| View previous topic :: View next topic |
| Author |
Message |
trapni
Retired Dev
Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin
|
 Posted: Thu Sep 05, 2002 5:10 pm Post subject: Reverse Telnet/SSH for Administration |
 |
|
Hi all,
Motivation:
As you all know, telnet and ssh allow you to login into remote systems. This is nice to do some stuff there, you perhaps do complex calculation on that remote system from your local box without loosing any CPU time used by the remotely executed complex calculations.
What if you now want to act on your server, but need to save as much CPU time as possible?
Requirements:- one server box (or any other remote gentoo)
- one client box with identical or at least compatible architecture
- well configured server/desktop
- server beeing able to export / to desktop ultimativily (see man exports for mor information about)
Imagine this case, you have two Gentoo boxes, one acting as your server, and one beeing your desktop box, both are reachable from your LAN, your server is your broadband to the internet.
While you definitely feel free to update your desktop box nearly every day without caring about cpu usage nor about availability, it isn't recommented to do so on your server, too. gcc, invoked by emerge, is eating to much CPU on a running server system wich should still stay to serve as before.
Now let's do a trick to save the server's CPU time. Look here:
Initialization
| Code: | desktop root $ mkdir -p /mnt/server
desktop root $ mount server:/ /mnt/server
desktop root $ mount -o bind /proc /mnt/server/proc
desktop root $ chroot /mnt/server /bin/bash
desktop / $ env-update
>>> Regenerating /etc/ld.so.cache...
desktop / $ source /etc/profile
desktop / $ |
Okay, what did we do? We just got our server system into our local machine, our desktop. Now we have exactly the server environemnt on our desktop, except the hardware. The hardware has changed, to hopefully the better one, but compatible. This increases compilation and other administrative task's speed. That means, we have a locial reversed telnet session on our desktop to the server we talk about.
Now you can do any administrative tasks you like, most often used will probably indefinite be emerge -bu system ;)
To exit the virtual server environment, you must care about the instructions below:
CleanUp:
| Code: | desktop / $ exit
desktop root $ umount /mnt/server/proc
desktop root $ umount /mnt/server
desktop root $ rmdir /mnt/server |
Well done.
If you have some questions/comments/suggestions about that article, feel free to PM or post reply me ;)
Cheers,
Christian Parpart |
|
| Back to top |
|
 |
theneopro
Tux's lil' helper
Joined: 08 Aug 2002
Posts: 90
|
| Posted: Fri Sep 06, 2002 6:19 pm Post subject: Intresting |
|
|
I am not that up to date with utilizing ssh yet, but I feel this might come in handy. Now to clarify the creation and mounting of /mnt/server locally, Is this like using the Samba share??? or just tricking the session into a remote mount?
just curious...
-Mykey
_________________
___________________________________
- The Rain Forest,
That sounds wet!!!! |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Fri Sep 06, 2002 10:42 pm Post subject: Re: Reverse Telnet/SSH for Administration |
|
|
| trapni wrote: | | Okay, what did we do? We just got our server system into our local machine, our desktop. Now we have exactly the server environemnt on our desktop, except the hardware. The hardware has changed, to hopefully the better one, but compatible. This increases compilation and other administrative task's speed. That means, we have a locial reversed telnet session on our desktop to the server we talk about. |
You didn't establish a reverse telnet session, you simply mounted a remote filesystem and are performing operations on it locally. It's not anything like reverse telnet.
A normal telnet connection works like this: a client connects to a server, logs in, and gets a shell prompt where they can type commands. A reverse telnet connection (by standard definitions) works like this: a server connects to a client and provides a shell prompt. Trojans sometimes do this to "phone home" and give their creator a root prompt so the person can do whatever they like on their system.
So, to clarify, that's not what you just did, therefore your post is mis-named. 
