[Box-Admins] Access to the new server(s)

Chris Muller asqueaker at gmail.com
Thu Sep 29 03:10:20 UTC 2016 

Hey Tobias,

=======================================================================================================================
> Name    Name (ext)      intended use    Unix Users      Public Ports    Private Ports   Public IPv4     Private IPv4
> -----------------------------------------------------------------------------------------------------------------------
> ian     ssh.squeak.org  ssh-gateway     ssh             1022            22              104.130.6.82    10.208.225.29
> alan    *.squeak.org    webserver       webteam         80, 443         22              104.239.229.92  10.176.200.8
> adele   lists....       mailinglists    (tbd)           25, 587, 465    22, 8080        162.242.237.43  10.208.160.56
> andreas --------        source.squeak   chrismuller*    --------        22, 8080        irrelevant      10.208.161.222
> dan     --------        squeaksource    davidlewis*     --------        22, 8080        irrelevant      10.176.197.150
> ted     --------        squeak wiki+map (tbd)           --------        22, 8080, 8081  irrelevant      10.176.130.111
> david   --------        jenkins         (tbd)           --------        22, 8080        irrelevant      10.208.194.45
> scott   --------        misc            (tbd)           --------        22, 8080, 8081  irrelevant      10.176.199.169
> =======================================================================================================================

> ...

> Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.
> I have installed the Public keys from most of you for the 'ssh' user on ian.
>
> Please verify by
>         ssh -p1022 -lssh 104.130.6.82
> you should see
>         restrict shell, no commands #
> (you get out with crtl-d, ctrl-c, or killing ssh)
>
> How to reach the other servers? Example for 'andreas'
>
> variant (1):
>         Do a local forward by
>                 ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82
>         and then
>                 ssh -lYOURNAME -p22221 localhost
>         (-N maybe optional, but then you see 'restrict shell, no commands #')
>
>         Or in your .ssh/config you can put
>
>         Host ian.squeak.org
>           User ssh
>           Hostname 104.130.6.82
>           Port 1022
>           LocalForward 222221 10.176.200.8:22

(10.176.200.8 is alan, not andreas and 222221 is not a valid port
number, but I got your point).

>         Host andreas.squeak.org
>           User YOURNAME
>           Hostname localhost
>           Port 222221
>
>
>         And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'

However, my access failed:

=======================
ssh andreas.squeak.org
The authenticity of host '[localhost]:22221 ([127.0.0.1]:22221)' can't
be established.
ECDSA key fingerprint is a3:05:db:9d:51:b0:53:a9:4e:98:94:df:ff:34:09:2a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:22221' (ECDSA) to the list of
known hosts.
Permission denied (publickey).
========================

Could you double check my ssh key?

> ...
> We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.

I assume you will not carry forward the chroot directory structure
from "box3".  Are you planning to collaborate with the volunteers or
do some kind of hand-off after the rsync or take everything completely
across the finish-line?

> [ACTION REQUIRED]
>
> - Who needs access to which servers?

I would like access, including sudo, to dan and ted, please.

 - Chris

More information about the Box-Admins mailing list