HUB: Difference between revisions

From XPUB & Lens-Based wiki
No edit summary
Line 13: Line 13:
FIXME
FIXME


== Adding a jumpuser on XVM ==
== Adding a jump user on XVM ==
 
There is a script called add_jumpuser. It adds a new user on XVM, that is only allowed to ssh into the remote machine. You will need:


There is a script called add_jumpuser. You will need:
* Username for the user
* Username for the user
* IP of the machine (see below for allocation)
* IP of the machine (see below for allocation)
Line 21: Line 22:


Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey):
Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey):
<pre>
<pre>
/root/scripts/add_jumpuser.sh USERNAME RPI_IP 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE29EOVCl0/WjknAoEEEZSPUyCWQKNoXX2HCC123456 some1@host'
/root/scripts/add_jumpuser.sh USERNAME IP 'PUBKEY'
 
eg.:
/root/scripts/add_jumpuser.sh lol 10.0.0.666 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE29EOVCl0/WjknAoEEEZSPUyCWQKNoXX2HCC123456 some1@host'
</pre>
</pre>
When removing the user on XVM:
* userdel -r USERNAME
* remove USERNAME from AllowUsers in sshd_config
* restart sshd


== IP allocation ==
== IP allocation ==

Revision as of 12:44, 17 September 2019

WAT

HUB or https://hub.xpub.nl is a VPN wonder to gazillions XPUB things.

Adding a new thing

Only gnd or a should do that. Also we will only add things that can only be ssh'ed via keys, no passwd logins plz.

  • On xvm:
tinc -n hub invite ${NODE_NAME}
  • On ${NODE_NAME}:

FIXME

Adding a jump user on XVM

There is a script called add_jumpuser. It adds a new user on XVM, that is only allowed to ssh into the remote machine. You will need:

  • Username for the user
  • IP of the machine (see below for allocation)
  • ED25519 pubkey from the user

Once you have all of this, just run on XVM (note the single quotes around the ssh pubkey):

/root/scripts/add_jumpuser.sh USERNAME IP 'PUBKEY'

eg.:
/root/scripts/add_jumpuser.sh lol 10.0.0.666 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE29EOVCl0/WjknAoEEEZSPUyCWQKNoXX2HCC123456 some1@host'

When removing the user on XVM:

  • userdel -r USERNAME
  • remove USERNAME from AllowUsers in sshd_config
  • restart sshd

IP allocation

  • 1-9: XPUB main servers
  • 10-99: shared machines used by the whole course (for admin or lessons or multi-user projects/libraries/etc)
  • 100-254: personal and/or grad projects machines
Subnet       Node         ???
------       ----         ---
10.0.0.1     xvm          XPUB server, tincd overlord, destroyer of pads
10.0.0.10    skattkista   Borg Central
10.0.0.11    xpub2019     xpub1 sandbox (2019-2020) (Andre root)
10.0.0.100   wizardcity   Aymeric
10.0.0.101   screaming    Angeliki
10.0.0.102   warnet       Tash
10.0.0.???   food         Alice -- misconfigured, lost in ether