Difference between revisions of "Connecting to the Server Vault"

Revision as of 04:22, 28 January 2014

These commands run inside the Linux VM.

SSHFS Installation

We first need to install sshfs:

apt-get install sshfs

Then we need to create the local alfa user. Create a file with the following in it (replace XXXXX with a password for the alfa user):

cat > alfa.cred
alfa:XXXXX:1001:1001::/home/alfa:/bin/bash

Hit Ctrl-d. Then run:

newusers -r alfa.cred

First try to ssh to the central vault host:

ssh alfa@alandfaraway.org

Type in the alfa user password for the central vault (ask IA or TA if you don't know it).

Switch to user alfa (local user) and create a vault directory:

su - alfa
mkdir vault

Switch back to root with a logout or ctrl-d.

Next, mount the vault (note you should do that only for testing as we have a better solution below that will automatically mount the vault when Linux starts): sshfs alfa@alandfaraway.org:/home/alfa/vault /home/alfa/vault -o allow_other,reconnect Type the alfa user password for the central vault.

Switch again to user alfa and try to create a file:

su - alfa
cd vault
cd test
touch test
ls -l test

If everything is okay the output of ls should look like this:

-rw-r--r-- 1 alfa alfa 0 Jun 27 21:24 test

Authentication

In order to allow reconnecting you must allow public key ssh connections (ie allow to connect without typing the password). On the game server linux box as the user called alfa type in:

ssh-keygen -t dsa

(then type three times on return (ie default name for the file, no password, no password)

Next, copy the public file over to the alandfaraway.org machine (here replace <gameserver> with the acronym of your game server - e.g. whl):

scp ~/.ssh/id_dsa.pub alandfaraway.org:<gameserver>.pub

Then connect to the alfa host:

ssh alandfaraway.org

Type in your password.

cat gameserver.pub >> .ssh/authorized_keys
exit
ssh alandfaraway.org

This time you'll connect without needing to type the password.

In order for this to apply to the root user as well do the following: Login as root using either:

sudo su -

or

su -

Create a .ssh directory if it doesn't exist, copy over the private key file, and try to connect to the alfa vault. You should be able to connect without typing the password.

mkdir ~/.ssh
cp /home/alfa/.ssh/id_dsa ~/.ssh/
ssh alfa@alandfaraway.org

Automatic Connection Script

### BEGIN INIT INFO

# Provides: sshfs

# Required-Start:    $remote_fs $syslog $network

# Required-Stop:     $remote_fs $syslog $network

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: sshfs alfa

# Description:       Automatically mounts the alfa vault using sshfs

### END INIT INFO

 

# Author: Patrice Torguet/Hialmar <torguet@gmail.com>

 

# Do NOT "set -e"

 

# PATH should only include /usr/* if it runs after the mountnfs.sh script

PATH=/sbin:/usr/sbin:/bin:/usr/bin

DESC="Automatically mounts the alfa vault using sshfs"

NAME=sshfs

DAEMON=/usr/bin/$NAME

DAEMON_ARGS="alfa@alandfaraway.org:/home/alfa/vault /home/alfa/vault -o allow_other,reconnect,ssh_command=/usr/local/bin/alfa-sshfs-ssh"

PIDFILE=/var/run/$NAME.pid

SCRIPTNAME=/etc/init.d/$NAME

 

# Exit if the package is not installed

[ -x "$DAEMON" ] || exit 0

 

# Read configuration variable file if it is present

[ -r /etc/default/$NAME ] && . /etc/default/$NAME

 

# Load the VERBOSE setting and other rcS variables

. /lib/init/vars.sh

 

# Define LSB log_* functions.

# Depend on lsb-base (>= 3.2-14) to ensure that this file is present

# and status_of_proc is working.

. /lib/lsb/init-functions

 

#

# Function that starts the daemon/service

#

do_start()

