HUB: Difference between revisions

From XPUB & Lens-Based wiki
Line 23: Line 23:


== Adding a new thing ==
== Adding a new thing ==
See [[XPUB_HUB_New_Nodes]]


Only ''gnd'' or ''a'' should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz.
Only ''gnd'' or ''a'' should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz.
Line 30: Line 32:


* On <code>${NODE_NAME}</code>:
* On <code>${NODE_NAME}</code>:
FIXME


== Generating a ssh pubkey for the jump user ==
== Generating a ssh pubkey for the jump user ==

Revision as of 10:27, 17 July 2020

Related pages

HUB nodes

Nodes.svg


If you still need to install Tinc follow the instructions in the page Tinc

WAT

HUB or https://hub.xpub.nl is a VPN wonder to gazillions XPUB things.

You will need to:

  • 0. Determine IP address of a new thing (see below)
  • 1. Add a new thing (see below)
  • 2. Ask user to give you preferred username & a new ssh pubkey (see below)
  • 3. Add a new jump user (see below)
  • 3. Jump user connects to his machine (see below)

Adding a new thing

See XPUB_HUB_New_Nodes


Only gnd or a should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz.

  • On xvm:
tinc -n hub invite ${NODE_NAME}
  • On ${NODE_NAME}:

Generating a ssh pubkey for the jump user

This should be done by the users themselves. This only applies to linux-like OS's. Users should be made aware what ssh keys are.

This generates a new key with a default name, so if the user already has an existing key, they should name it differently, so the existing one is not overwritten. The key should be protected by a passphrase.

ssh-keygen -t ed25519 -b 320 

Once the key is generated, we will need the public key (pubkey). Usually it would be a file called id_ed25519.pub located in ~/.ssh. Just cat the file and send us the contents.
♥♥♥ Please be aware there is also a file called id_ed25519. This is the private key. Dont ever send or disclose the private key ! ♥♥♥

cat ~/.ssh/id_ed25519.pub

You can also send id_ed25519.pub as an attachment. If you named your key differently, it will be a file called $NAME.pub

Adding a jump user on XVM

There is a script called add_jumpuser. It adds a new user on XVM, that is only allowed to ssh into the remote machine. You will need:

  • Username for the user
  • IP of the machine (see below for allocation)
  • ED25519 pubkey from the user

Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey):

/root/scripts/add_jumpuser.sh USERNAME IP 'PUBKEY'

eg.:
/root/scripts/add_jumpuser.sh lol 10.0.0.666 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE29EOVCl0/WjknAoEEEZSPUyCWQKNoXX2HCC123456 some1@host'

When removing the user on XVM:

  • userdel -r USERNAME
  • remove USERNAME from AllowUsers in sshd_config
  • restart sshd

IP allocation

  • 1-9: XPUB main servers
  • 10-99: shared machines used by the whole course (for admin or lessons or multi-user projects/libraries/etc)
  • 100-254: personal and/or grad projects machines
Subnet       Node             ???
------       ----             ---
10.0.0.1     xvm              XPUB server, tincd overlord, destroyer of pads
10.0.0.10    skattkista       Borg Central
10.0.0.11    sandbox          xpub1 sandbox (2019-2021) 
10.0.0.100   wizardcity       Aymeric
10.0.0.101   screaming        Angeliki (student 2017-2019)
10.0.0.102   warnet           Tash (student 2017-2019)  - offline
10.0.0.???   food             Alice -- misconfigured, lost in ether
10.0.0.103   bootleglib       Simon (student 2018-2020)
10.0.0.104   systers          Artemis (student 2018-2020)
10.0.0.105   watermark        Pedro (student 2018-2020)
10.0.0.106   ilinx            Tancredi (student 2018-2020)
10.0.0.107   repeater         Biyi (student 2018-2020)
10.0.0.108   netcare          Rita (student 2018-2020)
10.0.0.109   cartographies    Paloma (student 2018-2020)
10.0.0.110   loopdeloop       Steve (xpub staff)


How to SSH to HUB nodes

On the user's personal machine (where the public key was generated) just:

ssh -J xpub.nl:2501 $IP

If for any reason it doesnt work, please send us the output of:

ssh -J xpub.nl:2501 $IP -vvv

~/.ssh/config

Here is a ssh configuration which should allow you to ssh easily from your local machine to one of the Hub nodes

using only:

ssh hub.nodename

By adding to ~/.ssh/config the following configuration, and changing with the correct details:

Host hub.nodename 
User username
Hostname  10.0.0.XXX
ProxyJump username@xpub.nl:2501
Identityfile ~/.ssh/id_rsa
Serveraliveinterval 30

Where:

  • nodename: is the name you would like to give this node of hub.
  • XXX: termination if node's IP
  • username: your username in the Pi and Xpub server (should be the same)
  • ~/.ssh/id_rsa location of the private keys