Hey Chris,
On 29.09.2016, at 05:10, Chris Muller asqueaker@gmail.com wrote:
Hey Tobias,
=======================================================================================================================
Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
...
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22(10.176.200.8 is alan, not andreas and 222221 is not a valid port number, but I got your point).
Yes, sorry, you're right in both instance. I noticed too late.
Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221 And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'However, my access failed:
======================= ssh andreas.squeak.org The authenticity of host '[localhost]:22221 ([127.0.0.1]:22221)' can't be established. ECDSA key fingerprint is a3:05:db:9d:51:b0:53:a9:4e:98:94:df:ff:34:09:2a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[localhost]:22221' (ECDSA) to the list of known hosts. Permission denied (publickey). ========================
Could you double check my ssh key?
My bad. I had actually forgotten to create that account. I created it now, please re-check.
... We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
I assume you will not carry forward the chroot directory structure from "box3".
I would rather be in favour to pour down a full bottle of Lagavulin down the drain than trying to piggyback boxes again without need :D
Are you planning to collaborate with the volunteers or do some kind of hand-off after the rsync or take everything completely across the finish-line?
I (or we?) will surely help where possible.
[ACTION REQUIRED]
- Who needs access to which servers?
I would like access, including sudo, to dan and ted, please.
Ted because of map and wiki, right? Can you please explain why dan? Is the sudo necessary for anything else than installing packages? (Sorry for asking, but I'd like to have not too many sudoers on the machines during the moves. Not because of distrust but because of losing track).
Anyway, thanks for stepping forward and helping. :)
Best regards -Tobias
- Chris