Differences

This shows you the differences between two versions of the page.

--- lwc:shellhub [2022/10/24 16:24] – [Autostart of Agent] John Harrison
+++ lwc:shellhub [2024/01/01 14:07] (current) – John Harrison
@@ Line 29: / Line 29: @@
 </code>
   * ''sudo systemctl enable shellhub.service''
-  * ''sudo systemctl start shellhub.service'' # does enable already imply start?
+  * ''sudo systemctl start shellhub.service''
 ==== Remote ====
   * Shellhub provides a docker container for RPI and friends but our candidate was a riscv64 mangopi for which there was no suitable Docker container
-  * Instead we cloned the repo then [[https://docs.shellhub.io/developers/agent/installing#installing-from-source-code|built the agent from source]]
+  * Instead we cloned the repo then [[https://docs.shellhub.io/developers/agent/installing#installing-from-source-code|build the agent from source]]
+<code>
+ git clone -b v0.10.4 https://github.com/shellhub-io/shellhub.git shellhub
+ sudo apt install golang
+ cd shellhub/agent
+ go build -ldflags "-X main.AgentVersion=v0.10.4"
+</code>
     * {{ :lwc:agent.gz |zipped riscv64 compiled binary of agent}}
   * Format for the public/private keys must be ''pem'' so ssh keys from standard ''ssh-keygen'' will not work. Instead do something like: ''ssh-keygen -t rsa -f key.pem -m pem'' with ''-m pem'' being the magic sauce ([[https://stackoverflow.com/questions/55470311/encode-private-key-getting-error-asn1-structure-error-tags-dont-match|source]]).
-===== Autostart of Agent =====
+=== Autostart of Agent ===
   * add a script ''startAgent.sh'' to start the agent:
 <code>
@@ Line 67: / Line 73: @@
   * ''sudo systemctl enable shellhubAgent.service''
   * ''sudo systemctl start shellhubAgent.service''
+=== Login with cert to remote (agent) ===
+  * local machine generate public/private key.
+    *  it could be that any public/private key would work but docs suggest''ssh-keygen -t ed25519''
+  * upload public key to web portal (public keys menu on LHS)
+  * make sure private key on local machine has permissions 600
+  * login from local machine using private key: ''ssh -p <PORT> -i <PRIVATE_KEY_PATH_AND_FILE> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>''
+=== Disable Password login ===
+//This is not a built-in function for community edition it appears so as a workaround we can hack the code//
+  * pre v0.13.0: in ''/pkg/agent/server/server.go'' edit ''func (s *Server) passwordHandler('' so the first line of the method reads ''return false''
+  * post v0.13.0: in ''/pkg/agent/server/authentication.go'' edit ''func (s *Server) passwordHandler(ctx gliderssh.Context, pass string) bool {'' so the first line of the method reads ''return false''
+  * ''cd shellhub/agent''
+  * ''go build -ldflags "-X main.AgentVersion=<VERSION>"''
+==== Setting up VNC on remote (Xubuntu 22.04) ====
+=== On Remote ===
+  * ''sudo apt install xtightvncviewer''
+  * change ''~/.vnc/xstartup'' to read:
+<code>
+env -i /bin/sh -c "export PATH=$PATH;
+                   export XAUTHORITY=$XAUTHORITY;
+                   export DISPLAY=$DISPLAY;
+                   export HOME=$HOME;
+                   export LOGNAME=$LOGNAME;
+                   export USER=$USER;
+                   /usr/bin/xfce4-session"
+</code>
+  * write a script:
+<code>
+#!/bin/bash
+if ! pgrep -x "Xtightvnc" >/dev/null
+then
+    vncserver -geometry 1366x768
+fi
+</code>
+  * call this script in session and startup (yes systemd is the right way to do this but I couldn't get it to work)
+  * restart Xserver
+=== local ===
+  * ''ssh -p 24 -i <PRIVATE_KEY> <NAME_OF_REMOTE> -L 5901:127.0.0.1:5901''
+  * then in a separate window ''gvncviewer :1''