Feature request: ports & devices encoded in SSH username #119
Comments
|
I'm going to archive this for now, It takes care of itself at least in part with ser2net 4.x I've tested ser2net 4 in the past, has to be built manually. They still have 3.x in the package repo. 4.x is re-architected and supports more connection methods including SSH, so you could map ssh on port 7001 to a particular adapter. May experiment a bit, then revisit if there are some useful things along these lines in the future, but have some re-factoring and cleanup I need to get done. You could launch directly to items and even bypass the menu entirely with something like |
|
Any chance you can give some additional examples, or point us to a how-to? From what I can see, ser2net 4 does support gtlssh, but that isn't quite the same. Ideally, the goal would be SSH to a either a known port, or a username:port combo, and have it connect directly to a serial port. |
|
Well $h!t, I thought ser2net handled that, but your assessment is correct... gtlssh not the same, and looks to me to require a more cumbersome configuration than what it's worth. The easiest way to ssh and connect directly is by sending the command/args as in alias your-alias-name 'ssh -t BarnPi.consolepi.org picocom /dev/barn-4100 -b 115200'
alias con-usb0 'ssh -t BarnPi.consolepi.org picocom /dev/ttyUSB0'
# and so onand placing it in either /etc/bash_aliases.d (every user gets the alias) or place the alias in .bash_aliases in your home dir (you alone get the alias). Then you could just type There is another option, but you would have to configure the ssh server to listen on some alternative ports, then you can automate the connection to a specific adapter based on the port... either with one of the I'd have to think about how best to implement if I were to build something like that in. It sounds like you are connecting from a system that is not a ConsolePi and is not ConsolePi aware. The way I run it, may satisfy the desire, but I need to finish the tweaks to make a client-only ConsolePi install less of a custom thing (it's described on the GitHub, but it's a partially manual install). To describe that fully, I run ConsolePi in WSL (Ubuntu) on Windows, it has no local adapters, just adapters on any remotes (which it gets by using the Gdrive sync function, configured to pull-only, so wsl never adds itself just learns the remote ConsolePis). Then I can connect to any adapter on any ConsolePi in the environment via whatever the menu item# is. |
|
I did some testing and have one of my systems working ssh to port 22 get the linux shell, ssh to port 2202 directly connect to a specific device. I would need to provide config options for it so I know what ports you want mapped to what device along with the connection settings if you wanted to override the default (9600 8N1 None). On a system running bullseye wade@ConsolePi4:~ $ cat /etc/ssh/sshd_config.d/consolepi.conf
Port 22
Port 2202
AddressFamily any
ListenAddress 0.0.0.0
Match LocalPort 2202
ForceCommand /etc/ConsolePi/src/remote_launcher.py picocom /dev/sr-SDbranch-2930F-sw --baud 9600 --flow n --databits 8 --parity n --stopbits 1
Prior to bullseye It's certainly possible to build this into ConsolePi, but no estimate on timing at this point. For now you could try as highlighted above, (restart or restart sshd to take effect). |
|
That is exactly what I was looking for. Thank you. If you are looking for ideas, take a look at https://support.get-console.com/support/solutions/articles/5000712932-using-the-ssh-to-serial-port-feature-of-airconsole. It's a commercial product that does this. Not a good fit for a lot of the functionality that ConsolePI offers, but not a bad place to start. I think they are dynamically adding ports to the sshd in a similar fashion. |
|
This might help, but needs something to extract the part after the |
|
I need to play with it some more I did get this to work: Match User consolepi
AcceptEnv *
ForceCommand ( set -o posix ; set ) | grep -v _xspecs | grep -v LS_COLORSThat prints all defined variables and terminates which works,
If I'm using certificate auth the 2nd one ( Looking at the environment variables available I don't see anything with the text after the Will play with it some more when I have time. I can verify barn-gw is not actually a valid executable, and that it is a valid serial device, then I can have remote-launcher grab all the connection details for barn-gw from the config (if they differ from a default of 9600 8N1 None) Currently not sure how to process Re-opening in case someone else is familiar with ssh/sshd that can comment. |
|
Ok, research this I found a really weird old corner of OpenSSH: I think it could have future potential, but it's not going to be "easy". Most of the code is still there, but it doesn't seem to export the style data outside of |
|
This project currently uses the username to map to a serial device. |
Thanks for the heads up. I'll test it out. Would be good to have it as a separate process from sshd. Looks like it may do the trick. |
User would just `ssh -t <consolepi address> -p 2202 <device name>` The `-t` is key or picocom launches without a tty and tab completion and some other things break. `<device name>` is the name of the adapter. Which should be an alias like `r1-6300M-sw` but could also be `ttyUSB0` currently extract the baud and connection settings from ser2net config.
|
I finally got a chance to play with this. It worked... kinda. It has a couple of issues, the main one being it will fail to start if any of configured adapters are not available when it starts. There is also an issue related, on how it doesn't handle devices that drop-off and come back while it's running. Add to that, it's a bit on the cumbersome/time-consuming side to install golang (can't use apt, have to grab the more current one manually), then build it.... So I took another look at just manually doing something more reliable/simple using sshd. Commit bc4193a is the result. This is on the With a file Port 22
Port 2202
AddressFamily any
ListenAddress 0.0.0.0
Match LocalPort 2202
ForceCommand /etc/ConsolePi/src/remote_launcher.py $SSH_ORIGINAL_COMMANDThis would allow you to connect directly to a host using it's name (udev alias). You can use the default names i.e. So NOTE the I could allow for a |
|
@Pack3tL0ss Of course, I'll have to edit the file depending on what kind of serial adapter is connected, but this is awesome! A feature to |
|
@durd interesting alternative, hadn't considered that, but on systems with just a few connections makes sense.
Have to think about that. I should be able to add a mini menu once you exit the terminal something like m. launch consolepi-menu
x. exitIt would be the menu on the remote system. It would be setup to only do that when launched directly to a connection. I typically launch from my local menu to a remote. I already have all the remote connections in my locally launched menu, so it wouldn't make sense to launch on the remote (hopefully that all makes sense). |
I find it more useful with IP addresses than ports, I can have DNS-names for IPs, not ports! :)
I'd be happy with that, but of course only if you see it useful. It's not hard to ssh to ConsolePi's IP to open the menu. |
OpenGear console servers have a nice feature that lets you encode where you want to connect as part of the SSH username,
(if omitted, you get a normal SSH login to the embedded linux device).
This would be handy as it permits direct SSH access to specific devices, while keeping it secure and containing everything to a single port. It may require some magic in sshd to split out the user however.
I don't know if OpenGear ever published the patches they used to do that, but I suspect similar could be accomplished today with the AuthorizedKeysCommand
The text was updated successfully, but these errors were encountered: