SSH

6. März 2021 / Stephan Post

Schlüssel anlegen

ssh-keygen
oder
ssh-keygen -b 4096

Public-Key für Login hinterlegen

In ~/.ssh den öffentlichen Schlüssel im File: authorized_keys hinterlegen.

cd ~/.ssh
vi authorized_keys

Login via ssh-key

ssh pi@10.0.1.128

Login ohne ssh-key

User: pi
Pass: FlohRaspi2021#1

Login zum Webserver vom pi aus

Auf dem Webserver ist ein User 'floh' dessen authorized_key dem öffentlichen Schlüssel des pi entspricht. In der hosts des pi sind die hostnamen

tripunlimited
trip-unlimited.de

auf die IP 134.119.8.213 gesetzt.

ssh floh@tripunlimited.de

PI - remote IP - transfer to tripunlimited.de

cd ~
./public-ip.sh
scp public-ip.txt floh@tripunlimited:/var/www/html/upcoming.tripunlimited.de/floh-ip.html

Aktuelle IP vom Floh

Unter: https://upcoming.tripunlimited.de/floh-ip.html kann die aktuelle IP des Floh gesehen werden.

Deploy via scp

scp Archiv.zip root@foto-unlimited.de:/var/www/html/kellinghusen.tripunlimited.de/release.zip

VPN Update

Keys im Agent anzeigen / hinzufügen

ssh-add -l
ssh-add ~/.ssh/id_rsa

get credentials

| ~/Projects/csi-onboarding/csi-live @ Stephans-MacBook-Pro (stephan) 
| [10:18] => ./get-vpn-credentials 
sed: 1: "etc/.ssh/ssh_config": invalid command code e
================================================================================
   if you already have vpn credentials for csi-live and want to connect
   to another vpn endpoint then you simply have to copy vpn config
   from /Users/stephan/Projects/csi-onboarding/vpn-example, then please exit here!
:: is your vpn key/certificate expired or do you need a new one? (y/N)          : y
===
Using configuration from /opt/easyrsa/openssl-1.0.cnf
Revoking Certificate 214F17142347FC90FB6B942019A437D3.
Data Base Updated
Using configuration from /opt/easyrsa/openssl-1.0.cnf
========= getting URL .. 
Generating a 2048 bit RSA private key
.....................+++
......................+++
writing new private key to '/data/pki/ca_vpnclient/private/zam_stephanpost.key.YPkQjau2Ye'
-----
Using configuration from /opt/easyrsa/openssl-1.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'DE'
stateOrProvinceName   :ASN.1 12:'Hessen'
localityName          :ASN.1 12:'Darmstadt'
organizationName      :ASN.1 12:'DTAG'
organizationalUnitName:ASN.1 12:'generic csi-live_vpnclient'
commonName            :ASN.1 12:'zam_stephanpost'
emailAddress          :IA5STRING:'noreply@telekom.de'
Certificate is to be certified until Sep 25 08:19:22 2022 GMT (375 days)

Write out database with 1 new entries
Data Base Updated
writing RSA key
========= downloading certificate .. 
================================================================================
:: Do you want to keep your current password?  (Y/n)                            : Y
===
========= following files were created for you:
-rw-r--r--  1 stephan  wheel   468 15 Sep 10:18 /tmp/csi-live.conf-helper
-rw-r--r--  1 stephan  wheel  7005 15 Sep 10:19 /tmp/csi-live.p12
-rw-r--r--  1 stephan  wheel    21 15 Sep 10:19 /tmp/csi-live.pwd

set credentials

| ~/Projects/csi-onboarding/csi-live @ Stephans-MacBook-Pro (stephan) 
| [10:20] => sudo ./set-vpn-credentials 
MAC verified OK
MAC verified OK
MAC verified OK
writing RSA key

start tunnel as ROOT

/private/etc/openvpn @ Stephans-MacBook-Pro (root)
| [10:23] => openvpn cmcms-test.conf

oder

 /private/etc/openvpn @ Stephans-MacBook-Pro 
| [10:23] => sudo openvpn cmcms-test.conf

DRAFT