Issue #1
Figure out SSH port redirection (8 pts)
Port 22 on reverseproxy
should redirect to integration
, and SSH should run on e.g. port 2222 in reverseproxy.
Need to figure out a way of setting this up for local development and for production assuming SSH is initially running in port 22 on reverseproxy
.
-
see also softwarepublico/colab#21
-
I found this ssh command :
ssh -L 3000:192.168.33.10:5555 macartur@192.168.33.10 -p 5555 -f
That comamnd can be used to make a ssh tunel between local server and remote server, but I don't know if this is a best way to do it.
-
that is not the path. what we need is to run the actual SSH server in
reverseproxy
on a non-default port, and redirect 22 tointegration
. -
(or something equivalent to that)
-
Yes, it is used to redirect for exemple:
I can use ssh -L revproxy:22:integration:22 vagrant@integration -f
After this , every ssh to revproxy:22 will be redirected to integration:22
The problem is when I turn on the vm I have to make ssh.
I'm looking for another way using iptables.
-
we can't mess with iptables yet; you probably need to use socat, and create a systemd .service unit file to run it as a service
-
I made two script http://paste.debian.net/166027/ and http://paste.debian.net/166028/ and they is working using systemctl.
-
you don't need 2 scripts, just the systemd unit file. in particular systemd will handle pid files all this shit better than we could ever do in a shell script.
Just put the command line that starts the service directly into ExecStart, and systemd will do all the rest for you
-
OK, I will do it. Thanks.
-
Reassigned to @navarro1703
-
for reference before the pastes expire:
#!/bin/sh TARGET=10.10.10.1 PORT=44 DPORT=22 INOPTS="fork" PIDFILE=/var/run/socat-$PORT.pid OPTS="-d -d -lm" # notice to stderr, then to syslog SOCAT=/usr/bin/socat if [ "$1" = "start" -o -z "$1" ]; then $SOCAT $OPTS tcp-l:$PORT,$INOPTS tcp:$TARGET:$DPORT </dev/null & echo $! >$PIDFILE elif [ "$1" = "stop" ]; then echo "ended" /bin/kill $(/bin/cat $PIDFILE) fi exit
and
[Unit] Description=Service Socat [Service] Type=oneshot RemainAfterExit=yes ExecStart=/etc/init.d/socat start ExecStop=/etc/init.d/socat stop [Install] WantedBy=multi-user.target
-
I still not sure if changing SSH ports during configuration phase is the way to go. For that the scripts would have to be smart enough to first connect to port 22 and after reconfigure themselves to run in the new port (for now 2222).
If that's really the case I would prefer to set a different script that would be executed prior the rake and bootstrap phases just to configure the OpenSSH server. Like that all we would have to do is to configure the ssh_config file for each environment to use the predefined port.
-
Status changed to closed