Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -4,7 +4,7 @@
4	4
5	5
6	6
7		-= **1.  Use Remote.it service** =
	7	+= **1. Use Remote.it service** =
8	8
9	9
10	10	Remote.it for remote access is available in the latest Dragino firmware for gateway. For security concern, the remote.it only available base on end user demand.
...	...	@@ -17,7 +17,7 @@
17	17	For how to use remoteit, please see : [[Remoteit user instruction for Dragino Gateway>>url:https://www.dragino.com/downloads/index.php?dir=LoRa_Gateway/&file=Dragino-Remoteit_User_Manual.pdf]].
18	18
19	19
20		-= **2.  RSSH Introduction** =
	20	+= **2. RSSH Introduction** =
21	21
22	22
23	23	Reverse SSH for remote access is available in the latest Dragino firmware for gateway. For security concern, the RSSH only available base on end user demand.
...	...	@@ -37,12 +37,15 @@
37	37	* LIG16
38	38	* MS14 series if installed with the same firmware.
39	39
40		-== **2.1  For Firmware Version lower than lgw~-~-build-v5.4.1616478814-20210323-1355** ==
41	41
42	42
43		-=== **2.1.1  End User Guide to use SSH access** ===
44	44
	43	+== **2.1 For Firmware Version lower than lgw~-~-build-v5.4.1616478814-20210323-1355** ==
45	45
	45	+
	46	+=== **2.1.1 End User Guide to use SSH access** ===
	47	+
	48	+
46	46	Go to this the Reverse SSH page as below:
47	47
48	48	[[image:image-20220527102348-1.png]]
...	...	@@ -58,7 +58,7 @@
58	58	* (% style="color:#4f81bd" %)**Host Address**(%%):  Input** (% style="color:#4f81bd" %)support.dragino.com(%%)**
59	59	* (% style="color:#4f81bd" %)**Host Port**(%%):  Please email to support @ dragino.com to get a valid host port.
60	60	* (% style="color:#4f81bd" %)**Connect at Startupt**(%%): Choose to enable connect once device is powered.
61		-* (% style="color:#4f81bd" %)**Network Keys:          **(%%)Click the Generate keys to generate the keys and download / mail it to Dragino support so Dragino can prepare the remote access to
	64	+* (% style="color:#4f81bd" %)**Network Keys:  **(%%)Click the Generate keys to generate the keys and download / mail it to Dragino support so Dragino can prepare the remote access to
62	62
63	63	(((
64	64	After doing above, please download and mail the public keys to Dragino support and wait for our mail for the valid host port. Input the valid host port got from our support and click connect so we can remote access to your gateway.
...	...	@@ -65,10 +65,8 @@
65	65	)))
66	66
67	67
	71	+=== **2.1.2 How to Ser up a Reverse SSH access** ===
68	68
69		-=== **2.1.2  How to Ser up a Reverse SSH access** ===
70		-
71		-
72	72	Advance administrator can config a SSH server to provide support their end user themselves. Instruction is as below:
73	73
74	74	1. Prepare a Linux server with public IP. The gateways need to be able to create SSH connection to this server. We recommend to use a server that performs no other function than to support the RSSH access, and to have no additional accounts active, and no access from the Internet that uses ID/password authentication.
...	...	@@ -87,9 +87,8 @@
87	87	)))
88	88
89	89
	91	+==== **2.1.2.1 Note for set up RSSH server** ====
90	90
91		-==== **2.1.2.1  Note for set up RSSH server** ====
92		-
93	93	If gateway reboot or the connection is incidentely close by end node. The port in SSH server will still be occupy for a long time. Administrator can use below commands to release the port.
