<div dir="ltr"><div class="GmSign">On Wed, Sep 28, 2016 at 11:31 AM Tobias Pape <<a href="mailto:Das.Linux@gmx.de">Das.Linux@gmx.de</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear all<br>
<br>
[ACTIONS AT END]<br>
<br>
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.<br>
Here's the overview:<br>
<br>
=======================================================================================================================<br>
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4<br>
-----------------------------------------------------------------------------------------------------------------------<br>
ian <a href="http://ssh.squeak.org" rel="noreferrer" target="_blank">ssh.squeak.org</a> ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29<br>
alan *.<a href="http://squeak.org" rel="noreferrer" target="_blank">squeak.org</a> webserver webteam 80, 443 22 104.239.229.92 10.176.200.8<br>
adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56<br>
andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222<br>
dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150<br>
ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111<br>
david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45<br>
scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169<br>
=======================================================================================================================<br>
<br>
Currently, Levente and me have sudo on all these machines. Users with * also do.<br>
<br>
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies.<br>
How to login?<br>
<br>
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.<br>
I have installed the Public keys from most of you for the 'ssh' user on ian.<br>
<br>
Please verify by<br>
ssh -p1022 -lssh 104.130.6.82<br>
you should see<br>
restrict shell, no commands #<br>
(you get out with crtl-d, ctrl-c, or killing ssh)<br>
<br>
How to reach the other servers? Example for 'andreas'<br>
<br>
variant (1):<br>
Do a local forward by<br>
ssh -AN -L22221:<a href="http://10.176.200.8:22" rel="noreferrer" target="_blank">10.176.200.8:22</a> -p1022 -lssh 104.130.6.82<br>
and then<br>
ssh -lYOURNAME -p22221 localhost<br>
(-N maybe optional, but then you see 'restrict shell, no commands #')<br>
<br>
Or in your .ssh/config you can put<br>
<br>
Host <a href="http://ian.squeak.org" rel="noreferrer" target="_blank">ian.squeak.org</a><br>
User ssh<br>
Hostname 104.130.6.82<br>
Port 1022<br>
LocalForward 222221 <a href="http://10.176.200.8:22" rel="noreferrer" target="_blank">10.176.200.8:22</a><br>
<br>
Host <a href="http://andreas.squeak.org" rel="noreferrer" target="_blank">andreas.squeak.org</a><br>
User YOURNAME<br>
Hostname localhost<br>
Port 222221<br>
<br>
And then say 'ssh -AN <a href="http://ian.squeak.org" rel="noreferrer" target="_blank">ian.squeak.org</a>' and then 'ssh <a href="http://andreas.squeak.org" rel="noreferrer" target="_blank">andreas.squeak.org</a>'<br>
<br>
variant (2):<br>
(a) You have OpenSSH >= 7.3<br>
Do a Jump with<br>
ssh -J <a href="http://ssh@104.130.6.82:1022" rel="noreferrer" target="_blank">ssh@104.130.6.82:1022</a> <a href="mailto:YOURNAME@10.176.200.8" target="_blank">YOURNAME@10.176.200.8</a><br>
<br>
Or in your .ssh/config you can put<br>
<br>
Host <a href="http://ian.squeak.org" rel="noreferrer" target="_blank">ian.squeak.org</a><br>
User ssh<br>
Hostname 104.130.6.82<br>
Port 1022<br>
<br>
Host <a href="http://andreas.squeak.org" rel="noreferrer" target="_blank">andreas.squeak.org</a><br>
User YOURNAME<br>
Hostname 10.176.200.8<br>
ProxyJump <a href="http://ian.squeak.org" rel="noreferrer" target="_blank">ian.squeak.org</a><br>
<br>
And then say 'ssh <a href="http://andreas.squeak.org" rel="noreferrer" target="_blank">andreas.squeak.org</a>'<br>
<br>
(b) You have OpenSSH >= 5.4<br>
Do a Jump via<br>
ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" <a href="mailto:YOURNAME@10.176.200.8" target="_blank">YOURNAME@10.176.200.8</a><br>
<br>
Or in your .ssh/config you can put<br>
<br>
Host <a href="http://ian.squeak.org" rel="noreferrer" target="_blank">ian.squeak.org</a><br>
User ssh<br>
Hostname 104.130.6.82<br>
Port 1022<br>
<br>
Host <a href="http://andreas.squeak.org" rel="noreferrer" target="_blank">andreas.squeak.org</a><br>
User YOURNAME<br>
Hostname 10.176.200.8<br>
ProxyCommand ssh -W %h:%p <a href="http://ian.squeak.org" rel="noreferrer" target="_blank">ian.squeak.org</a><br>
<br>
And then say 'ssh <a href="http://andreas.squeak.org" rel="noreferrer" target="_blank">andreas.squeak.org</a>'<br></blockquote><div><br></div><div>2b works like a charm! Thanks :)</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
(c) You have OpenSSH < 5.4<br>
Use variant (1)<br>
<br>
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.<br>
<br>
[ACTION REQUIRED]<br>
<br>
- Who needs access to which servers?<br></blockquote><div><br></div><div>I would need webteam/webserver access.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
- Do we need Jenkins anymore?<br></blockquote><div><br></div><div>We moved Squeak-Trunk to TravisCI, so if there isn't anything else important still running there, I'd say no.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
As always, questions appreciated.<br>
<br>
Best regards<br>
-Tobias<br>
<br>
<br>
<br>
<br>
<br>
</blockquote></div></div>