Changes for page Remote Access Gateway

Last modified by Kilight Cao on 2022/07/25 10:47

From version < 2.4 >

edited by Xiaoling
on 2022/05/12 14:24

To version < 2.8 >

edited by Xiaoling
on 2022/05/12 14:52

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -70,10 +70,14 @@
 . Give a free port to the user and ask them to configure RSSH page in the gateway.
 . In your server or other machine, you will able to access to the end user device by below command:
--{{{  $ ssh   -p <End User Host Port>   root@<Host Address>
--}}}
++(% class="box" %)
++(((
++  $ ssh   -p <End User Host Port>   root@<Host Address>
++)))
++(((
  (% class="mark" %)**Remote RSSH Access allow the gateway to connect to SSH server as well. This will create risk to the RSSH server. Please make sure the account use for Gateway Access has the lowest access right.**
++)))
  ==== 2.1.2.1 Note for set up RSSH server ====
@@ -94,13 +94,15 @@
  Below gateway support reverse SSH access:
--{{{   Firmware Version >lgw--build-v5.4.1618196981-20210412-1111 Firmware Download
++(% class="box" %)
++(((
++   Firmware Version >lgw~-~-build-v5.4.1618196981-20210412-1111 Firmware Download
     LG01N, OLG01N (Note: LG01-P LG01-S doesn't support)
     LG02, OLG02
     LG308, DLOS8
     LPS8
     LIG16
--}}}
++)))
  === 2.2.1 End User Guide to use SSH access ===
@@ -114,6 +114,7 @@
  git clone rssh-server
++
 ).cd rssh-server; sudo make ~-~--> to Generate the execute file：rssh_serv
  [[image:https://wiki.dragino.com/images/thumb/e/e3/Generate_the_execute_file.png/500px-Generate_the_execute_file.png||height="103" width="500"]]
@@ -122,21 +122,27 @@
  **Debug** :
--{{{ if you git fail.     -->    sudo: git: command not found.
-- please install git.  -->    yum install git -y  or  apt-get install git -y.
--}}}
++(% class="box" %)
++(((
++ if you git fail.       ~-~->    (% class="mark" %)**sudo: git: command not found.**(%%)
++please install git.  ~-~->    (% class="mark" %)**yum install git -y  or  apt-get install git -y. **
++)))
--{{{ if you make error 127,it lack of gcc.
-- please install gcc.    -->yum install gcc.
--}}}
++(% class="box" %)
++(((
++ if you make error 127,it** (% class="mark" %)lack of gcc.(%%)**
++please install gcc.    ~-~->(% class="mark" %)**yum install gcc.**
++)))
  [[image:https://wiki.dragino.com/images/d/d7/Lack_of_gcc.png||height="174" width="434"]]
  lack of gcc
--{{{ if you make a fatal error : sqlite3.h,it lack of sqlite3.
-- please insatell sqlite3.
--}}}
++(% class="box" %)
++(((
++ if you make a fatal error : sqlite3.h,it (% class="mark" %)**lack of sqlite3.**(%%)
++please insatell **sqlite3**.
++)))
  [[image:https://wiki.dragino.com/images/thumb/9/93/Lack_of_sqlite3.png/500px-Lack_of_sqlite3.png||height="137" width="500"]]
@@ -144,25 +144,28 @@
  How to install Sqlit3
--{{{ Step1:Download the SQLit3 installation package
--           sudo wget
-- Step2:tar the SQLit3 installation package
++(% class="box" %)
++(((
++Step1:Download the SQLit3 installation package
++           sudo wget [[https:~~/~~/www.sqlite.org/2021/sqlite-autoconf-3350400.tar.gz>>url:https://www.sqlite.org/2021/sqlite-autoconf-3350400.tar.gz]]
++Step2:tar the SQLit3 installation package
             sudo tar -zxvf sqlite-autoconf-3350300.tar.gz
-- Step3:Generate the makefile
++Step3:Generate the makefile
             cd sqlite-autoconf-3350300/;./configure
-- Step4:Compile makefile
++Step4:Compile makefile
             sudo make
-- Step5:Install makefile
++Step5:Install makefile
             sudo make install
-- Check:
--           cd /usr/local/bin;ls -al                             -->    Check to see if there is a file for sqlite3
--           cd sqlite-autoconf-3350300/;./sqlite3 test.db        -->    Test whether the sqlite3 was installed successfully
-- debug:
++Check:
++           cd /usr/local/bin;ls -al                             ~-~->    Check to see if there is a file for sqlite3
++           cd sqlite-autoconf-3350300/;./sqlite3 test.db        ~-~->    Test whether the sqlite3 was installed successfully
++debug:
            If you get the imformation that is SQLite header and source version mismatch, when you execute./sqlite3 test.db.
            Please execute the command /sbin/ldconfig.
            After that execute the command ./sqlite3 test.db again.
--}}}
++)))
++
  ===== 2.2.1.1.2 Step 2 :Install and run the RSS service =====
 ):intall database for /var/rsshdb.sqlite3 and Server development port for 3721(The default is 3721)
@@ -169,10 +169,12 @@
  user must enter the root account and run the following commands
--{{{ $ ./create_sqlite3_db.sh
-- $ ./rssh_serv -p  3721 2>&1 &
-- $ ps -ef | grep rssh_serv check 3721 port
--}}}
++(% class="box" %)
