I was thinking about my trips and working from any place I've rich with all the stuff I have at my home. I need to start some heavy services on my local cluster to test new solutions before creating merge request to some project. My laptop can handle it more or less, but sometimes it can't. So I need to connect to my workstation and run the feature there.

Let's create user

We need a user allowed to login to our Gateway.

$ sudo useradd -m alex

...and setup password for this user

$ sudo passwd alex

Now we can try to connect to our Gateway using new credentials

$ ssh alex@gateway_ip_or_hostname

If it's alright, then disconnect using Ctrl + D or type logout in console.

Let's copy our ssh-key to the Gateway.

$ ssh-copy-id -i ~/.ssh/id_rsa alex@gateway_ip_or_hostname

...now if your try to connect with ssh alex@1gateway_ip_or_hostname command you'll automatically login without password - that's the desired result.

Setup server

Now let's setup server side (Gateway) - the device we want to connect to.

Connect to device and setup tor service:

$ sudo apt-get install tor

Then edit torrc file

$ vim /etc/tor/torrc

# /etc/tor/torrc
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 10022 127.0.0.1:22
HiddenServiceAuthorizeClient stealth hidden_service

,where 10022(you can change it for your needs) is the custom port for ssh service which will be forwarded to 127.0.0.1:22 (where ssh lives by default)

Save and quit from editor.

Now restart the ssh service:

$ sudo service tor restart

...and output the hidden_service/hostname file content

$ sudo cat /var/lib/tor/hidden_service/hostname

You will see something like this:

uijthu7jdnjghudf.onion chdfkUjfdk7ndkfjs9 # client: hidden_service

First part is your onion hostname in Tor network, the second is client secret to allow to connect to our hidden_service. Copy this line somewhere and connect to your client device (device used as client to connect to server).

Setup client

Open your torrc file:

$ sudo vim /etc/tor/torrc

And add the following line: type HidServAuth and paste from your clipboard onion address and secret

HidServAuth uijthu7jdnjghudf.onion chdfkUjfdk7ndkfjs9

Restart tor service

$ sudo service tor restart

...and try to connect to your Gateway:

$ torsocks ssh -p 10022 alex@uijthu7jdnjghudf.onion

If it's alrigh - we've done!!!

Bonus

You can shorten your command torsocks ssh ... by adding alias in your aliases file

alias ssh-tor='torsocks ssh'

Or even better (if don't want to remember all this long onion addresses)

Add to your ~/.ssh/config following lines:

# ~/.ssh/config

Host my-gateway
  HostName uijthu7jdnjghudf.onion
  User alex
  Port 10022
  ProxyCommand torsocks nc %h %p

Now you can easily connect using ssh my-gateway

Let's wake target Device

So, why I've done all the things above? I want to power up and boot my home workstation and connect to it to start heavy processes.

I've enabled WOL (Wake On Lan) setting in my workstation BIOS and get my hardware ethernet device mac-address.

Connect to Gateway and setup wake up command.

  1. Install etherwake

$ sudo apt-get install etherwake

  1. Create alias to wake our device in ~/.bash_aliases

alias wake-home="sudo etherwake ff:ff:ff:ff:ff:ff"

...where ff:ff:ff:ff:ff:ff mac-address of target device

Now I can wake my workstation using next steps:

  • connect to my gateway ssh home-gate
  • wake required device wake-home

Now I'm totaly done!

Good luck with your skills...

Предыдущая запись