94	94
95	95	(% class="box" %)
...	...	@@ -103,7 +103,7 @@
103	103	)))
104	104
105	105
106		-== **2.2  For Firmware Version higher than lgw~-~-build-v5.4.1618196981-20210412-1111** ==
	106	+== **2.2 For Firmware Version higher than lgw~-~-build-v5.4.1618196981-20210412-1111** ==
107	107
108	108	Below gateway support reverse SSH access:
109	109
...	...	@@ -118,23 +118,20 @@
118	118	)))
119	119
120	120
121		-=== **2.2.1  End User Guide to use SSH access** ===
	121	+=== **2.2.1 End User Guide to use SSH access** ===
122	122
	123	+==== **2.2.1.1 Install the SSH service for server** ====
123	123
124		-==== **2.2.1.1  Install the SSH service for server** ====
	125	+===== **2.2.1.1.1 Step 1 : Download the SSH service code** =====
125	125
	127	+1).git clone [[https:~~/~~/github.com/dragino/rssh-server.git>>url:https://github.com/dragino/rssh-server.git]] rssh-server
126	126
127		-===== (% style="color:blue" %)**Step 1 : Download the SSH service code**(%%) =====
128		-
129		-
130		-**1).  **git clone [[https:~~/~~/github.com/dragino/rssh-server.git>>url:https://github.com/dragino/rssh-server.git]] rssh-server
131		-
132	132	[[image:image-20220527105447-1.png]]
133	133
134	134	git clone rssh-server
135	135
136	136
137		-**2). ** cd rssh-server; sudo make ~-~--> to Generate the execute file：rssh_serv
	134	+2).cd rssh-server; sudo make ~-~--> to Generate the execute file：rssh_serv
138	138
139	139	[[image:image-20220527105511-2.png]]
140	140
...	...	@@ -170,30 +170,24 @@
170	170	lack of sqlite3
171	171
172	172
173		-(% style="color:blue" %)**How to install Sqlit3:**
	170	+How to install Sqlit3
174	174
175	175	(% class="box" %)
176	176	(((
177		-(% style="color:#037691" %)**Step1:**(%%) Download the SQLit3 installation package
	174	+Step1: Download the SQLit3 installation package
178	178	sudo wget [[https:~~/~~/www.sqlite.org/2021/sqlite-autoconf-3350400.tar.gz>>url:https://www.sqlite.org/2021/sqlite-autoconf-3350400.tar.gz]]
179		-
180		-(% style="color:#037691" %)**Step2:**(%%) tar the SQLit3 installation package
	176	+Step2: tar the SQLit3 installation package
181	181	sudo tar -zxvf sqlite-autoconf-3350300.tar.gz
182		-
183		-(% style="color:#037691" %)**Step3:**(%%) Generate the makefile
	178	+Step3: Generate the makefile
184	184	cd sqlite-autoconf-3350300/;./configure
185		-
186		-(% style="color:#037691" %)**Step4:**(%%) Compile makefile
	180	+Step4: Compile makefile
187	187	sudo make
188		-
189		-(% style="color:#037691" %)**Step5: **(%%)Install makefile
	182	+Step5: Install makefile
190	190	sudo make install
191		-
192		-(% style="color:#037691" %)**Check:**(%%)
193		- cd /usr/local/bin;ls -al  ~-~->    Check to see if there is a file for sqlite3
194		- cd sqlite-autoconf-3350300/;./sqlite3 test.db        ~-~->  Test whether the sqlite3 was installed successfully
195		-
196		-(% style="color:#037691" %)**debug:**(%%)
	184	+Check:
	185	+ cd /usr/local/bin;ls -al                             ~-~->    Check to see if there is a file for sqlite3
	186	+ cd sqlite-autoconf-3350300/;./sqlite3 test.db        ~-~->    Test whether the sqlite3 was installed successfully
	187	+debug:
197	197	If you get the imformation that is SQLite header and source version mismatch, when you execute./sqlite3 test.db.
198	198	Please execute the command /sbin/ldconfig.
199	199	After that execute the command ./sqlite3 test.db again.
