Differences

This shows you the differences between two versions of the page.

--- lwc:shellhub [2022/08/18 12:51] – created John Harrison
+++ lwc:shellhub [2024/01/01 14:07] (current) – John Harrison
@@ Line 3: / Line 3: @@
   * if you are already running ssh on the host you'll need to create (or add to) a ''.env.override'' file ''SHELLHUB_SSH_PORT=<SOMETHING_OTHER_THAN_22>''
     * you'll use this port # when logging into the remotes via ssh cli e.g. ''ssh -p <PORT_#> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>''
-  * [[https://docs.shellhub.io/getting-started/installing/|directions for install]]
+  * [[https://docs.shellhub.io/getting-started/installing/|directions for install]] (dev environment not necessary)
+  * for ssl add to ''.env.override'':
+<code>
+SHELLHUB_AUTO_SSL=true
+SHELLHUB_REDIRECT_TO_HTTPS=true
+SHELLHUB_DOMAIN=<your domain or subdomain without quotes>
+</code>
+=== autostart ===
+Add a ''systemd'' service:
+  * create ''/etc/systemd/system/shellhub.service'':
+<code>
+[Unit]
+Description=ShellHub
+After=network.target
+[Service]
+User=root
+Type=simple
+WorkingDirectory=<DIRECTORY WHERE SHELLHUB ROOT LIVES>
+ExecStart=make start
+Restart=always
+[Install]
+WantedBy=multi-user.target
+</code>
+  * ''sudo systemctl enable shellhub.service''
+  * ''sudo systemctl start shellhub.service''
 ==== Remote ====
   * Shellhub provides a docker container for RPI and friends but our candidate was a riscv64 mangopi for which there was no suitable Docker container
-  * Instead we cloned the repo then [[https://docs.shellhub.io/user-manual/agent/installing/#installing-from-source-code|built the agent from source]]
+  * Instead we cloned the repo then [[https://docs.shellhub.io/developers/agent/installing#installing-from-source-code|build the agent from source]]
+<code>
+ git clone -b v0.10.4 https://github.com/shellhub-io/shellhub.git shellhub
+ sudo apt install golang
+ cd shellhub/agent
+ go build -ldflags "-X main.AgentVersion=v0.10.4"
+</code>
+    * {{ :lwc:agent.gz |zipped riscv64 compiled binary of agent}}
   * Format for the public/private keys must be ''pem'' so ssh keys from standard ''ssh-keygen'' will not work. Instead do something like: ''ssh-keygen -t rsa -f key.pem -m pem'' with ''-m pem'' being the magic sauce ([[https://stackoverflow.com/questions/55470311/encode-private-key-getting-error-asn1-structure-error-tags-dont-match|source]]).
+=== Autostart of Agent ===
+  * add a script ''startAgent.sh'' to start the agent:
+<code>
+#!/bin/bash
+export SHELLHUB_TENANT_ID="TENANT_ID"
+export SHELLHUB_PRIVATE_KEY="PRIVATE KEY PATH AND FILENAME IN PEM FORMAT"
+export SHELLHUB_SERVER_ADDRESS="SHELLHUB SERVER ADDRESS"
+./agent
+</code>
+  * ''sudo chmod 755 startAgent.sh''
+  * starting the script from the shell works fine but for some reason does not work with ''systemd'' unless we change ''/bin/sh'' to use ''bash'' instead of ''dash''
+    * ''sudo dpkg-reconfigure dash'' and choose ''no'' when prompted
+  * create ''/etc/systemd/system/shellhubAgent.service''
+<code>
+[Unit]
+Description=ShellhubAgent
+After=network.target
+[Service]
+User=root
+Type=simple
+WorkingDirectory=FULL PATH WHERE AGENT AND STARTUP SCRIPT ARE LOCATED
+ExecStart=FULL PATH AND FILENAME OF STARTUP SCRIPT
+Restart=always
+[Install]
+WantedBy=multi-user.target
+</code>
+  * ''sudo systemctl enable shellhubAgent.service''
+  * ''sudo systemctl start shellhubAgent.service''
+=== Login with cert to remote (agent) ===
+  * local machine generate public/private key.
+    *  it could be that any public/private key would work but docs suggest''ssh-keygen -t ed25519''
+  * upload public key to web portal (public keys menu on LHS)
+  * make sure private key on local machine has permissions 600
+  * login from local machine using private key: ''ssh -p <PORT> -i <PRIVATE_KEY_PATH_AND_FILE> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>''
+=== Disable Password login ===
+//This is not a built-in function for community edition it appears so as a workaround we can hack the code//
+  * pre v0.13.0: in ''/pkg/agent/server/server.go'' edit ''func (s *Server) passwordHandler('' so the first line of the method reads ''return false''
+  * post v0.13.0: in ''/pkg/agent/server/authentication.go'' edit ''func (s *Server) passwordHandler(ctx gliderssh.Context, pass string) bool {'' so the first line of the method reads ''return false''
+  * ''cd shellhub/agent''
+  * ''go build -ldflags "-X main.AgentVersion=<VERSION>"''
+==== Setting up VNC on remote (Xubuntu 22.04) ====
+=== On Remote ===
+  * ''sudo apt install xtightvncviewer''
+  * change ''~/.vnc/xstartup'' to read:
+<code>
+env -i /bin/sh -c "export PATH=$PATH;
+                   export XAUTHORITY=$XAUTHORITY;
+                   export DISPLAY=$DISPLAY;
+                   export HOME=$HOME;
+                   export LOGNAME=$LOGNAME;
+                   export USER=$USER;
+                   /usr/bin/xfce4-session"
+</code>
+  * write a script:
+<code>
+#!/bin/bash
+if ! pgrep -x "Xtightvnc" >/dev/null
+then
+    vncserver -geometry 1366x768
+fi
+</code>
+  * call this script in session and startup (yes systemd is the right way to do this but I couldn't get it to work)
+  * restart Xserver
+=== local ===
+  * ''ssh -p 24 -i <PRIVATE_KEY> <NAME_OF_REMOTE> -L 5901:127.0.0.1:5901''
+  * then in a separate window ''gvncviewer :1''