Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
Here's the overview:
=======================================================================================================================
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
-----------------------------------------------------------------------------------------------------------------------
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
=======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies.
How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.
I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by
ssh -p1022 -lssh 104.130.6.82
you should see
restrict shell, no commands #
(you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1):
Do a local forward by
ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82
and then
ssh -lYOURNAME -p22221 localhost
(-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
LocalForward 222221 10.176.200.8:22
Host andreas.squeak.org
User YOURNAME
Hostname localhost
Port 222221
And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
variant (2):
(a) You have OpenSSH >= 7.3
Do a Jump with
ssh -J ssh@104.130.6.82:1022 YOURNAME@10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyJump ian.squeak.org
And then say 'ssh andreas.squeak.org'
(b) You have OpenSSH >= 5.4
Do a Jump via
ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME@10.176.200.8
Or in your .ssh/config you can put
Host ian.squeak.org
User ssh
Hostname 104.130.6.82
Port 1022
Host andreas.squeak.org
User YOURNAME
Hostname 10.176.200.8
ProxyCommand ssh -W %h:%p ian.squeak.org
And then say 'ssh andreas.squeak.org'
2b works like a charm! Thanks :)
(c) You have OpenSSH < 5.4
Use variant (1)
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
I would need webteam/webserver access.
- Do we need Jenkins anymore?
We moved Squeak-Trunk to TravisCI, so if there isn't anything else important still running there, I'd say no.
As always, questions appreciated.
Best regards
-Tobias