Difference between revisions of "Configure SSH connection between servers"

From Kolmisoft Wiki
Jump to navigationJump to search
(New page: These scripts creates SSH connection between MOR GUI and APP server. This connection is used to manage files/folders on APP servers when sound files are uploaded to GUI server. Installat...)
 
 
(17 intermediate revisions by 6 users not shown)
Line 1: Line 1:
These scripts creates SSH connection between MOR GUI and APP server.
Manual configuration:
 
This connection is used to manage files/folders on APP servers when sound files are uploaded to GUI server.
 
Installation instruction:
 
1. On GUI server execute ssh_prepare_gui_server.sh - read inside code to login as apache to generate key
2. On APP server run ssh_prepare_app_server.sh
3. On GUI server run ssh_activate_app_server.sh
 
Repeat 2-3 steps for each Asterisk server.
 
NOTE: Do not repeat step 1!
 
4. On GUI server execute: rm -fr /var/www/html/id_rsa.pub


On the GUI server:


--------------------------------
# Make an SSH key set special for Passenger Apache
mkdir -p /var/www/.ssh/


Manual configuration:
# Generate an RSA key with NO passcode
ssh-keygen -f /var/www/.ssh/id_rsa -q -t rsa -N ""


On GUI server:
# Make Apache the owner of the keys
chown -R apache:apache /var/www/.ssh/


  ifconfig <and mark IP of GUI server>
  # Share the public key with the servers
cat /var/www/.ssh/id_rsa.pub | ssh USER@SERVER_IP 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod -R 700 ~/.ssh'
# Repeat this step for all the remote servers you want your GUI to connect to (change USER and SERVER_IP correspondingly, USER=root for GUI->FS connection)


rm /var/www/.ssh/id_rsa
rm /var/www/.ssh/id_rsa.pub
su apache
ssh-keygen -t rsa
<Press ENTER 3 times>
exit
chmod 700 /var/www/.ssh
cp /var/www/.ssh/id_rsa.pub /var/www/html


If you are using Centos 7, add these additional commands:
  cp -a /var/www/.ssh/ /usr/share/httpd/
  echo "StrictHostKeyChecking no" >> /usr/share/httpd/.ssh/config


On APP (Remote) server:


# move old pub file (backup)
cd /root
mv id_rsa.pub id_rsa.pb.old
#  download pub key from GUI server
wget http://<GUI_SERVER_IP>/id_rsa.pub
 
mkdir /root/.ssh
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
chmod 700 /root/.ssh
# include pub key into authorize_keys file
cat /root/id_rsa.pub >> /root/.ssh/authorized_keys
rm -rf /root/id_rsa.pub
ifconfig <and mark IP of APP server>


If keys are configured, but GUI still cannot connect, check gui debug log, if it shows similar error like this:
Retrieve PCAP error: fingerprint 32:0f:3e:0e:3e:5f:04:be:a9:09:e3:82:28:44:89:64 does not match for "1.2.3.4"


On GUI server:
you need to remove 1.2.3.4 from /var/www/.ssh/known_hosts and/or /usr/share/httpd/.ssh/known_hosts


su apache
If you are using different user to connect to server(not root), you might need to change it in Billing - Servers
ssh -o StrictHostKeyChecking=no root@<IP of APP server> -f "exit"
#test
ssh root@<IP of APP server>
ifconfig
#should see that you are on APP server
# log out
exit
rm -fr /var/www/html/id_rsa.pub

Latest revision as of 20:13, 2 March 2023

Manual configuration:

On the GUI server:

# Make an SSH key set special for Passenger Apache
mkdir -p /var/www/.ssh/
# Generate an RSA key with NO passcode
ssh-keygen -f /var/www/.ssh/id_rsa -q -t rsa -N ""
# Make Apache the owner of the keys
chown -R apache:apache /var/www/.ssh/
# Share the public key with the servers
cat /var/www/.ssh/id_rsa.pub | ssh USER@SERVER_IP 'mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod -R 700 ~/.ssh'
# Repeat this step for all the remote servers you want your GUI to connect to (change USER and SERVER_IP correspondingly, USER=root for GUI->FS connection)


If you are using Centos 7, add these additional commands:

 cp -a /var/www/.ssh/ /usr/share/httpd/
 echo "StrictHostKeyChecking no" >> /usr/share/httpd/.ssh/config


If keys are configured, but GUI still cannot connect, check gui debug log, if it shows similar error like this:

Retrieve PCAP error: fingerprint 32:0f:3e:0e:3e:5f:04:be:a9:09:e3:82:28:44:89:64 does not match for "1.2.3.4"

you need to remove 1.2.3.4 from /var/www/.ssh/known_hosts and/or /usr/share/httpd/.ssh/known_hosts

If you are using different user to connect to server(not root), you might need to change it in Billing - Servers