_________________
I don't believe in witty sigs. |
|
| Back to top |
|
|
trapni
Retired Dev
Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin
|
| Posted: Sat Sep 07, 2002 1:40 am Post subject: Re: Reverse Telnet/SSH for Administration |
|
|
| delta407 wrote: | | So, to clarify, that's not what you just did, therefore your post is mis-named. ;) |
So, okay, thanks, I understand. But, as you probably have seen, English can't be my native language, even if I would like so :( All I wanna say is, sorry for that kindly bad named subject, how would you name it? (How to save cpu on remote systems for administration)? Sorry, I really can't bring it up in a short sentence to clarify what I intend to offer in this article :( But this hopefully doesn't make the content helpless..... thanks ;) |
|
| Back to top |
|
|
delta407
Bodhisattva
Joined: 23 Apr 2002
Posts: 2876
Location: Chicago, IL
|
| Posted: Sat Sep 07, 2002 1:58 am Post subject: Re: Reverse Telnet/SSH for Administration |
|
|
Nah, don't worry, it's fine. I was just expecting someone to have a nice tip as to how to do reverse SSH.
_________________
I don't believe in witty sigs. |
|
| Back to top |
|
|
blk_jack
Apprentice
Joined: 10 May 2002
Posts: 298
Location: Toronto
|
| Posted: Sat Sep 07, 2002 6:21 am Post subject: Re: Intresting |
|
|
| theneopro wrote: | I am not that up to date with utilizing ssh yet, but I feel this might come in handy. Now to clarify the creation and mounting of /mnt/server locally, Is this like using the Samba share??? or just tricking the session into a remote mount?
just curious... |
Remember to read the post well.
| trapni wrote: | Requirements:
* one server box (or any other remote gentoo)
* one client box with identical or at least compatible architecture
* well configured server/desktop
* server beeing able to export / to desktop ultimativily (see man exports for mor information about) |
Especially that last little tidbit of information. |
|
| Back to top |
|
|
theneopro
Tux's lil' helper
Joined: 08 Aug 2002
Posts: 90
|
| Posted: Sat Sep 07, 2002 9:46 pm Post subject: Re: Intresting |
|
|
| Quote: | * server beeing able to export / to desktop ultimativily (see man exports for mor information about)
Especially that last little tidbit of information. |
thanks blk_jack,
That is was sent me to eL cOnfus-0 land 
Hence, why we ask what the screen says.....
-Mykey
P.S. next time before i post i will be certain i read before i jump into it.
_________________
___________________________________
- The Rain Forest,
That sounds wet!!!! |
|
| Back to top |
|
|
numerodix
l33t
Joined: 18 Jul 2002
Posts: 743
Location: nl.eu
|
| Posted: Wed Oct 30, 2002 11:39 pm Post subject: |
|
|
trapni, thanks a lot for putting me on the trail! I've been trying to get this working for a while since I saw your thread and I think I finally succeeded.
Assuming you are logged in as root while mounting, make sure you have "no_root_squash" set on the server box.
| Code: | #/etc/exports
/ workstation(rw,no_root_squash) |
Last edited by numerodix on Wed Oct 30, 2002 11:40 pm; edited 1 time in total |
|
| Back to top |
|
|
trapni
Retired Dev
Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin
|
| Posted: Thu Oct 31, 2002 6:05 am Post subject: |
|
|
Well, sorry, no_root_squash, I surely forgot to mention this, sorry. It's in my exports, too
Cya, Christian. |
|
| Back to top |
|
|
numerodix
l33t
Joined: 18 Jul 2002
Posts: 743
Location: nl.eu
|
| Posted: Thu Oct 31, 2002 6:50 pm Post subject: |
|
|
Thanks for telling me now, I've been looking all over for this!  |
|
| Back to top |
|
|
no2bl
n00b
Joined: 26 Oct 2002
Posts: 10
|
| Posted: Tue Nov 12, 2002 1:23 pm Post subject: |
|
|
I tried doing the same using samba share but failed. What is no_root_squash? Anything in samba to do the same? What is DeprecationWarning?
Thanks
no2bl
| Code: |
root@mv42n # smbmount //m2/gentoo /mnt/gentoo -o username=root -o umask=000
Password:
root@mv42n # mount /proc /mnt/gentoo/proc -o bind
root@mv42n # chroot /mnt/gentoo /bin/bash
root@mv42n # env-update
/usr/lib/python2.2/fcntl.py:7: DeprecationWarning: the FCNTL module is deprecated; please use fcntl
DeprecationWarning)
>>> Regenerating /etc/ld.so.cache...
|
| Code: |
root@mv42n # emerge less
/usr/lib/python2.2/fcntl.py:7: DeprecationWarning: the FCNTL module is deprecated; please use fcntl
DeprecationWarning)
Calculating dependencies ...done!
