|
|
| Line 3: |
Line 3: |
| It is useful for machines (mostly Pis), without public IP addres, but which require public ssh or http access. As is the case of some students and Xpub projects | | It is useful for machines (mostly Pis), without public IP addres, but which require public ssh or http access. As is the case of some students and Xpub projects |
|
| |
|
| =Steps to add a machine to the Tinc network=
| | See instructions at [[Tinc]] page |
|
| |
|
| '''In the Pi'''
| | Transclusion: |
| in your Pi's create a user with same username as in the sandbox. Keeping it the same as in the sandbox - will make things easier for us and gnd
| |
|
| |
|
| add your public ssh key to your username in the Pi (same as mentioned) to ~/.ssh/authorized_keys
| | {{Tinc}} |
| There is a trick to do this with
| |
| cat ~/.ssh/id_rsa.pub | ssh local.pi.IP.addr "cat >> ~/.ssh/authorized_keys"
| |
| | |
| install Tinc on the Pis Instructions can be found here [[Tinc]], until the creation creation of the configuration dir:
| |
| sudo mkdir -p /usr/local/etc/tinc/
| |
| | |
| *Add your chosen Node name and IP to [[HUB#IP_allocation]]
| |
| * Student project IPs last number should have 3 digits, last one is Simon's 10.0.1.103, so you can start from there
| |
| | |
| Disable ssh to your pi with password (allow ssh key only), by:
| |
| * ensuring you laptops ssh public key is in your pi ~/.ssh/authorized_keys:
| |
| cat ~/.ssh/authorized_keys
| |
| * ensuring you can login to the Pi with ssh key:
| |
| ssh username@pi.ip.add -i ~/.ssh/id_rsa
| |
| * edit /etc/ssh/sshd_config:
| |
| sudo nano /etc/ssh/sshd_config
| |
| * and uncomment the line:
| |
| #PasswordAuthentication no
| |
| to:
| |
| PasswordAuthentication no
| |
| * reload ssh:
| |
| sudo systemctl reload ssh
| |
| | |
| You up with the following info:
| |
| | |
| <pre>
| |
| username: nameoftheuser
| |
| Node IP: 10.0.0.???
| |
| Node name: nameofnode
| |
| ssh public key:
| |
| ssh-ed25519 ... ... nameoftheuser@laptop
| |
| </pre>
| |
| | |
| '''In the XVM (xpub server)'''
| |
| | |
| As root:
| |
| | |
| create an invitation node the node as described in [[HUB#Adding_a_new_thing]]
| |
| | |
| tinc -n hub invite $NAMEOFNODE
| |
| | |
| Which will generate an invitation address
| |
| | |
| | |
| '''Back In the Pi'''
| |
| | |
| User invitation to join the network ($INVITE_ADDRES)
| |
| | |
| sudo tinc join $INVITE_ADDRES
| |
| | |
| Add the pi to the hub network under the chosen Node IP ($NODE.IP.ADDRS):
| |
| | |
| sudo tinc -n hub add subnet $NODE.IP.ADDRS
| |
| | |
| edit the tinc-up file in /usr/local/etc/tinc/hub/: commenting the echo line and adding the line:
| |
| * Note: $INTERFACE should remain as is; $NODE.IP.ADDRS should be replace with the Node IP
| |
| ifconfig $INTERFACE $NODE.IP.ADDRS netmask 255.255.255.0
| |
| * Example tinc-up file:
| |
| <source lang="bash">
| |
| #!/bin/sh
| |
| # echo 'Unconfigured tinc-up script, please edit '$0'!'
| |
| ifconfig $INTERFACE 10.0.0.105 netmask 255.255.255.0
| |
| </source>
| |
| | |
| Start tincd daemon:
| |
| tincd -n hub -D -d3
| |
| | |
| In new window, ssh again to the pi and see if you can ping other tinc nodes:
| |
| ping 10.0.0.1
| |
| | |
| If so Tinc is running :) yahh
| |
| | |
| | |
| | |
| | |
| * ask gnd to associate your username+pub key to the Pi IP:
| |
