Difference between revisions of "SSH Tunnel Utility"

From HSYCO
Jump to navigation Jump to search
 
(14 intermediate revisions by the same user not shown)
Line 13: Line 13:
  
 
The "SSH hub host name" is the network name or IP address of the remote SSH tunnel server (hub).
 
The "SSH hub host name" is the network name or IP address of the remote SSH tunnel server (hub).
 +
 +
Not standard ssh port numbers can be used following the host name or address with ":<port>".
  
 
In order to establish a secure connection, the SSH Tunnel Utility authenticates on the remote SSH tunnel server with the user id set in "SSH user on hub" and the "SSH public key" of the HSYCO Server, that must be copied into the "authorized_keys" file on the hub for that user.
 
In order to establish a secure connection, the SSH Tunnel Utility authenticates on the remote SSH tunnel server with the user id set in "SSH user on hub" and the "SSH public key" of the HSYCO Server, that must be copied into the "authorized_keys" file on the hub for that user.
Line 18: Line 20:
 
If the SSH, HTTPS or AUX port number fields are left empty, the corresponding tunnel is not activated.
 
If the SSH, HTTPS or AUX port number fields are left empty, the corresponding tunnel is not activated.
  
Note that the tunnels are only active while HSYCO is running. Restarting HSYCO, all connections established through the tunnels, including the SSH connection, are dropped.
+
{{note|Note that the tunnels are only active while HSYCO is running. Restarting HSYCO, all connections established through the tunnels, including the SSH connection, are dropped.}}
  
  
Line 35: Line 37:
 
!ID
 
!ID
 
!Value
 
!Value
!R/W
 
 
!Description
 
!Description
  
 
|-
 
|-
 
+
|rowspan="2" |sshtunnel.enable
|rowspan="2" |backlight.brightness
+
|true
|rowspan="2" |<brightness>
+
|enable the tunnels
|R
 
|the current backlight brightness of HSYCO Pi Touch Display
 
 
|-
 
|-
|W
+
|false
|set brightness of HSYCO Pi Touch Display to a value between 0 (off) and 255 (max)
+
|disable the tunnels
  
 
|-
 
|-
 +
|sshtunnel.host
 +
|<host>
 +
|the SSH hub host name or IP address. Not standard ssh port numbers can be used following the host name or address with ":<port>"
  
|rowspan="2" |battery<br>(base/ups only)
 
|0
 
|R
 
|power supply is available
 
 
|-
 
|-
|1
+
|sshtunnel.user
|R
+
|<user>
|power supply failure, running on UPS battery
+
|the user name on SSH hub used to connect from this unit
  
 
|-
 
|-
 +
|sshtunnel.ssh.port
 +
|<port>
 +
|the SSH port number on hub that will be tunnelled to this unit's SSH port
  
|rowspan="6" |beep<br>(base/ups/mini only)
 
|0
 
|R
 
|buzzer is off
 
|-
 
|1
 
|R
 
|buzzer is on
 
|-
 
|off
 
|W
 
|turn buzzer off
 
|-
 
|on
 
|W
 
|turn buzzer on (continuous tone)
 
|-
 
|<duration>
 
|W
 
|turn buzzer on for <duration> seconds (decimals allowed)
 
 
|-
 
|-
|<duration>;<pause>
+
|sshtunnel.https.port
|W
+
|<port>
|turn buzzer on for <duration> seconds, then pause for <pause> seconds (decimals allowed)
+
|the HTTPS port number on hub that will be tunnelled to this unit's HTTPS port
  
 
|-
 
|-
 
+
|sshtunnel.https.local.port
|cpu.temperature
+
|<port>
|<temperature>
+
|the local HTTPS port number
|R
 
|the current CPU core temperature in Celsius degrees
 
  
 
|-
 
|-
 +
|sshtunnel.aux.port
 +
|<port>
 +
|the AUX port number on hub that will be tunnelled to this unit's AUX port
  
|rowspan="6" |led<br>(cm only)
 
|0
 
|R
 
|led is off
 
 
|-
 
|-
|1
+
|sshtunnel.aux.local.port
|R
+
|<port>
|led is on
+
|the local AUX port number
|-
 
|off
 
|W
 
|turn led off
 
|-
 
|on
 
|W
 
|turn led on
 
|-
 
|<duration>
 
|W
 
|turn led on for <duration> seconds (decimals allowed)
 
|-
 
|<duration>;<pause>
 
|W
 
|turn led on for <duration> seconds, then pause for <pause> seconds (decimals allowed)
 