>>> emerge (1 of 1) sys-apps/less-378 to /
>>> md5 ;-) less-378.tar.gz
>>> Unpacking source...
>>> Unpacking less-378.tar.gz
>>> Source unpacked.
creating cache ./config.cache
checking for gcc... gcc
checking whether the C compiler (gcc -O2 -mcpu=i686 -pipe ) works... cat: -: No such file or directory
no
configure: error: installation or configuration problem: C compiler cannot create executables.
!!! ERROR: The ebuild did not complete successfully.
!!! Function src_compile, Line 2, Exitcode 1
!!! (no error message)
root@mv42n #
|
| Code: |
root@mv42n # cd /usr/src/linux
root@mv42n # make menuconfig
rm -f include/asm
rm: cannot remove `include/asm': Is a directory
make: *** [symlinks] Error 1
root@mv42n #
|
|
|
| Back to top |
|
|
trapni
Retired Dev
Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin
|
| Posted: Tue Nov 12, 2002 1:33 pm Post subject: |
|
|
What version of portage are you using? (type: emerge --version)
What kind of python are you using? (because I didn't find the fcntl.py as mentioned in your dump, check whether you've /usr/lib/python2.2/lib-dynload/fcntl.so instead)
Why emerge breaks down in building less may have different reasons. One could be, that you have splitted up your remote system in different partitions but didn't import them correctly. Another could be that the routine searching for these files is also defined in pything language and generates an probably an implicit error here.
Did you try NFS?
I can't try samba right now, I it seems that I am going to.
Greets,
Christian Parpart. |
|
| Back to top |
|
|
trapni
Retired Dev
Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin
|
| Posted: Tue Nov 12, 2002 1:37 pm Post subject: |
|
|
Okay, according to your posting change, "rm -f include/asm" really can't work, because it is a directory, try removing it recursively using "rm -rf include/asm".
But, sorry, why do you want to delete it?
Greets,
Christian Parpart. |
|
| Back to top |
|
|
no2bl
n00b
Joined: 26 Oct 2002
Posts: 10
|
| Posted: Tue Nov 12, 2002 2:04 pm Post subject: |
|
|
Opps, just check, the "DeprecationWarning" error happen on this host (cyrix m2) system as well. Re emerging the 2.2.1 right now to see what happen. slow... and done 2.2.1-r5 still no good. Still the same warning everytime I use emerge.
The portage version is 2.0.43. re-emerge portage didn't help either.
/usr/lib/python2.2/lib-dynload/fcntl.so is there
I did not issue "rm -f include/asm" it was part of (kickoff by) "make menuconfig". I think this error might not be related to the above warning.
I was trying to see if I could use the P4 to make a new kernel for the old cyrix m2. I have only samba network setup for the environment. On the host cyrix m2, emerge and compile kernel both OK even eith the warning.
no2bl |
|
| Back to top |
|
|
trapni
Retired Dev
Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin
|
| Posted: Tue Nov 12, 2002 4:12 pm Post subject: |
|
|
Assuming that Cyrix M2 is compatible to the P4 it shouldn't be the problem. However, it may be probably a portage bug?
What about emerging less locally? Does this work?
Furthermore, you can use the tool strace to trace the system calls for emerge. dump the output into a log file, than search for the error message and what functions actually was invoked. This may help to find the error and probably fix.
If you're sure that this is a bug in portage, send also a *detailed* bugreport to https://bugs.gentoo.org
Greets,
Christian Parpart.
p.s.: no_root_squash means that root may do root operations on imported NFS directories. |
|
| Back to top |
|
|
no2bl
n00b
Joined: 26 Oct 2002
Posts: 10
|
| Posted: Wed Nov 13, 2002 6:42 am Post subject: |
|
|
All local operation on Cyrix M2 work OK. The Warning is still there on the local on the Cyrix M2 system but emerge less or other modules work fine. I use i686 for Cyrix M2 seem OK so far.
