Reverse ssh : Accéder à un serveur derrière un NAT - Firewall : Différence entre versions
De wikiGite
Ligne 1 : | Ligne 1 : | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Service au démarrage de A == | == Service au démarrage de A == | ||
Ligne 35 : | Ligne 13 : | ||
− | |||
− | |||
− | + | Créer un script dans /etc/init.d/autosshd | |
− | <source lang="bash">ssh -NR | + | |
+ | <source lang="bash"> | ||
+ | #! /bin/bash | ||
+ | ### BEGIN INIT INFO | ||
+ | # Provides: autosshd | ||
+ | # Required-Start: $local_fs $remote_fs $network $syslog | ||
+ | # Required-Stop: $local_fs $remote_fs $network $syslog | ||
+ | # Default-Start: 2 3 4 5 | ||
+ | # Default-Stop: 0 1 6 | ||
+ | # Short-Description: starts the autossh daemon | ||
+ | # Description: starts autossh | ||
+ | ### END INIT INFO | ||
+ | |||
+ | DAEMON_OPTS="-i /root/.ssh/id_dsa -NR 22222:localhost:22 userssh@serveurB &" | ||
+ | NAME=autossh | ||
+ | DESC="Autossh daemon" | ||
+ | PID=/tmp/autossh.pid | ||
+ | |||
+ | case "$1" in | ||
+ | start) | ||
+ | CD_TO_APP_DIR="cd /home/gitlab/gitlab" | ||
+ | START_DAEMON_PROCESS="/var/lib/gems/1.9.1/bin/bundle exec unicorn_rails $DAEMON_OPTS" | ||
+ | START_RESQUE_PROCESS="./resque.sh" | ||
+ | |||
+ | echo -n "Starting $DESC: " | ||
+ | if [ `whoami` = root ]; then | ||
+ | sudo -u gitlab sh -c "$CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS && $START_RESQUE_PROCESS" | ||
+ | else | ||
+ | $CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS && $START_RESQUE_PROCESS | ||
+ | fi | ||
+ | echo "$NAME." | ||
+ | ;; | ||
+ | stop) | ||
+ | echo -n "Stopping $DESC: " | ||
+ | kill -QUIT `cat $PID` | ||
+ | kill -QUIT `cat $RESQUE_PID` | ||
+ | echo "$NAME." | ||
+ | ;; | ||
+ | restart) | ||
+ | echo -n "Restarting $DESC: " | ||
+ | kill -USR2 `cat $PID` | ||
+ | kill -USR2 `cat $RESQUE_PID` | ||
+ | echo "$NAME." | ||
+ | ;; | ||
+ | reload) | ||
+ | echo -n "Reloading $DESC configuration: " | ||
+ | kill -HUP `cat $PID` | ||
+ | kill -HUP `cat $RESQUE_PID` | ||
+ | echo "$NAME." | ||
+ | ;; | ||
+ | *) | ||
+ | echo "Usage: $NAME {start|stop|restart|reload}" >&2 | ||
+ | exit 1 | ||
+ | ;; | ||
+ | esac | ||
+ | |||
+ | exit 0 | ||
+ | </source> | ||
− | + | Autoriser l'execution du script : | |
− | + | chmod +x /etc/init.d/autosshd | |
+ | |||
+ | Ajouter le script au démarage : | ||
+ | update-rc.d autosshd defaults |
Version du 25 avril 2012 à 12:40
Service au démarrage de A
aptitude install autossh
Générer une paire de clef avec root
ssh-keygen -t dsa
Faire un echange de clef avec le serveur B:
ssh-copy-id -i /root/.ssh/id_dsa.pub userssh@serveurB
ajouter dans /etc/rc.local :
autossh -i /root/.ssh/id_dsa -NR 22222:localhost:22 userssh@serveurB &
Créer un script dans /etc/init.d/autosshd
#! /bin/bash
### BEGIN INIT INFO
# Provides: autosshd
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the autossh daemon
# Description: starts autossh
### END INIT INFO
DAEMON_OPTS="-i /root/.ssh/id_dsa -NR 22222:localhost:22 userssh@serveurB &"
NAME=autossh
DESC="Autossh daemon"
PID=/tmp/autossh.pid
case "$1" in
start)
CD_TO_APP_DIR="cd /home/gitlab/gitlab"
START_DAEMON_PROCESS="/var/lib/gems/1.9.1/bin/bundle exec unicorn_rails $DAEMON_OPTS"
START_RESQUE_PROCESS="./resque.sh"
echo -n "Starting $DESC: "
if [ `whoami` = root ]; then
sudo -u gitlab sh -c "$CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS && $START_RESQUE_PROCESS"
else
$CD_TO_APP_DIR > /dev/null 2>&1 && $START_DAEMON_PROCESS && $START_RESQUE_PROCESS
fi
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
kill -QUIT `cat $PID`
kill -QUIT `cat $RESQUE_PID`
echo "$NAME."
;;
restart)
echo -n "Restarting $DESC: "
kill -USR2 `cat $PID`
kill -USR2 `cat $RESQUE_PID`
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
kill -HUP `cat $PID`
kill -HUP `cat $RESQUE_PID`
echo "$NAME."
;;
*)
echo "Usage: $NAME {start|stop|restart|reload}" >&2
exit 1
;;
esac
exit 0
Autoriser l'execution du script :
chmod +x /etc/init.d/autosshd
Ajouter le script au démarage :
update-rc.d autosshd defaults