...	...	@@ -200,19 +200,17 @@
200	200	)))
201	201
202	202
	194	+===== **2.2.1.1.2 Step 2 : Install and run the RSS service** =====
203	203
204		-===== (% style="color:blue" %)**Step 2 : Install and run the RSS service**(%%) =====
	196	+1): intall database for /var/rsshdb.sqlite3 and Server development port for 3721(The default is 3721)
205	205
206		-
207		-**1):**  intall database for /var/rsshdb.sqlite3 and Server development port for 3721(The default is 3721)
208		-
209	209	user must enter the root account and run the following commands
210	210
211	211	(% class="box" %)
212	212	(((
213		-**~ $ ./create_sqlite3_db.sh
	202	+ $ ./create_sqlite3_db.sh
214	214	$ ./rssh_serv -p  3721 2>&1 &
215		- $ ps -ef | grep rssh_serv check 3721 port**
	204	+ $ ps -ef | grep rssh_serv check 3721 port
216	216	)))
217	217
218	218	[[image:image-20220527110436-6.png]]
...	...	@@ -219,13 +219,12 @@
219	219
220	220	intall database and server development port
221	221
222		-
223	223	**Debug:**
224	224
225	225	(% class="box" %)
226	226	(((
227		-**Check /var/rsshdb.sqlite3  ~-~->(% style="color:#4f81bd" %)  ls /var/rsshdb.sqlite3(%%)**
228		-**Check ls /var/rsshdb.sqlite3 ~-~->**  (% style="color:#4f81bd" %)**sudo chmod 777 rssh_serv**
	215	+Check /var/rsshdb.sqlite3 ~-~->(% style="color:#4f81bd" %)** ls /var/rsshdb.sqlite3**(%%)
	216	+Check ls /var/rsshdb.sqlite3 ~-~-> (% style="color:#4f81bd" %)**sudo chmod 777 rssh_serv**
229	229	)))
230	230
231	231	(% class="box" %)
...	...	@@ -235,10 +235,8 @@
235	235	)))
236	236
237	237
	226	+===== **2.2.1.1.3 Step 3 : Create a minimal SSH user (reverse SSH proxy for the gateway)** =====
238	238
239		-===== (% style="color:blue" %)**Step 3 : Create a minimal SSH user (reverse SSH proxy for the gateway)**(%%) =====
240		-
241		-
242	242	**1): (% style="color:#4f81bd" %)sudo useradd XXXXX(%%)** (custom user name)
243	243
244	244	**2):** (% style="color:#4f81bd" %)**sudo passwd xxxxxx**
...	...	@@ -245,34 +245,28 @@
245	245
246	246	**3):** (% style="color:#4f81bd" %)**cp /bin/bash /bin/rbash**
247	247
248		-**4):** (% style="color:#4f81bd" %)**sudo nano /etc/passwd**(%%)  ~-~-> Change /bin/bash to /bin/rbash
	234	+**4):** (% style="color:#4f81bd" %)**sudo nano /etc/passwd**(%%) ~-~-> Change /bin/bash to /bin/rbash
249	249
250	250	**5):** (% style="color:#4f81bd" %)**sudo nano /home/xxxxx/.bashrc**(%%) **empty it,and input export PATH=$HOME/bin**
251	251
252	252	**6):** (% style="color:#4f81bd" %)**sudo nano /home/xxxxx/.bash_profile**(%%) **empty it,and input export PATH=$HOME/bin**
253	253
	240	+**Now user "XXXXX" is the user with limited permissions of the current system**
254	254
255		-(% style="color:red" %)**Now user "XXXXX" is the user with limited permissions of the current system**
256	256
	243	+=== **2.2.2 How does user get the gateway to connect to a user's private server** ===
257	257
	245	+===== **2.2.2.1 Step 1 : Come bace the gateway web UI for get the gateway Public key** =====
258	258
259		-=== **2.2.2  How does user get the gateway to connect to a user's private server** ===
	247	+1) in the system ~-~-> (% style="color:#4f81bd" %)**Remote Mgmt**
260	260
261		-
262		-===== (% style="color:blue" %)**Step 1 : Come bace the gateway web UI for get the gateway Public key**(%%) =====
263		-
264		-
265		-**1) **in the system ~-~-> (% style="color:#4f81bd" %)**Remote Mgmt**
266		-
267	267	[[image:image-20220527110531-7.png]]
268	268
269	269	Remote Mgmt
270	270
271	271
	254	+===== **2.2.2.2 Step 2 : Authorization server** =====
272	272
273		-===== (% style="color:blue" %)**Step 2 : Authorization server**(%%) =====
274		-
275		-
276	276	copy the Gateway Publickey into user's private server "/home/XXXXX/.ssh/authorized_keys" file.
