Differences

This shows you the differences between two versions of the page.

--- public:radio:svx [22/05/22 00:57 BST] – gm4slv
+++ public:radio:svx [26/04/23 14:52 BST] (current) – removed john
@@ Line 1: / Line 1: @@
-====== GM4SLV / svx ======
-|Raspberry Pi|
-|SVXLink|
-|CM108 soundcard|
-|IC-2E|
-Remote/portable //personal// node.
-Similar setup to [[aze|MB7AZE]] but without the connection to ''Echolink'' and monitoring fewer TalkGroups. I use TG 8 as a
-testing ground to keep my traffic off the rest of the system.
-Usual method of deployment is to use a small //MiFi 4G router// as an access point to let the Raspberry Pi reach the internet.
-When this MiFi router is in use the node is on an inaccessible network and I can't reach it to make changes or shut it down.
-=== The answer is SSH Tunnels ===
-I use a "Remote SSH Tunnel" to get access to it from my home LAN.
-The idea is that the remote node makes an outgoing SSH connection, to a machine on my LAN. I have an open port in the router forwarded to an internal machine for SSH access when I'm away from home. This is straightforward, and the remote Pi can //easily// create a SSH session on to my PC in the shack.
-''ssh -p xxxxx my.external.host.name''
-Along with this //incoming// SSH connection from the remote node is also a request to set up a //"Remote Tunnel"// which makes the internal Shack PC  set up a //listening SSH port//. After this is done, any connection to this new listening port will be sent //backwards// to the __remote node__, **//tunnelling within//** the existing SSH connection.
-This //tunnel// will now accept incoming connections from  machines //inside// my LAN and __forward them to the remote node__. I can now effectively SSH to the remote SVXLink node as if it were on my LAN in the shack.
-The magic is all done in SSH, but to make it more robust I use a package called ''autossh'' which is a wrapper around ''SSH'' that monitors for loss of the tunnel connection and initiates a new connection automatically if it should fail for any reason.
-Here is the script that fires it all off:
-''tunnel.sh''
-<code bash>
-#!/bin/bash
-autossh -M 20000 -N -T gm4slv_tunnel
-</code>
-Simple enough, but effective.
-The ''gm4slv_tunnel'' is connection defined in ''.ssh/config'' as:
-<code bash>
-Host gm4slv_tunnel
-	HostName gm4slv.plus.com
-	User gm4slv
-	Port xxxxx
-	RemoteForward 4446 localhost:22
-	RemoteForward 8080 192.168.0.1:80
-</code>
-This sets up a remote tunnel, listening on port 4446 of my shack PC that will be forwarded back up the SSH connection to the SVXLink Raspberry Pi.
-It also sets up a listening port 8080 which gives me ''http'' access to the 4G MiFi router at the remote site in case I want to shut it down or reboot it or whatever. I just browse to ''http://my_shack_pc:8080'' and I'm actually logged into the MiFi router. Magic!
-''etc/ssh/sshd_conf'' needs to have ''Gateway Ports yes'' to allow the Shack PC to accept connections to its new //remote listening// ports (4446 for SSH and 8080 for HTTP) from other LAN machines, __otherwise these ports would only be accessible to the Shack PC itself__ (on "localhost:4446" or "localhost:8080")
-To allow an unattended/automatic login //from// the remote Raspberry Pi //to// the Shack PC it's necessary to set up public_key authentication and to have a //passphrase-less// key on the Raspberry Pi.
-Generate a public/private key pair on the Raspberry Pi with ''ssh-keygen'' and don't enter a //passphrase// before saving it in ''.ssh/id_rsa'' and ''.ssh/id_rsa.pub''. Then transfer a copy of ''.ssh/id_rsa.pub'' //from// the Raspberry Pi //to// the Shack PC and put it in the ''authorized_keys2'' file:
-(on Raspberry Pi):
-''$ scp .ssh/id_rsa.pub user@shack_pc:''
-enter password etc. to do the initial ''scp'' transfer
-(on Shack PC)
-''$ cat id_rsa.pub >> .ssh/authorized_keys2''
-then any further SSH or SCP sessions //from// the Rasperry Pi //to// the Shack PC //should// occur without any need for
-passwords.
