From 4384a2973993b8b0f572912026f45e9ee910e3ec Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sat, 23 May 2020 20:14:41 +0200 Subject: console-server: T2490: initial support --- debian/control | 1 + 1 file changed, 1 insertion(+) (limited to 'debian') diff --git a/debian/control b/debian/control index 104a267ea..aa1e87e23 100644 --- a/debian/control +++ b/debian/control @@ -59,6 +59,7 @@ Depends: python3, iputils-arping, libvyosconfig0, beep, + ser2net, isc-dhcp-server, isc-dhcp-relay, keepalived (>=2.0.5), -- cgit v1.2.3 From a1ba7bae02673aca63a7006cf683ad5d541a5054 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Wed, 17 Jun 2020 22:52:08 +0200 Subject: console-server: T2490: replace ser2net with conserver --- debian/control | 3 ++- src/systemd/ser2net.service | 13 ------------- 2 files changed, 2 insertions(+), 14 deletions(-) delete mode 100644 src/systemd/ser2net.service (limited to 'debian') diff --git a/debian/control b/debian/control index aa1e87e23..42d0475e3 100644 --- a/debian/control +++ b/debian/control @@ -59,7 +59,8 @@ Depends: python3, iputils-arping, libvyosconfig0, beep, - ser2net, + conserver-server, + conserver-client, isc-dhcp-server, isc-dhcp-relay, keepalived (>=2.0.5), diff --git a/src/systemd/ser2net.service b/src/systemd/ser2net.service deleted file mode 100644 index a5b4243af..000000000 --- a/src/systemd/ser2net.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Serial to Network Proxy -ConditionPathExists=/run/ser2net/ser2net.conf -After=vyos-router.service - -[Service] -WorkingDirectory=/run/ser2net -PIDFile=/run/ser2net/ser2net.pid -ExecStart=/usr/sbin/ser2net -n -c /run/ser2net/ser2net.conf -P /run/ser2net/ser2net.pid -p localhost,2000 -Restart=always - -[Install] -WantedBy=multi-user.target -- cgit v1.2.3 From e59da2923cbbb21258cc9769b6a152d6af78abe6 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Thu, 18 Jun 2020 23:04:46 +0200 Subject: console-server: T2490: add SSH support A user can define a port under the SSH node per device. WHen connecting to that port and authenticating using regular credentials we will immediately drop to the serial console. This is the same as executing "connect serial-proxy ". --- debian/control | 1 + interface-definitions/service_serial-proxy.xml.in | 8 ++++++++ src/conf_mode/service_serial-proxy.py | 17 ++++++++++++----- src/systemd/dropbear@.service | 14 ++++++++++++++ src/systemd/dropbearkey.service | 11 +++++++++++ 5 files changed, 46 insertions(+), 5 deletions(-) create mode 100644 src/systemd/dropbear@.service create mode 100644 src/systemd/dropbearkey.service (limited to 'debian') diff --git a/debian/control b/debian/control index 42d0475e3..bf330c35c 100644 --- a/debian/control +++ b/debian/control @@ -59,6 +59,7 @@ Depends: python3, iputils-arping, libvyosconfig0, beep, + dropbear, conserver-server, conserver-client, isc-dhcp-server, diff --git a/interface-definitions/service_serial-proxy.xml.in b/interface-definitions/service_serial-proxy.xml.in index ca93fcac3..917af0122 100644 --- a/interface-definitions/service_serial-proxy.xml.in +++ b/interface-definitions/service_serial-proxy.xml.in @@ -73,6 +73,14 @@ + + + SSH remote access to this console + + + #include + + diff --git a/src/conf_mode/service_serial-proxy.py b/src/conf_mode/service_serial-proxy.py index 0dd1cfc6d..5f510d311 100755 --- a/src/conf_mode/service_serial-proxy.py +++ b/src/conf_mode/service_serial-proxy.py @@ -65,11 +65,11 @@ def verify(proxy): for tmp in proxy['device']: device = proxy['device'][tmp] if not device['speed']: - raise ConfigError(f'Speed must be defined!') + raise ConfigError(f'Serial port speed must be defined for "{tmp}"!') - if device['ssh']: - if not device['ssh']['port']: - raise ConfigError(f'SSH port must be defined!') + if 'ssh' in device.keys(): + if 'port' not in device['ssh'].keys(): + raise ConfigError(f'SSH port must be defined for "{tmp}"!') return None @@ -81,13 +81,20 @@ def generate(proxy): return None def apply(proxy): + call('systemctl stop conserver-server.service') + call('systemctl stop dropbear@*.service') + if not proxy: - call('systemctl stop conserver-server.service') if os.path.isfile(config_file): os.unlink(config_file) return None call('systemctl restart conserver-server.service') + + for device in proxy['device']: + if 'ssh' in proxy['device'][device].keys(): + call('systemctl restart dropbear@{device}.service') + return None if __name__ == '__main__': diff --git a/src/systemd/dropbear@.service b/src/systemd/dropbear@.service new file mode 100644 index 000000000..a4df6ad41 --- /dev/null +++ b/src/systemd/dropbear@.service @@ -0,0 +1,14 @@ +[Unit] +Description=Dropbear SSH per-connection server +Requires=dropbearkey.service +Wants=conserver-server.service +After=mongodb.service +After=dropbearkey.service vyos-router.service conserver-server.service + +[Service] +Type=forking +ExecStartPre=/usr/bin/bash -c '/usr/bin/systemctl set-environment PORT=$(cli-shell-api returnValue service serial-proxy device "%I" ssh port)' +ExecStart=-/usr/sbin/dropbear -w -j -k -r /etc/dropbear/dropbear_rsa_host_key -c "/usr/bin/console %I" -P /run/conserver/dropbear.%I.pid -p ${PORT} +PIDFile=/run/conserver/dropbear.%I.pid +KillMode=process + diff --git a/src/systemd/dropbearkey.service b/src/systemd/dropbearkey.service new file mode 100644 index 000000000..770641c8b --- /dev/null +++ b/src/systemd/dropbearkey.service @@ -0,0 +1,11 @@ +[Unit] +Description=Dropbear SSH Key Generation +ConditionPathExists=|!/etc/dropbear/dropbear_rsa_host_key + +[Service] +ExecStart=/usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target + -- cgit v1.2.3