{

   # Return

   #   0 if daemon has been started

   #   1 if daemon was already running

   #   2 if daemon could not be started

 

   date >> /var/log/sshfs.log

   echo 'trying to umount' | tee -a /var/log/sshfs.log

   umount -l /home/alfa/vault || echo "umount failed with error code $?" | tee -a /var/log/sshfs.log

   echo 'cleaning mount point' | tee -a /var/log/sshfs.log

   [ -x "/home/alfa/vault_pbs" ] || mkdir /home/alfa/vault_pbs

   rmdir /home/alfa/vault || mv /home/alfa/vault "/home/alfa/vault_pbs/vault`date +-%Y-%m-%d-%Hh%Mm%Ss`"

   mkdir /home/alfa/vault && chmod a+rwx /home/alfa/vault

   echo 'calling sshfs' | tee -a /var/log/sshfs.log

   $DAEMON $DAEMON_ARGS || return 2

   date >> /var/log/sshfs.log

   echo 'sshfs done' | tee -a /var/log/sshfs.log

 

}

 

#

# Function that stops the daemon/service

#

do_stop()

{

   # Return

   #   0 if daemon has been stopped

   #   1 if daemon was already stopped

   #   2 if daemon could not be stopped

   #   other if a failure occurred

   echo 'umount' | tee -a /var/log/sshfs.log

   umount -l /home/alfa/vault || return 1

 

}

 

case "$1" in

  start)

   [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"

   do_start

   case "$?" in

      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;

      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;

   esac

   ;;

  stop)

   [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"

   do_stop

   case "$?" in

      0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;

      2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;

   esac

   ;;

  status)

       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?

       ;;

  restart|force-reload)

   #

   # If the "reload" option is implemented then remove the

   # 'force-reload' alias

   #

   log_daemon_msg "Restarting $DESC" "$NAME"

   do_stop

   case "$?" in

     0|1)

      do_start

      case "$?" in

         0) log_end_msg 0 ;;

         1) log_end_msg 1 ;; # Old process is still running

         *) log_end_msg 1 ;; # Failed to start

      esac

      ;;

     *)

        # Failed to stop

      log_end_msg 1

      ;;

   esac

   ;;

  *)

   echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2

   exit 3

   ;;

esac

 

:

You have to put it in /etc/init.d (I have named it sshfs) and chmod it (chmod a+x sshfs). Then type in:

update-rc.d -f sshfs defaults

This will add links in the rc.d directories.

Keeping Connection Alive

This is a config file for ssh that will let ssh and sshfs send keep alive messages every 15 seconds. This file should be called "config" and be in root's .ssh directory.

Host *
ServerAliveInterval 15
Host alandfaraway.info
User alfa
IdentityFile ~/.ssh/id_dsa
Host alandfaraway.org
User alfa
IdentityFile ~/.ssh/id_dsa

SSH Script for MySQL

The SSHFS connection is also used for connecting to MySQL securely. You must place the following contents in a file at /usr/local/bin/alfa-sshfs-ssh . That file will be referenced by the sshfs init script.

#!/bin/bash

a=$@
shopt -s extglob
ssh -g -L 3306:127.0.0.1:3306 ${a//-oClearAllForward*([^ ])?( )}

Make the script executable after you have pasted it in:

chmod +x /usr/local/bin/alfa-sshfs-ssh

If the Linux machine is directly connected to the Internet, specify the right interface for the port forward. Make sure to set up firewall rules for allowing port 3306 inbound, too. This should NOT be allowed inbound from the internet, just the local LAN (or Windows gameserver instance).

Sambia Install

If you need samba to access the vault continue, if you don't (Windows VM hosted on a Linux OS) you can stop here. Install Sambia:

apt-get install samba

Modify samba configuration file so that in the authentication part (it starts with ####### Authentication #######) you have the following uncommented:

 security = user

And in the Home directory related part (it starts with [homes] you should have:

 read only = no

After this you must do:

/etc/init.d/samba restart

On the windows machine you should now be able to type this in a cmd.exe:

net use z \\WindowsIP\alfa