-The Pi is now set up for automatic SSH Remote Tunnel - as long as the script is run at boot time:
-Crontab is used to fire off the tunnel //and// start SVXLink @reboot
-<code bash>
-@reboot sleep 60 && sudo -u gm4slv /home/gm4slv/tunnel.sh 2>&1
-@reboot sleep 30 && sudo -u gm4slv /home/gm4slv/svx_ref.sh >/dev/null 2>&1
-</code>
-To check the Tunnel is up you look at ''netstat -ntl'' on the Shack PC:
-<code bash>
-gm4slv@laptop:~ $ sudo netstat -ntlp
-Active Internet connections (only servers)
-Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
-tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      854/sshd: /usr/sbin
-tcp        0      0 0.0.0.0:631             0.0.0.0:*               LISTEN      167630/cupsd
-tcp        0      0 0.0.0.0:23              0.0.0.0:*               LISTEN      761/inetd
-tcp        0      0 0.0.0.0:17500           0.0.0.0:*               LISTEN      62324/dropbox
-tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      1134/smbd
-tcp        0      0 0.0.0.0:4446            0.0.0.0:*               LISTEN      2537/sshd: gm4slv
-tcp        0      0 127.0.0.1:17600         0.0.0.0:*               LISTEN      62324/dropbox
-tcp        0      0 0.0.0.0:20000           0.0.0.0:*               LISTEN      2537/sshd: gm4slv
-tcp        0      0 0.0.0.0:514             0.0.0.0:*               LISTEN      647/rsyslogd
-tcp        0      0 127.0.0.1:17603         0.0.0.0:*               LISTEN      62324/dropbox
-tcp        0      0 127.0.0.1:2947          0.0.0.0:*               LISTEN      1/init
-tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      1134/smbd
-tcp        0      0 0.0.0.0:27659           0.0.0.0:*               LISTEN      854/sshd: /usr/sbin
-tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/init
-tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      2537/sshd: gm4slv
-</code>
-SSH is listening on ports ''4446, 20000 and 8080'' which proves it's up and running.
-Port 20000 (and 20001) is used by ''autossh'' to handle its "is the tunnel still up" packets.
-From the Shack PC I can ''ssh localhost -p 4446'' and reach the remove Pi, hostname ''svx''
-<code bash>
-gm4slv@laptop:~ $ ssh localhost -p 4446
-Linux svx 5.15.32-v7+ #1538 SMP Thu Mar 31 19:38:48 BST 2022 armv7l
-The programs included with the Debian GNU/Linux system are free software;
-the exact distribution terms for each program are described in the
-individual files in /usr/share/doc/*/copyright.
-Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
-permitted by applicable law.
-Last login: Wed May  4 14:28:06 2022 from 127.0.0.1
-gm4slv@svx:~ $ who
-gm4slv   pts/0        2022-05-04 14:35 (127.0.0.1)
-gm4slv@svx:~ $ whoami
-gm4slv
-gm4slv@svx:~ $ ls
-backup         greeting.wav   id_rsa.pub    id_svx.pub  node_info.json      svxlink          svxlink.log        svxlink-sounds-en_US-heather      svx_ref.sh
-backup.tar     hosts          id_sdr.pub    log1.log    ReflectorLogic.tcl  svxlink.conf     svxlink_noel.conf  svxlink-sounds-en_US-heather.tar  tunnel.sh
-git_backup.sh  id_laptop.pub  id_shack.pub  Logic.tcl   svx_el.sh           svxlink_el.conf  svxlink_ref.conf   svx_noel.sh
-gm4slv@svx:~ $
-</code>
- //[[gm4slv@gm4slv.plus.com|John Pumford-Green]] Wed May  4 11:25:01 2022//
-Page Updated : ~~LASTMOD~~
-{{tag>radio pi svxlink linux ssh}}