ssh

Remotely unlock encrypted root disk using SSH

sudo apt install dropbear-initramfs
 
sudo sed -i 's/#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-I 180 -j -k -p 4000 -s -c cryptroot-unlock"/g' /etc/dropbear/initramfs/dropbear.conf
 
# optional: configure IP if no DHCP avaiable
# echo 'IP=192.168.2.123::192.168.2.1:255.255.254.0:my-wks01' >> /etc/initramfs-tools/initramfs.conf
 
sudo ssh-import-id gh:<my_user_id> -o /etc/dropbear/initramfs/authorized_keys
 
sudo update-initramfs -u
 
ssh root@your_workstation_ip -p 4444
 
# unlock disk
unlock-cryptroot

Links
https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
https://realtechtalk.com/Howto_Set_Static_IP_on_boot_in_initramfs_for_dropbear_or_other_purposes_NFS_Linux_Debian_Ubuntu_CentOS-2278-articles

SSH reverse tunel over public host

@Office

cat <<EOF> ~/bin/proxy-ssh-forward.sh
#!/bin/bash
 
PROXY_SERVER=proxy.example.com
 
eval \$(ssh-agent) && ssh-add
 
while true; do
    echo "Connect to proxy ..."
    ssh -a -v -N -R 7422:localhost:22 -o ServerAliveInterval=30 -o ServerAliveCountMax=10 \${PROXY_SERVER}
    sleep 10
done
EOF
 
chmod +x ~/bin/proxy-ssh-forward.sh
nohup ~/bin/proxy-ssh-forward.sh

@Home

Octavia: Allow SSH login to Amphora VM

Allow SSH access

LB_ID=foo-lb01-prod
 
AMPHORA_ID=$(openstack loadbalancer amphora list --loadbalancer ${LB_ID} --role MASTER -c id -f value)
AMPHORA_COMPUTE_ID=$(openstack loadbalancer amphora show ${AMPHORA_ID} -c compute_id -f value)
LB_NETWORK_IP=$(openstack loadbalancer amphora show ${AMPHORA_ID} -c lb_network_ip -f value)
SECURITY_GROUP_ID=$(openstack port list --server ${AMPHORA_COMPUTE_ID} --fixed-ip "ip-address=${LB_NETWORK_IP}" -c security_group_ids -f value)
 
# DEBUG: show ingress tcp rules
openstack security group rule list --ingress --protocol tcp ${SECURITY_GROUP_ID}
openstack security group rule create --protocol tcp --dst-port 22:22 --remote-ip 172.16.0.0/12  ${SECURITY_GROUP_ID}
openstack loadbalancer amphora list --loadbalancer ${LB_ID} -c  lb_network_ip -c role -f value
openstack loadbalancer amphora list --loadbalancer ${LB_ID} -c  lb_network_ip --role MASTER -f value
 
# login to amphora VM from OpenStack control node
ssh local@ctl1-dev.dev.i.example.com
ssh -i ~/.ssh/id_rsa_octavia ubuntu@${AMPHORA_VM_IP}

Manuall SSH access

Install SSH VPN server

export CONTAINER=vpn

# create container
# TODO: configure MAC on create container
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/create.jessie.sh -O - | bash -s -- -f

# configure container MAC address
sed -i 's|lxc.network.hwaddr = .*|lxc.network.hwaddr = 00:11:22:33:44:5e|' /var/lib/lxc/${CONTAINER}/config

# enable autostart
echo "lxc.start.auto = 1" | tee -a /var/lib/lxc/${CONTAINER}/config

# configure container
##echo "lxc.hook.autodev=/var/lib/lxc/vpn/autodev" >> /var/lib/lxc/${CONTAINER}/config