demo
/
scm-setup
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
scm-setup/jump-host.md

70 lines
1.8 KiB
Markdown
Raw Permalink Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Jump Host Setup
* Install Ubuntu 22.04 Server
* Install [tailscale](https://tailscale.com/kb/1187/install-ubuntu-2204/)
```bash
$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
# Install Tailscale:
$ sudo apt-get update
$ sudo apt-get install tailscale
# Connect your machine to your Tailscale network and authenticate in your browser using `mitech5004ext@gmail.com` account
$ sudo tailscale up
# Youre connected! You can find your Tailscale IPv4 address by running:
$ tailscale ip -4
```
* Setup User
```bash
$ sudo useradd mitechextusers
```
* Disable user interactive Shell by updating sshd_config
```bash
$ sudo nano /etc/ssh/sshd_config
# Load the new configuration
$ sudo systemctl restart ssh
```
* `/etc/ssh/sshd_config`
```txt
...
Match User mitechextusers
PermitTTY no
```
* Upload user ssh key to sftp server under mitech user
* Login to sftp server under mitech user
* Copy uploaded ssh key from sftp server to jump-host-ext
```bash
$ cat ./id_rsa.pub | ssh mitechextusers@10.0.0.149 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
```
* Establish Tailscale on client machine using `mitech5004ext@gmail` account
* On client machine, test the SSH Reverse Tunnel connection
```bash
$ ssh -L 3000:172.30.30.21:3000 -L 29419:172.30.30.21:29419 mitechextusers@jump-host-ext
```
* Update Client machine host file
```txt
127.0.0.1 dev.mitech.com.sg
```
* Browse the site [Gitea](http://dev.mitech.com.sg:3000)
* Git clone a repo to test cloning
## User credential
* jump-host-ext
* mitech: root
* mitechextusers: tailscale client ssh tunnel access
Reference in New Issue View Git Blame Copy Permalink