++(((
++$ ./create_sqlite3_db.sh
++$ ./rssh_serv -p  3721 2>&1 &
++$ ps -ef | grep rssh_serv check 3721 port
++)))
  [[image:https://wiki.dragino.com/images/thumb/c/cb/Intall_database_and_server_development_port.png/500px-Intall_database_and_server_development_port.png||height="70" width="500"]]
@@ -180,40 +180,47 @@
  **Debug:**
--{{{ Check /var/rsshdb.sqlite3 --> ls /var/rsshdb.sqlite3
-- Check ls /var/rsshdb.sqlite3 --> sudo chmod 777 rssh_serv
--}}}
++(% class="box" %)
++(((
++Check /var/rsshdb.sqlite3 ~-~->(% class="mark" %)** ls /var/rsshdb.sqlite3**(%%)
++Check ls /var/rsshdb.sqlite3 ~-~-> (% class="mark" %)**sudo chmod 777 rssh_serv**
++)))
--{{{ if fail to open dpvlry or to bind to it
-- please kill rssh_serv,and run  ./rssh_serv -p  3721 2>&1 &  again
--}}}
++(% class="box" %)
++(((
++if** fail to open dpvlry or to bind to it**
++please kill rssh_serv,and run (% class="mark" %)** ./rssh_serv -p  3721 2>&1 &** (%%) again
++)))
++
  ===== 2.2.1.1.3 Step 3 :Create a minimal SSH user (reverse SSH proxy for the gateway) =====
--1):sudo useradd XXXXX (custom user name)
++1):(% class="mark" %)**sudo useradd XXXXX**(%%) (custom user name)
--2):sudo passwd xxxxxx
++2):(% class="mark" %)**sudo passwd xxxxxx**
--3):cp /bin/bash /bin/rbash
++3):(% class="mark" %)**cp /bin/bash /bin/rbash**
--4):sudo nano /etc/passwd ~-~-> Change /bin/bash to /bin/rbash
++4):(% class="mark" %)**sudo nano /etc/passwd**(%%) ~-~-> Change /bin/bash to /bin/rbash
--5):sudo nano /home/xxxxx/.bashrc **empty it,and input export PATH=$HOME/bin**
++5):(% class="mark" %)**sudo nano /home/xxxxx/.bashrc**(%%) **empty it,and input export PATH=$HOME/bin**
--6):sudo nano /home/xxxxx/.bash_profile **empty it,and input export PATH=$HOME/bin**
++6):(% class="mark" %)**sudo nano /home/xxxxx/.bash_profile**(%%) **empty it,and input export PATH=$HOME/bin**
  **Now user "XXXXX" is the user with limited permissions of the current system**
++
  === 2.2.2 How does user get the gateway to connect to a user's private server ===
  ===== 2.2.2.1 Step1: Come bace the gateway web UI for get the gateway Public key =====
--1)in the system ~-~-> Remote Mgmt/span>
++1)in the system ~-~-> (% class="mark" %)**Remote Mgmt/span>**
  [[image:https://wiki.dragino.com/images/thumb/8/8f/Remote_Mgmt.png/500px-Remote_Mgmt.png||height="367" width="500"]]
  Remote Mgmt
++
  ===== 2.2.2.2 Step2: Authorization server =====
  copy the Gateway Publickey into user's private server "/home/XXXXX/.ssh/authorized_keys" file.
@@ -222,6 +222,7 @@
  Publickey
++
  ===== 2.2.2.3 Step3: connecte private server =====
  in the gateway web UI
@@ -230,14 +230,17 @@
  gateway web UI
--{{{Connection Type      : If user's least privileged user with private server uses a password, select Public Key
--Note:if user's least privileged user no uses a password,choose from both is fine
--Login ID             : Input user name "eg : "XXXXX"
--Host Address         : Input user's private server address
--Connect at Startupt: : Choose to enable connect once device is powered.
++(% class="box" %)
++(((
++(% class="mark" %)**Connection Type **(%%)     : If user's least privileged user with private server uses a password, select (% class="mark" %)**Public Key**(%%)
++**Note:if user's least privileged user no uses a password,choose from both is fine**
++(% class="mark" %)**Login ID**(%%)             : Input user name "eg : "XXXXX"
++(% class="mark" %)**Host Address**(%%)         : Input user's private server address
++(% class="mark" %)**Connect at Startupt**(%%): Choose to enable connect once device is powered.
  Click Save and then Connect
--}}}
++)))
++
  ===== 2.2.2.4 Step 4 :Cheak is fine =====
  Rssh Host connection Ok
@@ -246,9 +246,10 @@
  Rssh Host connection Ok
++
  user can use common ps | grep ssh to check it in the gateway.
--[[image:https://wiki.dragino.com/images/thumb/a/ad/Check_the_gateway.png/500px-Check_the_gateway.png||height="47" width="500"]]
++[[image:https://wiki.dragino.com/images/thumb/a/ad/Check_the_gateway.png/500px-Check_the_gateway.png]]
  Check the gateway
@@ -259,8 +259,10 @@
  **Debug:**
--{{{ check: sudo ls /home/xxxxx/.ssh/authorizedkey
--}}}
++(% class="box" %)
++(((
++ check: sudo ls /home/xxxxx/.ssh/authorizedkey
++)))
  === 2.2.3 How to Ser up a Reverse SSH access ===
@@ -270,11 +270,11 @@
  Loging server
++
  ==== 2.2.3.2 Step2:access the gateway ====
  $ cd rssh-server/
--
  Check the gateway linking to the server $ ./connect-gw.sh -l
  [[image:https://wiki.dragino.com/images/thumb/e/ee/Check_gateway_link_server.png/500px-Check_gateway_link_server.png||height="157" width="500"]]

Changes for page Remote Access Gateway

Summary

Details

Applications

Navigation