Difference between revisions of "SSH Tunnel Utility"

From HSYCO
Jump to navigation Jump to search
Line 30: Line 30:
 
  TIME 1800 : USER sshtunnel.enable = false
 
  TIME 1800 : USER sshtunnel.enable = false
  
=== User commands ==
+
=== User commands ===
  
 
{| class="wikitable"
 
{| class="wikitable"

Revision as of 17:04, 14 October 2020

Manager SSH Tunnel Utility Icon.png The SSH Tunnel Utility allows to create secure reverse SSH-based connection tunnels to a remote SSH server (hub). Up to three concurrent tunnels can be established, one for local SSH console access, one for the HTTPS Web server connections and one additional (AUX) tunnel to any local service network port like, for example, the Modbus TCP Gateway server.

SSH Tunnel Utility


A tunnel is configured by setting the local TCP port of a network server, and the remote TCP port for the tunnel on the remote SSH server. Connecting to the TCP port associated to a tunnel on the remote server will route the connection and all established traffic, through the tunnel, to the local TCP port defined in the tunnel configuration.

Thanks to the SSH tunnels, a local HSYCO Server that lacks inbound connectivity, could still be accessed via a remote and accessible SSH server configured as a tunnel end-point.

The tunnel configuration parameters can be modified only when tunneling is not enabled.

The "SSH hub host name" is the network name or IP address of the remote SSH tunnel server (hub).

In order to establish a secure connection, the SSH Tunnel Utility authenticates on the remote SSH tunnel server with the user id set in "SSH user on hub" and the "SSH public key" of the HSYCO Server, that must be copied into the "authorized_keys" file on the hub for that user.

If the SSH, HTTPS or AUX port number fields are left empty, the corresponding tunnel is not activated.

Note that the tunnels are only active while HSYCO is running. Restarting HSYCO, all connections established through the tunnels, including the SSH connection, are dropped.


The configuration API

The SSH Tunnel Utility can be dynamically configured, and the tunnel service enabled and disabled, with USER calls in ENVENTS and the user() command in Java or JavaScript.

In the following EVENTS example, the tunnel is enabled at 08:00 and disabled at 18:00.

TIME 0800 : USER sshtunnel.enable = true
TIME 1800 : USER sshtunnel.enable = false

User commands

ID Value R/W Description
backlight.brightness <brightness> R the current backlight brightness of HSYCO Pi Touch Display
W set brightness of HSYCO Pi Touch Display to a value between 0 (off) and 255 (max)
battery
(base/ups only)
0 R power supply is available
1 R power supply failure, running on UPS battery
beep
(base/ups/mini only)
0 R buzzer is off
1 R buzzer is on
off W turn buzzer off
on W turn buzzer on (continuous tone)
<duration> W turn buzzer on for <duration> seconds (decimals allowed)
<duration>;<pause> W turn buzzer on for <duration> seconds, then pause for <pause> seconds (decimals allowed)
cpu.temperature <temperature> R the current CPU core temperature in Celsius degrees
led
(cm only)
0 R led is off
1 R led is on
off W turn led off
on W turn led on
<duration> W turn led on for <duration> seconds (decimals allowed)
<duration>;<pause> W turn led on for <duration> seconds, then pause for <pause> seconds (decimals allowed)
heartbeat
(base/ups/cm only)
0 R heartbeat line is off
W set heartbeat line to off
1 R heartbeat line is on
W set heartbeat line to on
shutdown
(base/ups/cm only)
0 R shutdown line is off
1 R shutdown line is on
W set shutdown line to on (Strato will wait approximately 60 seconds, then execute a power off-on cycle). Once the shutdown line is set to on, the power cycle procedure can't be reset. On Strato Pi CM, a hardware reset of the Compute Module is performed, while the power is not removed
timeout
(base/ups/cm only)
0 R hardware watchdog timeout line is off
1 R hardware watchdog timeout line is on. Strato will set this line to on, then wait approximately 60 seconds and execute a power off-on cycle. On Strato Pi CM, a hardware reset of the Compute Module is performed, while the power is not removed
watchdog
(base/ups/cm only)
0 R hardware watchdog is disabled
W disables the hardware watchdog
1 R hardware watchdog is enabled
W enables the hardware watchdog. When enabled, Strato should see an off-on transition on the hearbeat line at least every 60 seconds, otherwise a power cycle will be initiated, setting the timeout line on, then waiting 60 seconds, removing power to the Pi for 5 seconds, and finally restoring power. On Strato Pi CM, a hardware reset of the Compute Module is performed, while the power is not removed