277	277
278	278	[[image:image-20220527110625-8.png]]
...	...	@@ -280,10 +280,8 @@
280	280	Publickey
281	281
282	282
	263	+===== **2.2.2.3 Step 3 : connecte private server** =====
283	283
284		-===== (% style="color:blue" %)**Step 3 : connecte private server**(%%) =====
285		-
286		-
287	287	in the gateway web UI
288	288
289	289	[[image:image-20220527110700-9.png]]
...	...	@@ -290,22 +290,19 @@
290	290
291	291	gateway web UI
292	292
293		-
294	294	(% class="box" %)
295	295	(((
296		-(% style="color:#4f81bd" %)**Connection Type **(%%) :  If user's least privileged user with private server uses a password, select (% style="color:#4f81bd" %)**Public Key**(%%)
297		-(% style="color:red" %)**Note: if user's least privileged user no uses a password,choose from both is fine**(%%)
298		-(% style="color:#4f81bd" %)**Login ID**(%%) :  Input user name "eg : "XXXXX"
299		-(% style="color:#4f81bd" %)**Host Address**(%%)  :  Input user's private server address
300		-(% style="color:#4f81bd" %)**Connect at Startupt**(%%):  Choose to enable connect once device is powered.
	273	+(% style="color:#4f81bd" %)**Connection Type **(%%) : If user's least privileged user with private server uses a password, select (% style="color:#4f81bd" %)**Public Key**(%%)
	274	+**Note:if user's least privileged user no uses a password,choose from both is fine**
	275	+(% style="color:#4f81bd" %)**Login ID**(%%)             : Input user name "eg : "XXXXX"
	276	+(% style="color:#4f81bd" %)**Host Address**(%%)         : Input user's private server address
	277	+(% style="color:#4f81bd" %)**Connect at Startupt**(%%): Choose to enable connect once device is powered.
301	301	Click Save and then Connect
302	302	)))
303	303
304	304
	282	+===== **2.2.2.4 Step 4 : Cheak is fine** =====
305	305
306		-===== (% style="color:blue" %)**Step 4 : Cheak is fine**(%%) =====
307		-
308		-
309	309	Rssh Host connection Ok
310	310
311	311	[[image:image-20220527111009-10.png]]
...	...	@@ -320,38 +320,32 @@
320	320	Check the gateway
321	321
322	322
	298	+===== **2.2.2.5 Step 5 : Create an authorization key file** =====
323	323
324		-===== (% style="color:blue" %)**Step 5 : Create an authorization key file**(%%) =====
	300	+1):sudo mkdir /home/xxxxx/.ssh; sudo touch /home/xxxxx/.ssh/authorizedkey
325	325
326		-
327		-**1):**  sudo mkdir /home/xxxxx/.ssh; sudo touch /home/xxxxx/.ssh/authorizedkey
328		-
329	329	**Debug:**
330	330
331	331	(% class="box" %)
332	332	(((
333		-**~ check: sudo ls /home/xxxxx/.ssh/authorizedkey**
	306	+ check: sudo ls /home/xxxxx/.ssh/authorizedkey
334	334	)))
335	335
336	336
337		-=== **2.2.3  How to Ser up a Reverse SSH access** ===
	310	+=== **2.2.3 How to Ser up a Reverse SSH access** ===
338	338
	312	+==== **2.2.3.1 Step 1 : Log into the server system** ====
339	339
340		-==== (% style="color:blue" %)**Step 1 : Log into the server system**(%%) ====
341		-
342		-
343	343	[[image:image-20220527111145-12.png]]
344	344
345	345	Loging server
346	346
347	347
	319	+==== **2.2.3.2 Step 2 : access the gateway** ====
348	348
349		-==== (% style="color:blue" %)**Step 2 : access the gateway**(%%) ====
350		-
351		-
352	352	(% class="box" %)
353	353	(((
354		-**$ cd rssh-server/**
	323	+$ cd rssh-server/
355	355	)))
356	356
357	357	Check the gateway linking to the server $ ./connect-gw.sh -l
...	...	@@ -361,11 +361,8 @@
361	361	Check the gateway linking to the server
362	362
363	363
364		-
365	365	access the gateway $ ./connect-gw.sh <GWID>
366	366
367	367	[[image:image-20220527111300-14.png]]
368	368
369	369	reverse ssh access the gateway
370		-
371		-