lwc:shellhub

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
lwc:shellhub [2022/08/18 19:06] – uo John Harrisonlwc:shellhub [2024/01/01 14:07] (current) John Harrison
Line 10: Line 10:
 SHELLHUB_DOMAIN=<your domain or subdomain without quotes> SHELLHUB_DOMAIN=<your domain or subdomain without quotes>
 </code> </code>
 +=== autostart ===
 +Add a ''systemd'' service:
 +  * create ''/etc/systemd/system/shellhub.service'':
 +<code>
 +[Unit]
 +Description=ShellHub
 +After=network.target
 +
 +[Service]
 +User=root
 +Type=simple
 +WorkingDirectory=<DIRECTORY WHERE SHELLHUB ROOT LIVES>
 +ExecStart=make start
 +Restart=always
 +
 +[Install]
 +WantedBy=multi-user.target
 +</code>
 +  * ''sudo systemctl enable shellhub.service''
 +  * ''sudo systemctl start shellhub.service''
 +
 ==== Remote ==== ==== Remote ====
   * Shellhub provides a docker container for RPI and friends but our candidate was a riscv64 mangopi for which there was no suitable Docker container   * Shellhub provides a docker container for RPI and friends but our candidate was a riscv64 mangopi for which there was no suitable Docker container
-  * Instead we cloned the repo then [[https://docs.shellhub.io/user-manual/agent/installing/#installing-from-source-code|built the agent from source]]+  * Instead we cloned the repo then [[https://docs.shellhub.io/developers/agent/installing#installing-from-source-code|build the agent from source]] 
 +<code> 
 + git clone -b v0.10.4 https://github.com/shellhub-io/shellhub.git shellhub 
 + sudo apt install golang 
 + cd shellhub/agent 
 + go build -ldflags "-X main.AgentVersion=v0.10.4" 
 +</code> 
 +    * {{ :lwc:agent.gz |zipped riscv64 compiled binary of agent}}
   * Format for the public/private keys must be ''pem'' so ssh keys from standard ''ssh-keygen'' will not work. Instead do something like: ''ssh-keygen -t rsa -f key.pem -m pem'' with ''-m pem'' being the magic sauce ([[https://stackoverflow.com/questions/55470311/encode-private-key-getting-error-asn1-structure-error-tags-dont-match|source]]).   * Format for the public/private keys must be ''pem'' so ssh keys from standard ''ssh-keygen'' will not work. Instead do something like: ''ssh-keygen -t rsa -f key.pem -m pem'' with ''-m pem'' being the magic sauce ([[https://stackoverflow.com/questions/55470311/encode-private-key-getting-error-asn1-structure-error-tags-dont-match|source]]).
  
-==== ToDo ==== +=== Autostart of Agent === 
-  * autostart of host +  * add a script ''startAgent.sh'' to start the agent: 
-  * autostart of remote (agent)+<code> 
 +#!/bin/bash 
 +export SHELLHUB_TENANT_ID="TENANT_ID" 
 +export SHELLHUB_PRIVATE_KEY="PRIVATE KEY PATH AND FILENAME IN PEM FORMAT" 
 +export SHELLHUB_SERVER_ADDRESS="SHELLHUB SERVER ADDRESS" 
 +./agent 
 +</code> 
 +  * ''sudo chmod 755 startAgent.sh'' 
 +  * starting the script from the shell works fine but for some reason does not work with ''systemd'' unless we change ''/bin/sh'' to use ''bash'' instead of ''dash'' 
 +    * ''sudo dpkg-reconfigure dash'' and choose ''no'' when prompted 
 +  * create ''/etc/systemd/system/shellhubAgent.service'' 
 +<code> 
 +[Unit] 
 +Description=ShellhubAgent 
 +After=network.target 
 + 
 +[Service] 
 +User=root 
 +Type=simple 
 +WorkingDirectory=FULL PATH WHERE AGENT AND STARTUP SCRIPT ARE LOCATED 
 +ExecStart=FULL PATH AND FILENAME OF STARTUP SCRIPT 
 +Restart=always 
 + 
 +[Install] 
 +WantedBy=multi-user.target 
 +</code> 
 +  * ''sudo systemctl enable shellhubAgent.service'' 
 +  * ''sudo systemctl start shellhubAgent.service'' 
 + 
 +=== Login with cert to remote (agent) === 
 +  * local machine generate public/private key. 
 +    *  it could be that any public/private key would work but docs suggest''ssh-keygen -t ed25519'' 
 +  * upload public key to web portal (public keys menu on LHS) 
 +  * make sure private key on local machine has permissions 600 
 +  * login from local machine using private key: ''ssh -p <PORT> -i <PRIVATE_KEY_PATH_AND_FILE> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>'' 
 + 
 +=== Disable Password login === 
 +//This is not a built-in function for community edition it appears so as a workaround we can hack the code// 
 +  * pre v0.13.0: in ''/pkg/agent/server/server.go'' edit ''func (s *Server) passwordHandler('' so the first line of the method reads ''return false'' 
 +  * post v0.13.0: in ''/pkg/agent/server/authentication.go'' edit ''func (s *Server) passwordHandler(ctx gliderssh.Context, pass string) bool {'' so the first line of the method reads ''return false'' 
 +  * ''cd shellhub/agent'' 
 +  * ''go build -ldflags "-X main.AgentVersion=<VERSION>"'' 
 + 
 +==== Setting up VNC on remote (Xubuntu 22.04) ==== 
 +=== On Remote === 
 +  * ''sudo apt install xtightvncviewer'' 
 +  * change ''~/.vnc/xstartup'' to read: 
 +<code> 
 +env -i /bin/sh -c "export PATH=$PATH; 
 +                   export XAUTHORITY=$XAUTHORITY; 
 +                   export DISPLAY=$DISPLAY; 
 +                   export HOME=$HOME; 
 +                   export LOGNAME=$LOGNAME; 
 +                   export USER=$USER; 
 +                   /usr/bin/xfce4-session" 
 +</code> 
 +  * write a script: 
 +<code> 
 +#!/bin/bash 
 +if ! pgrep -x "Xtightvnc" >/dev/null 
 +then 
 +    vncserver -geometry 1366x768 
 +fi 
 +</code> 
 +  * call this script in session and startup (yes systemd is the right way to do this but I couldn't get it to work) 
 +  * restart Xserver 
 +=== local === 
 +  * ''ssh -p 24 -i <PRIVATE_KEY> <NAME_OF_REMOTE> -L 5901:127.0.0.1:5901'' 
 +  * then in a separate window ''gvncviewer :1'' 
 + 
  • lwc/shellhub.1660867601.txt.gz
  • Last modified: 2022/08/18 19:06
  • by John Harrison