 |
Third Party Remote Access
Release notes
Version 1.1.1 - General deployment
- Feature: support Master/Clone configuration (M0003645)
- Feature: support baseline 2 (M0004014)
- Feature: Initial version
Module configuration interface
create_resource_form: .:/usr/share/escaux/glue/lib:/usr/share/escaux/glue/bin/gen_wiki_documentation/src/lib:/usr/share/escaux/glue/bin/gen_wiki_documentation/src/lib/
Parameters
- SSH Server hostname: The hostname of public IP address of your SSH server
- SSH Server port: The TCP port number of the SSH server itself. May be left blank in which case the standard port 22 is assumed.
- SSH Server username: The username to use on your SSH server. May be left blank in which case 'root' is assumed.
- Forwarded ssh port: The TCP port number through which the SOP's ssh port will be made available.
- Forwarded http port: The TCP port number through which the SOP's http port will be made available.
- Forwarded app port: The TCP port number through which the SOP's "application" port will be made available. The application port can be used to connect a specialized Escaux management application. * Before version 1.1.1, Active/Standby configuration was not supported. Version 1.1.1 and upper enable also to specify a username, the ssh port, the http port and the app port for the clone.
Introduction
This module enables a reseller to maintain a management connexion between the reseller operation center and the SOP connected to the LAN of the reseller's customer in order to:- Access customer's SOP shell for troubleshooting purpose.
- Access customer's API from a single point for monitoring purpose.
- Access customer's end points (IP phones, net.Desktop, net.Console).
Installation
After installing the module, you need to copy the public key of the SOP to your SSH server:- SOP Shell > Subsystems > 3rd Party Connection > Install ssh key
- At the password prompt enter the password to login on your SSH server as the specified user.
- The public key will be appended to your server's authorized_keys file.
- If you do not receive a password prompt it may be that the SOP is already authorized, this is ok and there is no need to redo it.
- The connection should come up automatically now. It may take 30 seconds however. If you are impatient, you can stop and start the connection.
- You may verify the log using "View Log". When the last line says "Starting", the connection is established.
SSH Server Configuration Hints
Any Unix-like system running openssh can serve as an SSH Server. The ssh port must be accessible from the Internet either through a fixed public IP address or DNS name. If you only have a dynamic IP address you can setup a dynamic DNS. By default theGatewayPorts option is set to no in many distributions. This needs to be changed to yes (usually in /etc/ssh/sshd_config) to allow you to connect directly to the SOP from any PC in your LAN. Alternatively you may first login to you SSH server and then connect to the SOP through localhost.
Usage example
Suppose the following setup:
You have an SSH Server in your LAN with IP address 10.0.0.90. You have configured your firewall to forward port 2222 of your public IP address 234.56.78.90 to the SSH Server (port 22). You've created a special account on the ssh server named 'sop1'
You've configured this module:
- SSH Server hostname = 234.56.78.90
- SSH Server port = 2222
- SSH Server username = sop001
- Forwarded ssh port = 10022
- Forwarded http port = 10080
GatewayPorts yes, you can only connect to that port from the SSH Server itself.
By configuring also the http port (and using GatewayPorts) you can even connect to any web application on the SOP (filemanager, netDesktop,...). For e.g. the filemanager use http://10.0.0.90:10080/fileman.
In order to install the SSH server:
- download http://www.ubuntu.com/getubuntu/download or another place to get Ubuntu Server
- Select server
- Select standard edition
- Check 'alternate desktop CD'
- Click on download
- write the iso file on a CD
- Put the CD in a dedicated server (the data will be erased) and follow the Ubuntu installation process. Pay attention to the following steps
- IP address, netmask, gateway and DNS must be the reseller LAN IP parameters. For example the IP address in this example is 10.0.0.90.
- Create an administrator account. Example: 'reseller" with a secret password
- Choose only OPENSSH server option when installation ask this information.
- Reboot the server.
- Change /etc/ssh/sshd_config and provision a serie of users for your SOP.
sudo bash (enter the password) echo "GatewayPorts yes" >> /etc/ssh/sshd_config sudo adduser sop001 (enter password and validate all default answers to questions) Adding user `sop001' ... Adding new group `sop001' (1002) ... Adding new user `sop001' (1002) with group `sop001' ... Creating home directory `/home/sop001' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for sop001 Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [y/N] y sudo adduser sop002 sudo adduser sop003 sudo adduser sop004 sudo adduser sop005 sudo adduser sop006 sudo adduser sop007 sudo adduser sop008 sudo adduser sop009 sudo adduser sop010
- Check your administrator has configured the port forwarding correctly. Example: Public IP address 234.56.78.90 port 2222 to [Private IP address of Ubuntu Server
- Install reseller connexion on the sop as indicated in this document
- Log on the shell of the customer sop
- Go to Subsystems > 3rd Party connexion > Install ssh key
- View Log in Subsystems > 3rd Party connexion > View Log (should see 'starting' message)
- In case of problem, stop and restart the connexion via Subsystems > Reseller connexion > Stop and Start
- try to connect via ssh via the private IP address 10.0.0.90 on port 10022 as admin user for example.
Copyright © Escaux SA