XPUB HUB New Nodes: Difference between revisions

From XPUB & Lens-Based wiki
Line 6: Line 6:


'''In the Pi'''
'''In the Pi'''
* in your Pi's create a user with same username as in the sandbox. Keeping it the same as in the sandbox - will make things easier for us and gnd  
in your Pi's create a user with same username as in the sandbox. Keeping it the same as in the sandbox - will make things easier for us and gnd  
* add your public ssh key to your username in the Pi (same as mentioned) to ~/.ssh/authorized_keys  
 
add your public ssh key to your username in the Pi (same as mentioned) to ~/.ssh/authorized_keys  
There is a trick to do this with  
There is a trick to do this with  
  `cat ~/.ssh/id_rsa.pub | ssh local.pi.IP.addr "cat >> ~/.ssh/authorized_keys"`
cat ~/.ssh/id_rsa.pub | ssh local.pi.IP.addr "cat >> ~/.ssh/authorized_keys"
* install Tinc on the Pis Instructions can be found here [[Tinc]], until the creation creation of the configuration dir:
 
install Tinc on the Pis Instructions can be found here [[Tinc]], until the creation creation of the configuration dir:
  sudo mkdir -p /usr/local/etc/tinc/
  sudo mkdir -p /usr/local/etc/tinc/


* Add your chosen Node name and IP to [[HUB#IP_allocation]]
*Add your chosen Node name and IP to [[HUB#IP_allocation]]
** Student project IPs last number should have 3 digits, last one is Simon's 10.0.1.103, so you can start from there  
* Student project IPs last number should have 3 digits, last one is Simon's 10.0.1.103, so you can start from there  


* Disable ssh to your pi with password (allow ssh key only), by:
Disable ssh to your pi with password (allow ssh key only), by:
** ensuring you laptops ssh public key is in your pi ~/.ssh/authorized_keys:  
* ensuring you laptops ssh public key is in your pi ~/.ssh/authorized_keys:  
  cat  ~/.ssh/authorized_keys
  cat  ~/.ssh/authorized_keys
** ensuring you can login to the Pi with ssh key:
* ensuring you can login to the Pi with ssh key:
  ssh username@pi.ip.add -i ~/.ssh/id_rsa
  ssh username@pi.ip.add -i ~/.ssh/id_rsa
then:
* edit /etc/ssh/sshd_config:  
* edit /etc/ssh/sshd_config:  
  sudo nano /etc/ssh/sshd_config
  sudo nano /etc/ssh/sshd_config
Line 28: Line 29:
to:  
to:  
  PasswordAuthentication no
  PasswordAuthentication no
* reload ssh: `sudo systemctl reload ssh`
* reload ssh:  
sudo systemctl reload ssh
 
You up with the following info:
 
<pre>
username: nameoftheuser
Node IP: 10.0.0.???
Node name: nameofnode
ssh public key:
ssh-ed25519 ... ... nameoftheuser@laptop
</pre>
 
'''In the XVM (xpub server)'''
 
As root:
 
create an invitation node the node as described in [[HUB#Adding_a_new_thing]]
 
tinc -n hub invite $NAMEOFNODE
 
Which will generate an invitation address
 
 
'''Back In the Pi'''
 
User invitation to join the network ($INVITE_ADDRES)
 
  sudo tinc join $INVITE_ADDRES
 
Add the pi to the hub network under the chosen Node IP ($NODE.IP.ADDRS):
 
  sudo tinc -n hub add subnet $NODE.IP.ADDRS
 
edit the tinc-up file in /usr/local/etc/tinc/hub/: commenting the echo line and adding the line:
* Note: $INTERFACE should remain as is; $NODE.IP.ADDRS should be replace with the Node IP
  ifconfig $INTERFACE $NODE.IP.ADDRS netmask 255.255.255.0
* Example tinc-up file:
<source lang="bash">
#!/bin/sh
# echo 'Unconfigured tinc-up script, please edit '$0'!'
ifconfig $INTERFACE 10.0.0.105 netmask 255.255.255.0
</source>
 
Start tincd daemon:
tincd -n hub -D -d3
 
In new window, ssh again to the pi and see if you can ping other tinc nodes:
ping 10.0.0.1
 
If so Tinc is running :) yahh






'''In the XVM (xpub server)


* I will need to give invitation links to each node https://pzwiki.wdka.nl/mediadesign/HUB#Adding_a_new_thing
* ask gnd to associate your username+pub key to the Pi IP:
* ask gnd to associate your username+pub key to the Pi IP:

Revision as of 13:21, 20 April 2020

New nodes (machines) can be edited to the HUB Tinc network.

It is useful for machines (mostly Pis), without public IP addres, but which require public ssh or http access. As is the case of some students and Xpub projects

Steps to add a machine to the Tinc network

In the Pi in your Pi's create a user with same username as in the sandbox. Keeping it the same as in the sandbox - will make things easier for us and gnd

add your public ssh key to your username in the Pi (same as mentioned) to ~/.ssh/authorized_keys There is a trick to do this with

cat ~/.ssh/id_rsa.pub | ssh local.pi.IP.addr "cat >> ~/.ssh/authorized_keys"

install Tinc on the Pis Instructions can be found here Tinc, until the creation creation of the configuration dir:

sudo mkdir -p /usr/local/etc/tinc/
  • Add your chosen Node name and IP to HUB#IP_allocation
  • Student project IPs last number should have 3 digits, last one is Simon's 10.0.1.103, so you can start from there

Disable ssh to your pi with password (allow ssh key only), by:

  • ensuring you laptops ssh public key is in your pi ~/.ssh/authorized_keys:
cat  ~/.ssh/authorized_keys
  • ensuring you can login to the Pi with ssh key:
ssh username@pi.ip.add -i ~/.ssh/id_rsa
  • edit /etc/ssh/sshd_config:
sudo nano /etc/ssh/sshd_config
  • and uncomment the line:
#PasswordAuthentication no

to:

PasswordAuthentication no
  • reload ssh:

sudo systemctl reload ssh

You up with the following info:

username: nameoftheuser
Node IP: 10.0.0.???
Node name: nameofnode 
ssh public key:
ssh-ed25519 ... ... nameoftheuser@laptop

In the XVM (xpub server)

As root:

create an invitation node the node as described in HUB#Adding_a_new_thing

tinc -n hub invite $NAMEOFNODE

Which will generate an invitation address


Back In the Pi

User invitation to join the network ($INVITE_ADDRES)

  sudo tinc join $INVITE_ADDRES

Add the pi to the hub network under the chosen Node IP ($NODE.IP.ADDRS):

 sudo tinc -n hub add subnet $NODE.IP.ADDRS

edit the tinc-up file in /usr/local/etc/tinc/hub/: commenting the echo line and adding the line:

  • Note: $INTERFACE should remain as is; $NODE.IP.ADDRS should be replace with the Node IP
  ifconfig $INTERFACE $NODE.IP.ADDRS netmask 255.255.255.0
  • Example tinc-up file:
#!/bin/sh
# echo 'Unconfigured tinc-up script, please edit '$0'!'
ifconfig $INTERFACE 10.0.0.105 netmask 255.255.255.0

Start tincd daemon:

tincd -n hub -D -d3

In new window, ssh again to the pi and see if you can ping other tinc nodes:

ping 10.0.0.1

If so Tinc is running :) yahh



  • ask gnd to associate your username+pub key to the Pi IP: