HUB: Difference between revisions
No edit summary |
|||
Line 13: | Line 13: | ||
FIXME | FIXME | ||
== Adding a | == Adding a jump user on XVM == | ||
There is a script called add_jumpuser. It adds a new user on XVM, that is only allowed to ssh into the remote machine. You will need: | |||
* Username for the user | * Username for the user | ||
* IP of the machine (see below for allocation) | * IP of the machine (see below for allocation) | ||
Line 21: | Line 22: | ||
Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey): | Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey): | ||
<pre> | <pre> | ||
/root/scripts/add_jumpuser.sh USERNAME | /root/scripts/add_jumpuser.sh USERNAME IP 'PUBKEY' | ||
eg.: | |||
/root/scripts/add_jumpuser.sh lol 10.0.0.666 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE29EOVCl0/WjknAoEEEZSPUyCWQKNoXX2HCC123456 some1@host' | |||
</pre> | </pre> | ||
When removing the user on XVM: | |||
* userdel -r USERNAME | |||
* remove USERNAME from AllowUsers in sshd_config | |||
* restart sshd | |||
== IP allocation == | == IP allocation == |
Revision as of 12:44, 17 September 2019
WAT
HUB or https://hub.xpub.nl is a VPN wonder to gazillions XPUB things.
Adding a new thing
Only gnd or a should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz.
- On xvm:
tinc -n hub invite ${NODE_NAME}
- On
${NODE_NAME}
:
FIXME
Adding a jump user on XVM
There is a script called add_jumpuser. It adds a new user on XVM, that is only allowed to ssh into the remote machine. You will need:
- Username for the user
- IP of the machine (see below for allocation)
- ED25519 pubkey from the user
Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey):
/root/scripts/add_jumpuser.sh USERNAME IP 'PUBKEY' eg.: /root/scripts/add_jumpuser.sh lol 10.0.0.666 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE29EOVCl0/WjknAoEEEZSPUyCWQKNoXX2HCC123456 some1@host'
When removing the user on XVM:
- userdel -r USERNAME
- remove USERNAME from AllowUsers in sshd_config
- restart sshd
IP allocation
- 1-9: XPUB main servers
- 10-99: shared machines used by the whole course (for admin or lessons or multi-user projects/libraries/etc)
- 100-254: personal and/or grad projects machines
Subnet Node ??? ------ ---- --- 10.0.0.1 xvm XPUB server, tincd overlord, destroyer of pads 10.0.0.10 skattkista Borg Central 10.0.0.11 xpub2019 xpub1 sandbox (2019-2020) (Andre root) 10.0.0.100 wizardcity Aymeric 10.0.0.101 screaming Angeliki 10.0.0.102 warnet Tash 10.0.0.??? food Alice -- misconfigured, lost in ether