# Jump Host Setup

* Install Ubuntu 22.04 Server
* Install [tailscale](https://tailscale.com/kb/1187/install-ubuntu-2204/)
```bash
$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

# Install Tailscale:

$ sudo apt-get update
$ sudo apt-get install tailscale

# Connect your machine to your Tailscale network and authenticate in your browser using `mitech5004ext@gmail.com` account

$ sudo tailscale up
# You’re connected! You can find your Tailscale IPv4 address by running:

$ tailscale ip -4

```
* Setup User
```bash
$ sudo useradd mitechextusers

```

* Disable user interactive Shell by updating sshd_config
```bash
$ sudo nano /etc/ssh/sshd_config

# Load the new configuration
$ sudo systemctl restart ssh
```

* `/etc/ssh/sshd_config`
```txt
...
Match User mitechextusers
  PermitTTY no

```

* Upload user ssh key to sftp server under mitech user

* Login to sftp server under mitech user
* Copy uploaded ssh key from sftp server to jump-host-ext
```bash
$ cat ./id_rsa.pub | ssh mitechextusers@10.0.0.149 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
```

* Establish Tailscale on client machine using `mitech5004ext@gmail` account
* On client machine, test the SSH Reverse Tunnel connection
```bash
$ ssh -L 3000:172.30.30.21:3000 -L 29419:172.30.30.21:29419 mitechextusers@jump-host-ext
```

* Update Client machine host file
```txt
127.0.0.1 dev.mitech.com.sg
```

* Browse the site [Gitea](http://dev.mitech.com.sg:3000)
* Git clone a repo to test cloning

## User credential

* jump-host-ext
  * mitech: root
  * mitechextusers: tailscale client ssh tunnel access