Thursday, May 15, 2008

Evolution (and Other Apps) - SSH - Corporate Proxy

So I thought I'd kick off your idea with something I recently posted to the UbuntuForums. This has helps me stick with Ubuntu at a client where I am currently stationed. I know this looks like a lot of reading but it is not that difficult and well worth the effort.

I needed an SSH server as the Corporate proxy does not have socks enabled. If socks was enabled I would simply have configured tsocks to point to that server.

1.Get access to the ssh server.
2.Login using

 ssh acidhawk@

3.Test connection to my mail server from the ssh server (if this didn't work I would have asked the sysadmin to enable socks support on the corporate network proxy.... )

 telnet 25 (smtp to send)
 telnet 110 (pop3 to receive)

4.End ssh session
5.Download tsocks to my local machine

 sudo apt-get install tsocks

6.Change /etc/tsocks.conf to point to my local machine

 change server = to server =

6.From a local shell setup ssh tunnel

 ssh -D 1080 acidhawk@

This opens a shell connection to if you close this shell your ssh tunnel will also close 
7.From a new shell on your local machine run

 tsocks evolution &

I didn't like having to type my password every time I connected so I did the following (which I got from ):

1.From a cmd shell on your local machine run

 ssh-keygen -t rsa

2.Change to your homedir and then go to the .ssh dir (you need to copy the generated key to the ssh server)
3.Copy the file to your homedir on the ssh server by typing
 scp acidhawk@

4.Connect to the ssh server 

 ssh acidhawk@

5.Run the following commands to add your public key to a file that will allow you kay access to the ssh server

 acidhawk@$ touch authorized_keys2
 acidhawk@$ chmod 600 authorized_keys2
 acidhawk@$ cat ../ >> authorized_keys2
 acidhawk@$ rm ../

6.Exit from the ssh server and run the following

 ssh -l acidhawk

7.After you have entered your passphrase you will be connected. Next time you run ssh acidhawk@ you will not be asked for your password.
8.Next I didn't want the ssh shell to be opened (I wanted it to run in background) so now I run the following to setup the tunnel

 ssh -N -f -D 1080 acidhawk@

9.Check that ssh is still running 

 ps -ef | grep

(you should see the command you just ran)

My next trick is to automate the tunnel setup if I am at this particular office. I don't want to run this when I am at home so I investigated editing my .bashrc as well as looked at setting the tunnel up from a startup script. Neither of these seemd like a good idea as I would have to still open a shell to run evolution like so (tsocks evolution &). I decided to create a script to run all the apps I wanted to be able to go through this tunnel (Evolution, RapidSvn, Eclipse etc) The following is the first attempt at this script. What I will do now is change all my menu launchers to the following

  myLauncher evolution -or - myLauncher rapidsvn etc.

myLauncher look as follows

Update: Now check if my 3G is connected and determine if I need to use tsocks when launching an app


MYIP=`ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}'`

if [ "$1" = "" ]; then
echo "Usage: $0 "
elif [ "$1" = "stop" ]; then
pid=`ps -ef | grep | grep -v grep | awk '{print $2}'`
if [ "$pid" != "" ]; then
kill -9 $pid
# Check if I am at ClientABC (My Address here is always
if [ "$MYIP" = "" ]; then
pid=`ps -ef | grep | grep -v grep | awk '{print $2}'`
if [ "$pid" = "" ]; then
echo "Setting up SSHTunnel for ClientABC..."
ssh -N -f -D 1080 acidhawk@

#Chech if my 3G is connected
PPP=`ifconfig ppp0 >/dev/null 2>&1`
if [ $? -ne 0 ]; then
echo "NO 3G detected - Launching $1 with \"tsocks\""
tsocks $1 >/dev/null 2>&1 &
echo "3G detected - Launching $1 without \"tsocks\""
$1 >/dev/null 2>&1 &

#I am not at any client so will not use tsocks
$1 >/dev/null 2>&1 &

Basically what I am looking to see if I am at a particular client (I do this by checkin my ip address). I then check if there is already a PID for my ssh tunnel if there is I will not setup the tunnel again. However , if I am at ClientABC I will launch my app ($1) with tsocks. I can use this script at home as my ip address is different and I will then launch my app as simply $1.

Hope this helps

No comments: