HUB: Difference between revisions
Andre Castro (talk | contribs) |
Andre Castro (talk | contribs) |
||
Line 23: | Line 23: | ||
== Adding a new thing == | == Adding a new thing == | ||
See [[XPUB_HUB_New_Nodes]] | |||
Only ''gnd'' or ''a'' should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz. | Only ''gnd'' or ''a'' should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz. | ||
Line 30: | Line 32: | ||
* On <code>${NODE_NAME}</code>: | * On <code>${NODE_NAME}</code>: | ||
== Generating a ssh pubkey for the jump user == | == Generating a ssh pubkey for the jump user == |
Revision as of 10:27, 17 July 2020
Related pages
HUB nodes
If you still need to install Tinc follow the instructions in the page Tinc
WAT
HUB or https://hub.xpub.nl is a VPN wonder to gazillions XPUB things.
You will need to:
- 0. Determine IP address of a new thing (see below)
- 1. Add a new thing (see below)
- 2. Ask user to give you preferred username & a new ssh pubkey (see below)
- 3. Add a new jump user (see below)
- 3. Jump user connects to his machine (see below)
Adding a new thing
Only gnd or a should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz.
- On xvm:
tinc -n hub invite ${NODE_NAME}
- On
${NODE_NAME}
:
Generating a ssh pubkey for the jump user
This should be done by the users themselves. This only applies to linux-like OS's. Users should be made aware what ssh keys are.
This generates a new key with a default name, so if the user already has an existing key, they should name it differently, so the existing one is not overwritten. The key should be protected by a passphrase.
ssh-keygen -t ed25519 -b 320
Once the key is generated, we will need the public key (pubkey). Usually it would be a file called id_ed25519.pub located in ~/.ssh. Just cat the file and send us the contents.
♥♥♥ Please be aware there is also a file called id_ed25519. This is the private key. Dont ever send or disclose the private key ! ♥♥♥
cat ~/.ssh/id_ed25519.pub
You can also send id_ed25519.pub as an attachment. If you named your key differently, it will be a file called $NAME.pub
Adding a jump user on XVM
There is a script called add_jumpuser. It adds a new user on XVM, that is only allowed to ssh into the remote machine. You will need:
- Username for the user
- IP of the machine (see below for allocation)
- ED25519 pubkey from the user
Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey):
/root/scripts/add_jumpuser.sh USERNAME IP 'PUBKEY' eg.: /root/scripts/add_jumpuser.sh lol 10.0.0.666 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE29EOVCl0/WjknAoEEEZSPUyCWQKNoXX2HCC123456 some1@host'
When removing the user on XVM:
- userdel -r USERNAME
- remove USERNAME from AllowUsers in sshd_config
- restart sshd
IP allocation
- 1-9: XPUB main servers
- 10-99: shared machines used by the whole course (for admin or lessons or multi-user projects/libraries/etc)
- 100-254: personal and/or grad projects machines
Subnet Node ??? ------ ---- --- 10.0.0.1 xvm XPUB server, tincd overlord, destroyer of pads 10.0.0.10 skattkista Borg Central 10.0.0.11 sandbox xpub1 sandbox (2019-2021) 10.0.0.100 wizardcity Aymeric 10.0.0.101 screaming Angeliki (student 2017-2019) 10.0.0.102 warnet Tash (student 2017-2019) - offline 10.0.0.??? food Alice -- misconfigured, lost in ether 10.0.0.103 bootleglib Simon (student 2018-2020) 10.0.0.104 systers Artemis (student 2018-2020) 10.0.0.105 watermark Pedro (student 2018-2020) 10.0.0.106 ilinx Tancredi (student 2018-2020) 10.0.0.107 repeater Biyi (student 2018-2020) 10.0.0.108 netcare Rita (student 2018-2020) 10.0.0.109 cartographies Paloma (student 2018-2020) 10.0.0.110 loopdeloop Steve (xpub staff)
How to SSH to HUB nodes
On the user's personal machine (where the public key was generated) just:
ssh -J xpub.nl:2501 $IP
If for any reason it doesnt work, please send us the output of:
ssh -J xpub.nl:2501 $IP -vvv
~/.ssh/config
Here is a ssh configuration which should allow you to ssh easily from your local machine to one of the Hub nodes
using only:
ssh hub.nodename
By adding to ~/.ssh/config the following configuration, and changing with the correct details:
Host hub.nodename User username Hostname 10.0.0.XXX ProxyJump username@xpub.nl:2501 Identityfile ~/.ssh/id_rsa Serveraliveinterval 30
Where:
- nodename: is the name you would like to give this node of hub.
- XXX: termination if node's IP
- username: your username in the Pi and Xpub server (should be the same)
- ~/.ssh/id_rsa location of the private keys