[Box-Admins] Access to the new server(s)
Tobias Pape
Das.Linux at gmx.de
Thu Sep 29 06:27:53 UTC 2016
Hey Chris,
On 29.09.2016, at 05:10, Chris Muller <asqueaker at gmail.com> wrote:
> Hey Tobias,
>
> =======================================================================================================================
>> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
>> -----------------------------------------------------------------------------------------------------------------------
>> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
>> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
>> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
>> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
>> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
>> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
>> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
>> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
>> =======================================================================================================================
>
>> ...
>
>> Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.
>> I have installed the Public keys from most of you for the 'ssh' user on ian.
>>
>> Please verify by
>> ssh -p1022 -lssh 104.130.6.82
>> you should see
>> restrict shell, no commands #
>> (you get out with crtl-d, ctrl-c, or killing ssh)
>>
>> How to reach the other servers? Example for 'andreas'
>>
>> variant (1):
>> Do a local forward by
>> ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82
>> and then
>> ssh -lYOURNAME -p22221 localhost
>> (-N maybe optional, but then you see 'restrict shell, no commands #')
>>
>> Or in your .ssh/config you can put
>>
>> Host ian.squeak.org
>> User ssh
>> Hostname 104.130.6.82
>> Port 1022
>> LocalForward 222221 10.176.200.8:22
>
> (10.176.200.8 is alan, not andreas and 222221 is not a valid port
> number, but I got your point).
Yes, sorry, you're right in both instance. I noticed too late.
>
>> Host andreas.squeak.org
>> User YOURNAME
>> Hostname localhost
>> Port 222221
>>
>>
>> And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
>
> However, my access failed:
>
> =======================
> ssh andreas.squeak.org
> The authenticity of host '[localhost]:22221 ([127.0.0.1]:22221)' can't
> be established.
> ECDSA key fingerprint is a3:05:db:9d:51:b0:53:a9:4e:98:94:df:ff:34:09:2a.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '[localhost]:22221' (ECDSA) to the list of
> known hosts.
> Permission denied (publickey).
> ========================
>
> Could you double check my ssh key?
My bad. I had actually forgotten to create that account. I created it now, please re-check.
>
>> ...
>> We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
>
> I assume you will not carry forward the chroot directory structure
> from "box3".
I would rather be in favour to pour down a full bottle of Lagavulin down the drain than trying to piggyback boxes again without need :D
> Are you planning to collaborate with the volunteers or
> do some kind of hand-off after the rsync or take everything completely
> across the finish-line?
I (or we?) will surely help where possible.
>
>> [ACTION REQUIRED]
>>
>> - Who needs access to which servers?
>
> I would like access, including sudo, to dan and ted, please.
Ted because of map and wiki, right?
Can you please explain why dan?
Is the sudo necessary for anything else than installing packages?
(Sorry for asking, but I'd like to have not too many sudoers on the machines during the moves. Not because of distrust but because of losing track).
Anyway, thanks for stepping forward and helping. :)
Best regards
-Tobias
>
> - Chris
More information about the Box-Admins
mailing list