Radarcape:SSH Tunneling: Difference between revisions

From Beast Wiki
Jump to navigation Jump to search
imported>Dl4mea
imported>Dl4mea
Line 3: Line 3:
== Firewall Port Opening ==
== Firewall Port Opening ==


Of course you can open the firewall (port mapping) into the remote network. And you need to give it a DNS name, as for most networks the IP adress is not stable. Unfortunately that weakens its security, and sometimes the administrator/owner of the far end local network does not permit doing so.
One way to achieve access is to open the firewall into the remote network. This is known as port mapping. Therefore, consult your router/firewall manual and enter the ports required into the mapping table. In most cases it also is necessary to give it a DNS name, as mostly the IP adress is not stable. Unfortunately that weakens its security, and sometimes the administrator/owner of the far end local network does not permit doing so.


== Tunneling of the receiver access through firewalls (SSH tunneling) ==
== Tunneling of the receiver access through firewalls (SSH tunneling) ==

Revision as of 13:11, 4 October 2013

Imagine you know a remote location with internet access, someway far off and not reachable from your home network, where you like to place a Radarcape. Unfortunately this network is not directly accessible from your home network, as no domain name (like modesbeast.com) is given to it. In that case you can let the Radarcape establish a tunnel connection to a known address, reachable by both, the user and the Radarcape. Such a SSH tunnel is secured by SSH, and this is the common way in networking.

Firewall Port Opening

One way to achieve access is to open the firewall into the remote network. This is known as port mapping. Therefore, consult your router/firewall manual and enter the ports required into the mapping table. In most cases it also is necessary to give it a DNS name, as mostly the IP adress is not stable. Unfortunately that weakens its security, and sometimes the administrator/owner of the far end local network does not permit doing so.

Tunneling of the receiver access through firewalls (SSH tunneling)

EXPERTS ONLY

Installation of a SSH tunnel

The SSH tunnel is a way to prepare a connection without opening a firewall. With this methode, the Radarcape establishes a connection to a given server and provides its ports right there.

Radarcape essentials

First, generate a SSH key pair on the local Radarcape

cd ~/.ssh
dropbearkey -t rsa -f id_rsa

Set attributes of ~, .ssh and authorized_keys are set to 600.

Server essentials

The server is the common connection point for the user and the Radarcape. It is not necessarily a computer for its own, it can even be the computer.

Next, copy the public key given from above command to the server folder ~/.ssh/authorized_keys. Mind that the attributes of ~, .ssh and authorized_keys are set to 600. If correctly done, you must be able to login via ssh from the Radarcape to the server without entering a password. As long as this does not work, there is still some fault.

Radarcape 2nd step

On the local Radarcape, add the command below to cape.sh. Remember that cape.sh runs without user settings, so you need to specify the path to the SSH key absolute.

./autossh -M 6667 -f -p <server_ssh_port> -i /home/root/.ssh/id_rsa -N -R *:8002:localhost:80 -R *:1302:localhost:10003 -R *:2202:localhost:22 root@<server_domain> & 

Now the local Radarcape's ports 80, 10003 and 22 are accessible on <server_domain> under port 8002, 1302 and 2202.

Server Settings

If the server is also a Radarcape, and in case that you want to get access from external devices to the ports through the tunnel, you need to add switch "-a" to the dropbear startup file /lib/systemd/system/[email protected].




Radarcape:Contents