From 997fa94a9516f26131ed3f68ea51e738d24db2e9 Mon Sep 17 00:00:00 2001
From: Yik Teng Hie <thyik@mitech-ltd.com.sg>
Date: Fri, 15 Sep 2023 13:33:04 +0800
Subject: [PATCH] add ubuntu jump-host-ext setup

---
 jump-host.md | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 jump-host.md

diff --git a/jump-host.md b/jump-host.md
new file mode 100644
index 0000000..f44e2d1
--- /dev/null
+++ b/jump-host.md
@@ -0,0 +1,70 @@
+# Jump Host Setup
+
+* Install Ubuntu 22.04 Server
+* Install [tailscale](https://tailscale.com/kb/1187/install-ubuntu-2204/)
+```bash
+$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
+$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
+
+# Install Tailscale:
+
+$ sudo apt-get update
+$ sudo apt-get install tailscale
+
+# Connect your machine to your Tailscale network and authenticate in your browser using `mitech5004ext@gmail.com` account
+
+$ sudo tailscale up
+# You’re connected! You can find your Tailscale IPv4 address by running:
+
+$ tailscale ip -4
+
+```
+* Setup User
+```bash
+$ sudo useradd mitechextusers
+
+```
+
+* Disable user interactive Shell by updating sshd_config
+```bash
+$ sudo nano /etc/ssh/sshd_config
+
+# Load the new configuration
+$ sudo systemctl restart ssh
+```
+
+* `/etc/ssh/sshd_config`
+```txt
+...
+Match User mitechextusers
+  PermitTTY no
+
+```
+
+* Upload user ssh key to sftp server
+
+* Login to sftp server under mitech
+* Copy uploaded ssh key from sftp server to jump-host-ext
+```bash
+$ cat ./id_rsa.pub | ssh mitechextusers@10.0.0.149 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
+```
+
+* Establish Tailscale on client machine using `mitech5004ext@gmail` account
+* On client machine, test the SSH Reverse Tunnel connection
+```bash
+$ ssh -L 3000:172.30.30.21:3000 -L 29419:172.30.30.21:29419 mitechextusers@jump-host-ext
+```
+
+* Update Client machine host file
+```txt
+127.0.0.1 dev.mitech.com.sg
+```
+
+* Browse the site [Gitea](http://dev.mitech.com.sg:3000)
+* Git clone a repo to test cloning
+
+## User credential
+
+* jump-host-ext
+  * mitech: root
+  * mitechextusers: tailscale client ssh tunnel access
\ No newline at end of file