XPUB HUB New Nodes: Difference between revisions
Andre Castro (talk | contribs) |
Andre Castro (talk | contribs) |
||
Line 6: | Line 6: | ||
'''In the Pi''' | '''In the Pi''' | ||
in your Pi's create a user with same username as in the sandbox. Keeping it the same as in the sandbox - will make things easier for us and gnd | |||
add your public ssh key to your username in the Pi (same as mentioned) to ~/.ssh/authorized_keys | |||
There is a trick to do this with | There is a trick to do this with | ||
cat ~/.ssh/id_rsa.pub | ssh local.pi.IP.addr "cat >> ~/.ssh/authorized_keys" | |||
install Tinc on the Pis Instructions can be found here [[Tinc]], until the creation creation of the configuration dir: | |||
sudo mkdir -p /usr/local/etc/tinc/ | sudo mkdir -p /usr/local/etc/tinc/ | ||
* Add your chosen Node name and IP to [[HUB#IP_allocation]] | *Add your chosen Node name and IP to [[HUB#IP_allocation]] | ||
* Student project IPs last number should have 3 digits, last one is Simon's 10.0.1.103, so you can start from there | |||
Disable ssh to your pi with password (allow ssh key only), by: | |||
* ensuring you laptops ssh public key is in your pi ~/.ssh/authorized_keys: | |||
cat ~/.ssh/authorized_keys | cat ~/.ssh/authorized_keys | ||
* ensuring you can login to the Pi with ssh key: | |||
ssh username@pi.ip.add -i ~/.ssh/id_rsa | ssh username@pi.ip.add -i ~/.ssh/id_rsa | ||
* edit /etc/ssh/sshd_config: | * edit /etc/ssh/sshd_config: | ||
sudo nano /etc/ssh/sshd_config | sudo nano /etc/ssh/sshd_config | ||
Line 28: | Line 29: | ||
to: | to: | ||
PasswordAuthentication no | PasswordAuthentication no | ||
* reload ssh: | * reload ssh: | ||
sudo systemctl reload ssh | |||
You up with the following info: | |||
<pre> | |||
username: nameoftheuser | |||
Node IP: 10.0.0.??? | |||
Node name: nameofnode | |||
ssh public key: | |||
ssh-ed25519 ... ... nameoftheuser@laptop | |||
</pre> | |||
'''In the XVM (xpub server)''' | |||
As root: | |||
create an invitation node the node as described in [[HUB#Adding_a_new_thing]] | |||
tinc -n hub invite $NAMEOFNODE | |||
Which will generate an invitation address | |||
'''Back In the Pi''' | |||
User invitation to join the network ($INVITE_ADDRES) | |||
sudo tinc join $INVITE_ADDRES | |||
Add the pi to the hub network under the chosen Node IP ($NODE.IP.ADDRS): | |||
sudo tinc -n hub add subnet $NODE.IP.ADDRS | |||
edit the tinc-up file in /usr/local/etc/tinc/hub/: commenting the echo line and adding the line: | |||
* Note: $INTERFACE should remain as is; $NODE.IP.ADDRS should be replace with the Node IP | |||
ifconfig $INTERFACE $NODE.IP.ADDRS netmask 255.255.255.0 | |||
* Example tinc-up file: | |||
<source lang="bash"> | |||
#!/bin/sh | |||
# echo 'Unconfigured tinc-up script, please edit '$0'!' | |||
ifconfig $INTERFACE 10.0.0.105 netmask 255.255.255.0 | |||
</source> | |||
Start tincd daemon: | |||
tincd -n hub -D -d3 | |||
In new window, ssh again to the pi and see if you can ping other tinc nodes: | |||
ping 10.0.0.1 | |||
If so Tinc is running :) yahh | |||
* ask gnd to associate your username+pub key to the Pi IP: | * ask gnd to associate your username+pub key to the Pi IP: |
Revision as of 13:21, 20 April 2020
New nodes (machines) can be edited to the HUB Tinc network.
It is useful for machines (mostly Pis), without public IP addres, but which require public ssh or http access. As is the case of some students and Xpub projects
Steps to add a machine to the Tinc network
In the Pi in your Pi's create a user with same username as in the sandbox. Keeping it the same as in the sandbox - will make things easier for us and gnd
add your public ssh key to your username in the Pi (same as mentioned) to ~/.ssh/authorized_keys There is a trick to do this with
cat ~/.ssh/id_rsa.pub | ssh local.pi.IP.addr "cat >> ~/.ssh/authorized_keys"
install Tinc on the Pis Instructions can be found here Tinc, until the creation creation of the configuration dir:
sudo mkdir -p /usr/local/etc/tinc/
- Add your chosen Node name and IP to HUB#IP_allocation
- Student project IPs last number should have 3 digits, last one is Simon's 10.0.1.103, so you can start from there
Disable ssh to your pi with password (allow ssh key only), by:
- ensuring you laptops ssh public key is in your pi ~/.ssh/authorized_keys:
cat ~/.ssh/authorized_keys
- ensuring you can login to the Pi with ssh key:
ssh username@pi.ip.add -i ~/.ssh/id_rsa
- edit /etc/ssh/sshd_config:
sudo nano /etc/ssh/sshd_config
- and uncomment the line:
#PasswordAuthentication no
to:
PasswordAuthentication no
- reload ssh:
sudo systemctl reload ssh
You up with the following info:
username: nameoftheuser Node IP: 10.0.0.??? Node name: nameofnode ssh public key: ssh-ed25519 ... ... nameoftheuser@laptop
In the XVM (xpub server)
As root:
create an invitation node the node as described in HUB#Adding_a_new_thing
tinc -n hub invite $NAMEOFNODE
Which will generate an invitation address
Back In the Pi
User invitation to join the network ($INVITE_ADDRES)
sudo tinc join $INVITE_ADDRES
Add the pi to the hub network under the chosen Node IP ($NODE.IP.ADDRS):
sudo tinc -n hub add subnet $NODE.IP.ADDRS
edit the tinc-up file in /usr/local/etc/tinc/hub/: commenting the echo line and adding the line:
- Note: $INTERFACE should remain as is; $NODE.IP.ADDRS should be replace with the Node IP
ifconfig $INTERFACE $NODE.IP.ADDRS netmask 255.255.255.0
- Example tinc-up file:
#!/bin/sh
# echo 'Unconfigured tinc-up script, please edit '$0'!'
ifconfig $INTERFACE 10.0.0.105 netmask 255.255.255.0
Start tincd daemon:
tincd -n hub -D -d3
In new window, ssh again to the pi and see if you can ping other tinc nodes:
ping 10.0.0.1
If so Tinc is running :) yahh
- ask gnd to associate your username+pub key to the Pi IP: