Re: [Server-devel] Trying to access a school server from the outside world
I would need access 'lascahobas' server, because the new server is not available yet. Could you provide me the client information needed? Sorry to bother, I didn't used openvpn before. Gonzalo On Tue, Jun 16, 2015 at 12:51 PM, George Hunt georgejh...@gmail.com wrote: I thought I had already set you up for using the Amazon passthrough. But here are the steps: 1. There is a user at the https://50.17.210.12:943/admin/ port with username:gonzalo and a password I will send separately. 2. Sign on there and change your password. You can use this sign on at any time to see if the sora server client connection is available at the passthrough. 3. Then you will need to create a new user without administrative privileges that will become the server's client connection to the vpn. The generation of the keys for the sora server is triggered by accessing https://50.17.210.12:943/ (without admin), and logging on with the credentials you created when you set up the sora server user. 4. When you make this https:// access, the amazon openvpn application will offer to let you download the openvpn client application. I have usually yum installed openvpn already. Hit refresh, and you will be given a choice to download an unattended access key file. 5. Download the cient.ovpn file and change it so something similar to the username you created. Place it in the /etc/openvpn/ directory of sora server Sorry I missed your request when it came 3 days ago. On Sat, Jun 13, 2015 at 7:54 PM, Gonzalo Odiard godi...@sugarlabs.org wrote: Could I use your passthrough server to access Sora server? What we should do setup it? Gonzalo On Sat, Jun 13, 2015 at 4:16 PM, George Hunt georgejh...@gmail.com wrote: Typically a server is behind some sort of NAT device, and some sort of firewall, and most likely has a variable ip address assigned by the ISP's dhcpd. The trick is to have the server initiate an outgoing conversation to a device on the internet that is always on. I purchased a micro instance on amazon cloud for the purpose. The amazon instance generates keys for clients which permits passthrough conversations between any clients. There's two levels of authentication -- 1. need a vpn key to connect to the amazon instance, and 2. need authentication at the ssh port of the target (preferably a public key in .ssh/authorized_keys on the target -making dictionary attacks less likely). But I'm becoming a fan of teamviewer. You need to install Xorg, and I usually install XFCE because it's pretty light weight. Up until now, I've resisted a GUI for servers. On Sat, Jun 13, 2015 at 2:25 PM, Tim Moody t...@timmoody.com wrote: I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- Gonzalo Odiard SugarLabs - Software for children learning -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
I thought I had already set you up for using the Amazon passthrough. But here are the steps: 1. There is a user at the https://50.17.210.12:943/admin/ port with username:gonzalo and a password I will send separately. 2. Sign on there and change your password. You can use this sign on at any time to see if the sora server client connection is available at the passthrough. 3. Then you will need to create a new user without administrative privileges that will become the server's client connection to the vpn. The generation of the keys for the sora server is triggered by accessing https://50.17.210.12:943/ (without admin), and logging on with the credentials you created when you set up the sora server user. 4. When you make this https:// access, the amazon openvpn application will offer to let you download the openvpn client application. I have usually yum installed openvpn already. Hit refresh, and you will be given a choice to download an unattended access key file. 5. Download the cient.ovpn file and change it so something similar to the username you created. Place it in the /etc/openvpn/ directory of sora server Sorry I missed your request when it came 3 days ago. On Sat, Jun 13, 2015 at 7:54 PM, Gonzalo Odiard godi...@sugarlabs.org wrote: Could I use your passthrough server to access Sora server? What we should do setup it? Gonzalo On Sat, Jun 13, 2015 at 4:16 PM, George Hunt georgejh...@gmail.com wrote: Typically a server is behind some sort of NAT device, and some sort of firewall, and most likely has a variable ip address assigned by the ISP's dhcpd. The trick is to have the server initiate an outgoing conversation to a device on the internet that is always on. I purchased a micro instance on amazon cloud for the purpose. The amazon instance generates keys for clients which permits passthrough conversations between any clients. There's two levels of authentication -- 1. need a vpn key to connect to the amazon instance, and 2. need authentication at the ssh port of the target (preferably a public key in .ssh/authorized_keys on the target -making dictionary attacks less likely). But I'm becoming a fan of teamviewer. You need to install Xorg, and I usually install XFCE because it's pretty light weight. Up until now, I've resisted a GUI for servers. On Sat, Jun 13, 2015 at 2:25 PM, Tim Moody t...@timmoody.com wrote: I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
Thanks! On Tue, Jun 16, 2015 at 12:51 PM, George Hunt georgejh...@gmail.com wrote: I thought I had already set you up for using the Amazon passthrough. But here are the steps: 1. There is a user at the https://50.17.210.12:943/admin/ port with username:gonzalo and a password I will send separately. 2. Sign on there and change your password. You can use this sign on at any time to see if the sora server client connection is available at the passthrough. 3. Then you will need to create a new user without administrative privileges that will become the server's client connection to the vpn. The generation of the keys for the sora server is triggered by accessing https://50.17.210.12:943/ (without admin), and logging on with the credentials you created when you set up the sora server user. 4. When you make this https:// access, the amazon openvpn application will offer to let you download the openvpn client application. I have usually yum installed openvpn already. Hit refresh, and you will be given a choice to download an unattended access key file. 5. Download the cient.ovpn file and change it so something similar to the username you created. Place it in the /etc/openvpn/ directory of sora server Sorry I missed your request when it came 3 days ago. On Sat, Jun 13, 2015 at 7:54 PM, Gonzalo Odiard godi...@sugarlabs.org wrote: Could I use your passthrough server to access Sora server? What we should do setup it? Gonzalo On Sat, Jun 13, 2015 at 4:16 PM, George Hunt georgejh...@gmail.com wrote: Typically a server is behind some sort of NAT device, and some sort of firewall, and most likely has a variable ip address assigned by the ISP's dhcpd. The trick is to have the server initiate an outgoing conversation to a device on the internet that is always on. I purchased a micro instance on amazon cloud for the purpose. The amazon instance generates keys for clients which permits passthrough conversations between any clients. There's two levels of authentication -- 1. need a vpn key to connect to the amazon instance, and 2. need authentication at the ssh port of the target (preferably a public key in .ssh/authorized_keys on the target -making dictionary attacks less likely). But I'm becoming a fan of teamviewer. You need to install Xorg, and I usually install XFCE because it's pretty light weight. Up until now, I've resisted a GUI for servers. On Sat, Jun 13, 2015 at 2:25 PM, Tim Moody t...@timmoody.com wrote: I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- Gonzalo Odiard SugarLabs - Software for children learning -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
Could I use your passthrough server to access Sora server? What we should do setup it? Gonzalo On Sat, Jun 13, 2015 at 4:16 PM, George Hunt georgejh...@gmail.com wrote: Typically a server is behind some sort of NAT device, and some sort of firewall, and most likely has a variable ip address assigned by the ISP's dhcpd. The trick is to have the server initiate an outgoing conversation to a device on the internet that is always on. I purchased a micro instance on amazon cloud for the purpose. The amazon instance generates keys for clients which permits passthrough conversations between any clients. There's two levels of authentication -- 1. need a vpn key to connect to the amazon instance, and 2. need authentication at the ssh port of the target (preferably a public key in .ssh/authorized_keys on the target -making dictionary attacks less likely). But I'm becoming a fan of teamviewer. You need to install Xorg, and I usually install XFCE because it's pretty light weight. Up until now, I've resisted a GUI for servers. On Sat, Jun 13, 2015 at 2:25 PM, Tim Moody t...@timmoody.com wrote: I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
xsce listens on ssh, so if you expose that port externally you can access the server. probably you don't do this as we usually put the server behind a firewall. George Hunt set up an OpenVPN hub which some installs can use. Servers connect to the vpn hub and connected users can then pass through the hub to the server. Both users and servers need keys stored on the vpn hub. You would need to check with Adam and George. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
Thanks Tim and all by the information. I was using TeamViewer with Sora server, but is terribly slow. Gonzalo On Sat, Jun 13, 2015 at 3:25 PM, Tim Moody t...@timmoody.com wrote: I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
On Sat, Jun 13, 2015 at 4:07 PM, Gonzalo Odiard godi...@sugarlabs.org wrote: Thanks Tim and all by the information. I was using TeamViewer with Sora server, but is terribly slow. Is there any way to force TeamViewer to 640x480 / black+white / grayscale to speed up transmissions? Gonzalo On Sat, Jun 13, 2015 at 3:25 PM, Tim Moody t...@timmoody.com wrote: I should also have mentioned that we have started using TeamViewer on some of the servers which allows a session on the server without using the vpn hub. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel -- http://lists.laptop.org/listinfo/server-devel http://lists.laptop.org/listinfo/server-devel Unsung Heroes of OLPC, interviewed live @ http://lists.laptop.org/listinfo/server-develhttp://unleashkids.org ! ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Trying to access a school server from the outside world
Hi, I am trying to help Sora who installed a XSCE, and we need configure some of the services. What is the best way to access remotely? It's possible do ssh to the external ip or is blocked in some way? Anything else? -- Gonzalo Odiard SugarLabs - Software for children learning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Trying to access a school server from the outside world
There was talk of OpenVPN earlier, many months ago. If you must open SSH, use a port number chosen randomly, ensure password authentication is turned off, and make sure there's no way for the kids to create .ssh/authorized_keys files. The next problem is changes to IP address. When both ends of the link have dynamic addresses, I use an SSH relay. On the XSCE instance create this script: #!/bin/sh while true; do socat -t5 \ tcp:relay.example.com:20934,forever,interval=10,fork \ tcp:localhost:22 sleep 1 done And then ensure it is run, e.g. using /etc/rc.d/rc.local or some other method. On your SSH server relay.example.com, run this command: socat \ tcp-listen:23016,reuseaddr,fork \ tcp-listen:20934,reuseaddr,retry=10 On your local system, edit .ssh/config to contain: Host fred Hostname relay.example.com Port 23016 User root ConnectTimeout 300 And then connect by typing ssh fred. The resulting connection to sshd appears to come from localhost. It can be a bit slower than normal. -- James Cameron http://quozl.linux.org.au/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel