I was thinking about my trips and working from any place I've rich with all the stuff I have at my home. I need to start some heavy services on my local cluster to test new solutions before creating merge request to some project. My laptop can handle it more or less, but sometimes it can't. So I need to connect to my workstation and run the feature there.
Let's create user
We need a user allowed to login to our Gateway.
$ sudo useradd -m alex
...and setup password for this user
$ sudo passwd alex
Now we can try to connect to our Gateway using new credentials
$ ssh alex@gateway_ip_or_hostname
If it's alright, then disconnect using Ctrl + D or type logout in console.
Let's copy our ssh-key to the Gateway.
$ ssh-copy-id -i ~/.ssh/id_rsa alex@gateway_ip_or_hostname
...now if your try to connect with ssh alex@1gateway_ip_or_hostname command you'll automatically login without password - that's the desired result.
Setup server
Now let's setup server side (Gateway) - the device we want to connect to.
Connect to device and setup tor service:
$ sudo apt-get install tor
Then edit torrc file
$ vim /etc/tor/torrc
# /etc/tor/torrc
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 10022 127.0.0.1:22
HiddenServiceAuthorizeClient stealth hidden_service,where 10022(you can change it for your needs) is the custom port for ssh service which will be forwarded to 127.0.0.1:22 (where ssh lives by default)
Save and quit from editor.
Now restart the ssh service:
$ sudo service tor restart
...and output the hidden_service/hostname file content
$ sudo cat /var/lib/tor/hidden_service/hostname
You will see something like this:
uijthu7jdnjghudf.onion chdfkUjfdk7ndkfjs9 # client: hidden_service
First part is your onion hostname in Tor network, the second is client secret to allow to connect to our hidden_service. Copy this line somewhere and connect to your client device (device used as client to connect to server).
Setup client
Open your torrc file:
$ sudo vim /etc/tor/torrc
And add the following line: type HidServAuth and paste from your clipboard onion address
and secret
HidServAuth uijthu7jdnjghudf.onion chdfkUjfdk7ndkfjs9
Restart tor service
$ sudo service tor restart
...and try to connect to your Gateway:
$ torsocks ssh -p 10022 alex@uijthu7jdnjghudf.onion
If it's alrigh - we've done!!!
Bonus
You can shorten your command torsocks ssh ... by adding alias in your aliases file
alias ssh-tor='torsocks ssh'
Or even better (if don't want to remember all this long onion addresses)
Add to your ~/.ssh/config following lines:
# ~/.ssh/config
Host my-gateway
HostName uijthu7jdnjghudf.onion
User alex
Port 10022
ProxyCommand torsocks nc %h %pNow you can easily connect using ssh my-gateway
Let's wake target Device
So, why I've done all the things above? I want to power up and boot my home workstation and connect to it to start heavy processes.
I've enabled WOL (Wake On Lan) setting in my workstation BIOS and get my hardware ethernet device mac-address.
Connect to Gateway and setup wake up command.
- Install
etherwake
$ sudo apt-get install etherwake
- Create alias to wake our device in
~/.bash_aliases
alias wake-home="sudo etherwake ff:ff:ff:ff:ff:ff"
...where ff:ff:ff:ff:ff:ff mac-address of target device
Now I can wake my workstation using next steps:
- connect to my gateway
ssh home-gate - wake required device
wake-home
Now I'm totaly done!
Good luck with your skills...