Wonder where this warning came from and how to clear it ? Emerge portage and phthon has no effect to it.
| Code: |
/usr/lib/python2.2/fcntl.py:7: DeprecationWarning: the FCNTL module is deprecated; please use fcntl
DeprecationWarning)
|
I guess tracing the problem is not what I could do at this stage of my Linux skill  . Maybe I will try the NFS route if I could find some time to set it up and build the right kernel this weekend. On the Cyris M2 is kind of slow.
no2bl |
|
| Back to top |
|
|
trapni
Retired Dev
Joined: 16 May 2002
Posts: 251
Location: Germany/Berlin
|
| Posted: Fri Jan 10, 2003 1:31 am Post subject: |
|
|
Hi,
just for those still or now interested in. Since I need it some more frequently I wrote little script that automatically does the setup for you each time you want to fake a foreigns environment.
What does the script:
When you're logged in to a machine X-host (with better hardware) and want to do some stuff on machine Z-host (wich allows nfs exporting of root dir /) you may surely want to call this script as follows:
This script does automatically mount the remote directories needed as well as binds the the local required into, too. Afterthen fakehost.sh provides you a already initialized environment using chroot shell (we all know this already). Already initialized means the standard procedure you would do every chroot (env-update, source /etc/profile ATM).
Once you've done your things in that virtual environment just type exit to exit it. fakehost.sh also does an automatic cleanup, but remember once this script terminated unexpected to call fakehost.sh Z-host cleanup by hand.
As you see, this script is tweaked for Gentoo 
And here'
| Code: | #! /bin/sh
# Written by Christian Parpart <cparpart@surakware.net>
# $Id: fakehost.sh,v 1.3 2003/01/10 01:20:27 cparpart Exp $
# usage: fakehost.sh HOST [cleanup]
# NOTE: it is usefull to have this script either installed in /usr/local/bin
# or for each host in the same place (e.g. /usr/bin) you wanna fake from
# and wanna fake to.
host="$1"
prefix_prefix="/tmp"
prefix=${prefix_prefix}/${host}
cleanup() {
# TODO: kill all processes still active inside one of these directorys
( umount ${prefix}/home
umount ${prefix}/usr/local
umount ${prefix}/proc
umount ${prefix}/dev
umount ${prefix}
) &> /dev/null
rmdir ${prefix} &> /dev/null && echo "Cleanup succeed" || echo "Cleanup failed"
mount | grep ${prefix}
}
error() {
cleanup
echo "An error occurred: ${*}"
exit 1
}
init() {
mkdir -p ${prefix}
mount ${host}:/ ${prefix} || error "Error mounting ${host}:/"
mount --bind /dev ${prefix}/dev || error "Error binding /dev"
mount --bind /proc ${prefix}/proc || error "Error binding /proc"
mount --bind /usr/local ${prefix}/usr/local || error "Error binding /usr/local"
# /home is exported to jupiter's /home so, just binding our own
# saves net traffic and though speeds up further work
# NOTE: THIS MUST NOT BE THE CASE FOR YOU, SO COMMENT THIS OUT THEN.
# TODO: check wheter faked host has mounted our /home, so that binding
# may be done in a generic way (for anyone ;)
mount --bind /home ${prefix}/home || error "Error binding /home"
}
run_local() {
cd ${HOME}
env-update
source /etc/profile
echo "Type exit to leave virtual environment."
/bin/sh
}
run() {
init
chroot ${prefix} "$0" --local
cleanup
}
if [ "$1" = "--local" ]; then
run_local
elif [ "$2" = "cleanup" -o "$1" = "clean" ]; then
cleanup
elif [ "$2" = "" -a "$1" != "" ]; then
run
else
echo "usage: $0 HOST [cleanup]"
fi |
This script is also available at http://cparpart.surakware.net/public/fakehost.sh
When you've some comments how to improve the useability (and implement, probably), please feel free to tell me
I hope you have fun with it
Greetings,
Christian Parpart. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Documentation, Tips & Tricks
