Read the statement by Michael Teeuw here.
Remote SSH Access to the Mirrors You Give Away
-
Okay, now we have all the pieces. How does it work in practice? The basic routine goes like this:
- Start your C&C server
- Give the C&C server a couple minutes to update the DNS entry
- Connect to your C&C server via SSH
- Follow the SSH connection down to the gift mirror
- make your changes, update the OS, whatever
- disconnect from the gift pi and then disconnect from the C&C server
- stop the C&C server via the cloud server interface
Thanks to the cloud provider, the C&C server only exists when you need to connect to your remote mirror(s). Once you’re done, the C&C server is destroyed and nobody can log into it when you’re not looking.
So, to connect to the remote mirror, first start your C&C server. SSH into the C&C server and then check to see which remote mirror(s) have connected to it. Run
netstat -land see what ports are open. For example, mine looks like this:Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:domain 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:4548 0.0.0.0:* LISTEN udp 0 0 localhost:domain 0.0.0.0:* udp 0 0 ip-172-31-34-37.:bootpc 0.0.0.0:* raw6 0 0 [::]:ipv6-icmp [::]:* 7 Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] SEQPACKET LISTENING 12326 /run/udev/control unix 2 [ ACC ] STREAM LISTENING 23993 /run/user/1000/systemd/private unix 2 [ ACC ] STREAM LISTENING 23997 /run/user/1000/gnupg/S.gpg-agent ... [10 lines deleted for brevity]The line
tcp 0 0 localhost:4548 0.0.0.0:* LISTENis the reverse SSH from one of my magic mirrors that has connected up to my C&C server. That gives me a port number (4548 in this case).Connecting to the pi is easy:
ssh pi@localhost -p 4548. If i need to connect to a different mirror, I look for a different port number (each mirror must use a different port to connect to your C&C server). I’ll get the prompt to enter the password to log into the Pi and then I’m issuing commands on the remote Pi.When you’re done, remember to log out of the remote mirror and again out of your C&C server with
Ctrl+d. And once you’re out of the C&C server, use the cloud provider console to stop the server so you don’t get charged for it just sitting there, burning cycles.When I build new mirrors, I can configure them to connect to the same DNS entry which will be my C&C server a couple minutes after starting it. I only pay for as long as my C&C server is operational, which is something like $0.35/hour. Each mirror will still connect regardless of whether it is in a private home, university campus or corporate lobby.
-
[THIS SPACE INTENTIONALLY LEFT BLANK]
-
@bhepler aws also provides generated keypairs.
I just created a server the other day to host an app. I have both ssh and scp’ed to that server from windows and my mirror and my Linux machine
-
I was planning on using https://www.dataplicity.com/ for my giveaway that I am working on. For the less technical of us this may be simpler and free
-
If you have an easier way to accomplish this, I highly encourage you to write up a tutorial for us all.
-
@bhepler I have no idea at this point if it works, I just didn’t want to spend cash for this. In no way was I trying to be critical of your write up. Super detailed and if I had a reason to use a cloud provider or had a bunch to administer this would be perfect for me.
My apologies if I came across any other way.
-
@motdog - It’s all good. There is a way to do this without spending any additional money. You’ll have to modify your residential gateway to forward a port, but it should be possible. It won’t work for university students or people who do not have control over their firewall. I’ll see about writing that up later as an addendum.
-
@bhepler ok thanks. The first one I am giving away is a college student thats why dataplicity seems like the way to go for me. Hopefully it works
-
-
B bhepler referenced this topic on Jan 17, 2024, 3:30 PM
