after the client logs in and before being able to connect back):
   * prepare-connect <comment> 
7. Connect to the client:
   * ssh ra-<comment>
   * scp ra-<comment>:blabla .
   * If you want to have remote access to the GUI then:
     ssh -g -L <port1>:127.0.0.1:8088 ra-<comment>
     where, port1 is any local port on intermediate computer.
     You can point your Firefox to the following address:
     http://<intermediate_computer_address>:<port1>/asterisk/static/config/cfgbasic.html 
8. Disconnect from the client:
   * Quit all ssh and scp sessions.
   * ps aux | grep sleep-ra, kill the appropriate process 
9. Disallow further logins via this invitation:
   * finish-ra <comment>