Issue #1

0 up
0 down
Closed
softwarepublico/softwarepublico#1
Created by Antonio Terceiro (Edited )

Figure out SSH port redirection (8 pts)

Port 22 on reverseproxy should redirect to integration, and SSH should run on e.g. port 2222 in reverseproxy.

Need to figure out a way of setting this up for local development and for production assuming SSH is initially running in port 22 on reverseproxy.

Assignee: Sergio Oliveira
Milestone: Sprint 28
3 participants
  • 75e3b052e046e34cbb10917c5f9901d7?s=40&d=identicon
    Antonio Terceiro @terceiro
    Choose File ...   File name...
    Cancel
  • 5eb59358fc7b3b7402ae353f8fb36293?s=40&d=identicon
    Macartur Sousa @macartur

    Reassigned to @macartur

    Choose File ...   File name...
    Cancel
  • 5eb59358fc7b3b7402ae353f8fb36293?s=40&d=identicon
    Macartur Sousa @macartur

    I found this ssh command :

     ssh -L 3000:192.168.33.10:5555 macartur@192.168.33.10 -p 5555 -f
    

    That comamnd can be used to make a ssh tunel between local server and remote server, but I don't know if this is a best way to do it.

    Choose File ...   File name...
    Cancel
  • 75e3b052e046e34cbb10917c5f9901d7?s=40&d=identicon
    Antonio Terceiro @terceiro

    that is not the path. what we need is to run the actual SSH server in reverseproxy on a non-default port, and redirect 22 to integration.

    Choose File ...   File name...
    Cancel
  • 75e3b052e046e34cbb10917c5f9901d7?s=40&d=identicon
    Antonio Terceiro @terceiro

    (or something equivalent to that)

    Choose File ...   File name...
    Cancel
  • 5eb59358fc7b3b7402ae353f8fb36293?s=40&d=identicon
    Macartur Sousa @macartur (Edited )

    Yes, it is used to redirect for exemple:

    I can use ssh -L revproxy:22:integration:22 vagrant@integration -f

    After this , every ssh to revproxy:22 will be redirected to integration:22

    The problem is when I turn on the vm I have to make ssh.

    I'm looking for another way using iptables.

    Choose File ...   File name...
    Cancel
  • 75e3b052e046e34cbb10917c5f9901d7?s=40&d=identicon
    Antonio Terceiro @terceiro

    we can't mess with iptables yet; you probably need to use socat, and create a systemd .service unit file to run it as a service

    Choose File ...   File name...
    Cancel
  • 5eb59358fc7b3b7402ae353f8fb36293?s=40&d=identicon
    Macartur Sousa @macartur

    I made two script http://paste.debian.net/166027/ and http://paste.debian.net/166028/ and they is working using systemctl.

    Choose File ...   File name...
    Cancel
  • 75e3b052e046e34cbb10917c5f9901d7?s=40&d=identicon
    Antonio Terceiro @terceiro

    you don't need 2 scripts, just the systemd unit file. in particular systemd will handle pid files all this shit better than we could ever do in a shell script.

    Just put the command line that starts the service directly into ExecStart, and systemd will do all the rest for you

    Choose File ...   File name...
    Cancel
  • 5eb59358fc7b3b7402ae353f8fb36293?s=40&d=identicon
    Macartur Sousa @macartur

    OK, I will do it. Thanks.

    Choose File ...   File name...
    Cancel
  • 9fe63c7bd60deeb55e409a1d7dd173f5?s=40&d=identicon
    Sergio Oliveira @seocam

    Reassigned to @navarro1703

    Choose File ...   File name...
    Cancel
  • 9fe63c7bd60deeb55e409a1d7dd173f5?s=40&d=identicon
    Sergio Oliveira @seocam

    Reassigned to @seocam

    Choose File ...   File name...
    Cancel
  • 75e3b052e046e34cbb10917c5f9901d7?s=40&d=identicon
    Antonio Terceiro @terceiro (Edited )

    for reference before the pastes expire:

    #!/bin/sh
    
    TARGET=10.10.10.1
    PORT=44
    DPORT=22
    INOPTS="fork"
    PIDFILE=/var/run/socat-$PORT.pid
    OPTS="-d -d -lm"    # notice to stderr, then to syslog
    SOCAT=/usr/bin/socat
    
    if [ "$1" = "start" -o -z "$1" ]; then
        $SOCAT $OPTS tcp-l:$PORT,$INOPTS tcp:$TARGET:$DPORT </dev/null &
        echo $! >$PIDFILE
    elif [ "$1" = "stop" ]; then
         echo "ended"
        /bin/kill $(/bin/cat $PIDFILE)
    fi
    exit
    

    and

    [Unit]
    Description=Service Socat
    
    [Service]
    Type=oneshot
    RemainAfterExit=yes
    ExecStart=/etc/init.d/socat start
    ExecStop=/etc/init.d/socat stop
    
    [Install]
    WantedBy=multi-user.target
    
    Choose File ...   File name...
    Cancel
  • 9fe63c7bd60deeb55e409a1d7dd173f5?s=40&d=identicon
    Sergio Oliveira @seocam (Edited )

    I still not sure if changing SSH ports during configuration phase is the way to go. For that the scripts would have to be smart enough to first connect to port 22 and after reconfigure themselves to run in the new port (for now 2222).

    If that's really the case I would prefer to set a different script that would be executed prior the rake and bootstrap phases just to configure the OpenSSH server. Like that all we would have to do is to configure the ssh_config file for each environment to use the predefined port.

    Choose File ...   File name...
    Cancel
  • 9fe63c7bd60deeb55e409a1d7dd173f5?s=40&d=identicon
    Sergio Oliveira @seocam

    Closed on !7

    Choose File ...   File name...
    Cancel
  • 9fe63c7bd60deeb55e409a1d7dd173f5?s=40&d=identicon
    Sergio Oliveira @seocam

    Status changed to closed

    Choose File ...   File name...
    Cancel