SSH Connect to Mezz PC#3685
Conversation
…ts/Software into sauravbanna/mezzsh
…are into sauravbanna/mezzsh
|
This is a really cool feature. If I am understanding correctly, we can now connect to the mezz pc even outside of Vancouver? |
| # 1. no other users (IRL or remote) are using the PC | ||
| # OR | ||
| # 2. the force flag is provided | ||
| if ([ ! -z "$LOCAL_USER" ] || [ ! -z "$REMOTE_USERS" ]) && [ "$FORCE_CONNECT" != "1" ]; then |
There was a problem hiding this comment.
| if ([ ! -z "$LOCAL_USER" ] || [ ! -z "$REMOTE_USERS" ]) && [ "$FORCE_CONNECT" != "1" ]; then | |
| if ([ ! -z "$LOCAL_USER" ] || [ ! -z "$REMOTE_USERS_LIST" ]) && [ "$FORCE_CONNECT" != "1" ]; then |
There was a problem hiding this comment.
good catch thanks
| # we technically hae already have an active connection at this point | ||
| # just no shell is provided | ||
| # close the connection after 1 min | ||
| sleep 60 |
There was a problem hiding this comment.
Why do we need to wait for 60s here.
| # Trigger the visual warning dialog if someone is using the PC IRL | ||
| bash /home/thunderbots/Software/scripts/mezzsh/utils/connection_warn.sh & |
There was a problem hiding this comment.
So when connection is successful, this script will still run even if there is no local user?
There was a problem hiding this comment.
so the connection_warn.sh script does check for if there actually is a local user (the same way the server does). it only shows the warning if so.
i'll pull the local user check into its own file to reduce repetition tho
| echo "--- Registering New Remote User ---" | ||
|
|
||
| # Add to authorized_keys with a command restriction | ||
| ENTRY="$PUB_KEY |
There was a problem hiding this comment.
it's a multi-line string, works when i tested and verified the resulting file
|
|
||
| # This step uses a match block to modify these ssh settings for only 1 user | ||
| # Clean up any previous global ForceCommand we might have added | ||
| sed -i '/Match User $TARGET_USER/,/AcceptEnv SSH_CHECK_MODE FORCE_CONNECT/d' $SSHD_CONFIG |
There was a problem hiding this comment.
Single quote wont expand variables, is this intended?
https://stackoverflow.com/questions/6697753/difference-between-single-and-double-quotes-in-bash
There was a problem hiding this comment.
good catch, thanks
…eck local users into own file
4 participants
Description
Adds ability to SSH into the Mezz PC.
Warns all new connections if anyone is using the PC remotely or in-person already. Allows users to force a connection. Shows a warning in-person when anyone connects.
Shows the names of all remotely connected users in the warning.
Uses Tailscale as a VPN to get around UBC blocking incoming connections.
Usage
On the client side:
bash mezzsh_keygen.shto generate a private-public key pair.To connect:
bash mezzsh_connect.shOn the Mezz PC side:
mezzsh_setup.sh: sets up the ssh server, dependencies, etc.mezzsh_server.sh: The script that handles incoming ssh connectionsThe public key will have to be added to the Mezz PC's authorized keys, using the
mezzsh_keystore.shscriptPictures
In-person user warning to the remote user
Other remote users warning to the remote user
Dialog warning to the in-person user on the Mezz PC
Testing Done
Tested the different scenarios manually:
Resolved Issues
Length Justification and Key Files to Review
Review Checklist
It is the reviewers responsibility to also make sure every item here has been covered
.hfile) should have a javadoc style comment at the start of them. For examples, see the functions defined inthunderbots/software/geom. Similarly, all classes should have an associated Javadoc comment explaining the purpose of the class.TODO(or similar) statements should either be completed or associated with a github issue