  
 
|-
 
|-
 
+
|rowspan="2" |sshtunnel.kill
|rowspan="4" |heartbeat<br>(base/ups/cm only)
+
|true
|rowspan="2" |0
+
|all running SSH processes will be killed at start-up
|R
 
|heartbeat line is off
 
 
|-
 
|-
|W
+
|false
|set heartbeat line to off
+
|don't kill SSH processes at start-up
|-
 
|rowspan="2" |1
 
|R
 
|heartbeat line is on
 
|-
 
|W
 
|set heartbeat line to on
 
  
|-
+
|}
 
 
|rowspan="3" |shutdown<br>(base/ups/cm only)
 
|0
 
|R
 
|shutdown line is off
 
|-
 
|rowspan="2" |1
 
|R
 
|shutdown line is on
 
|-
 
|W
 
|set shutdown line to on (Strato will wait approximately 60 seconds, then execute a power off-on cycle). Once the shutdown line is set to on, the power cycle procedure can't be reset. On Strato Pi CM, a hardware reset of the Compute Module is performed, while the power is not removed
 
 
 
|-
 
 
 
|rowspan="2" |timeout<br>(base/ups/cm only)
 
|0
 
|R
 
|hardware watchdog timeout line is off
 
|-
 
|1
 
|R
 
|hardware watchdog timeout line is on. Strato will set this line to on, then wait approximately 60 seconds and execute a power off-on cycle. On Strato Pi CM, a hardware reset of the Compute Module is performed, while the power is not removed
 
  
|-
+
{{note|The tunnel utility must not be enabled to change the configuration parameters with API commands.}}
 
 
|rowspan="4" |watchdog<br>(base/ups/cm only)
 
|rowspan="2" |0
 
|R
 
|hardware watchdog is disabled
 
|-
 
|W
 
|disables the hardware watchdog
 
|-
 
|rowspan="2" |1
 
|R
 
|hardware watchdog is enabled
 
|-
 
|W
 
|enables the hardware watchdog. When enabled, Strato should see an off-on transition on the hearbeat line at least every 60 seconds, otherwise a power cycle will be initiated, setting the timeout line on, then waiting 60 seconds, removing power to the Pi for 5 seconds, and finally restoring power. On Strato Pi CM, a hardware reset of the Compute Module is performed, while the power is not removed
 
 
 
|}
 

Latest revision as of 13:08, 15 March 2021

Manager SSH Tunnel Utility Icon.png The SSH Tunnel Utility allows to create secure reverse SSH-based connection tunnels to a remote SSH server (hub). Up to three concurrent tunnels can be established, one for local SSH console access, one for the HTTPS Web server connections and one additional (AUX) tunnel to any local service network port like, for example, the Modbus TCP Gateway server.

SSH Tunnel Utility


A tunnel is configured by setting the local TCP port of a network server, and the remote TCP port for the tunnel on the remote SSH server. Connecting to the TCP port associated to a tunnel on the remote server will route the connection and all established traffic, through the tunnel, to the local TCP port defined in the tunnel configuration.

Thanks to the SSH tunnels, a local HSYCO Server that lacks inbound connectivity, could still be accessed via a remote and accessible SSH server configured as a tunnel end-point.

The tunnel configuration parameters can be modified only when tunneling is not enabled.

The "SSH hub host name" is the network name or IP address of the remote SSH tunnel server (hub).

Not standard ssh port numbers can be used following the host name or address with ":<port>".

In order to establish a secure connection, the SSH Tunnel Utility authenticates on the remote SSH tunnel server with the user id set in "SSH user on hub" and the "SSH public key" of the HSYCO Server, that must be copied into the "authorized_keys" file on the hub for that user.

If the SSH, HTTPS or AUX port number fields are left empty, the corresponding tunnel is not activated.

Note that the tunnels are only active while HSYCO is running. Restarting HSYCO, all connections established through the tunnels, including the SSH connection, are dropped.


The configuration API

The SSH Tunnel Utility can be dynamically configured, and the tunnel service enabled and disabled, with USER calls in ENVENTS and the user() command in Java or JavaScript.

In the following EVENTS example, the tunnel is enabled at 08:00 and disabled at 18:00.

TIME 0800 : USER sshtunnel.enable = true
TIME 1800 : USER sshtunnel.enable = false

User commands

ID Value Description
sshtunnel.enable true enable the tunnels
false disable the tunnels
sshtunnel.host <host> the SSH hub host name or IP address. Not standard ssh port numbers can be used following the host name or address with ":<port>"
sshtunnel.user <user> the user name on SSH hub used to connect from this unit
sshtunnel.ssh.port <port> the SSH port number on hub that will be tunnelled to this unit's SSH port
sshtunnel.https.port <port> the HTTPS port number on hub that will be tunnelled to this unit's HTTPS port
sshtunnel.https.local.port <port> the local HTTPS port number
sshtunnel.aux.port <port> the AUX port number on hub that will be tunnelled to this unit's AUX port
sshtunnel.aux.local.port <port> the local AUX port number
sshtunnel.kill true all running SSH processes will be killed at start-up
false don't kill SSH processes at start-up
The tunnel utility must not be enabled to change the configuration parameters with API commands.