Thursday, May 15, 2008

Evolution (and Other Apps) - SSH - Corporate Proxy

So I thought I'd kick off your idea with something I recently posted to the UbuntuForums. This has helps me stick with Ubuntu at a client where I am currently stationed. I know this looks like a lot of reading but it is not that difficult and well worth the effort.

I needed an SSH server as the Corporate proxy does not have socks enabled. If socks was enabled I would simply have configured tsocks to point to that server.

1.Get access to the ssh server.
2.Login using

 ssh acidhawk@10.0.0.2

3.Test connection to my mail server from the ssh server (if this didn't work I would have asked the sysadmin to enable socks support on the corporate network proxy.... )

 telnet mail.acme.com 25 (smtp to send)
 telnet mail.acme.com 110 (pop3 to receive)


4.End ssh session
5.Download tsocks to my local machine

 sudo apt-get install tsocks

6.Change /etc/tsocks.conf to point to my local machine

 change server = 192.168.0.1 to server = 127.0.0.1

6.From a local shell setup ssh tunnel

 ssh -D 1080 acidhawk@10.0.0.2

This opens a shell connection to 10.0.0.2 if you close this shell your ssh tunnel will also close 
7.From a new shell on your local machine run

 tsocks evolution &

I didn't like having to type my password every time I connected so I did the following (which I got from http://ubuntuforums.org/archive/index.php/t-30709.html ):

1.From a cmd shell on your local machine run

 ssh-keygen -t rsa

2.Change to your homedir and then go to the .ssh dir (you need to copy the generated key to the ssh server)
3.Copy the id_rsa.pub file to your homedir on the ssh server by typing
 
 scp id_rsa.pub acidhawk@10.0.0.2:./id_dsa.pub

4.Connect to the ssh server 

 ssh acidhawk@10.0.0.2

5.Run the following commands to add your public key to a file that will allow you kay access to the ssh server

 acidhawk@10.0.0.2:~$ touch authorized_keys2
 acidhawk@10.0.0.2:~$ chmod 600 authorized_keys2
 acidhawk@10.0.0.2:~$ cat ../id_rsa.pub >> authorized_keys2
 acidhawk@10.0.0.2:~$ rm ../id_rsa.pub


6.Exit from the ssh server and run the following

 ssh -l acidhawk 10.0.0.2

7.After you have entered your passphrase you will be connected. Next time you run ssh acidhawk@10.0.0.2 you will not be asked for your password.
8.Next I didn't want the ssh shell to be opened (I wanted it to run in background) so now I run the following to setup the tunnel

 ssh -N -f -D 1080 acidhawk@10.0.0.2

9.Check that ssh is still running 

 ps -ef | grep 10.0.0.2

(you should see the command you just ran)

My next trick is to automate the tunnel setup if I am at this particular office. I don't want to run this when I am at home so I investigated editing my .bashrc as well as looked at setting the tunnel up from a startup script. Neither of these seemd like a good idea as I would have to still open a shell to run evolution like so (tsocks evolution &). I decided to create a script to run all the apps I wanted to be able to go through this tunnel (Evolution, RapidSvn, Eclipse etc) The following is the first attempt at this script. What I will do now is change all my menu launchers to the following

  myLauncher evolution -or - myLauncher rapidsvn etc.

myLauncher look as follows

Update: Now check if my 3G is connected and determine if I need to use tsocks when launching an app

#!/bin/sh

MYIP=`ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{print $1}'`

if [ "$1" = "" ]; then
echo "Usage: $0 "
elif [ "$1" = "stop" ]; then
pid=`ps -ef | grep 10.0.0.2 | grep -v grep | awk '{print $2}'`
if [ "$pid" != "" ]; then
kill -9 $pid
fi
else
# Check if I am at ClientABC (My Address here is always 192.168.99.10)
if [ "$MYIP" = "192.168.99.10" ]; then
pid=`ps -ef | grep 10.0.0.2 | grep -v grep | awk '{print $2}'`
if [ "$pid" = "" ]; then
echo "Setting up SSHTunnel for ClientABC..."
ssh -N -f -D 1080 acidhawk@10.0.0.2
fi

#Chech if my 3G is connected
PPP=`ifconfig ppp0 >/dev/null 2>&1`
if [ $? -ne 0 ]; then
echo "NO 3G detected - Launching $1 with \"tsocks\""
tsocks $1 >/dev/null 2>&1 &
else
echo "3G detected - Launching $1 without \"tsocks\""
$1 >/dev/null 2>&1 &
fi

#I am not at any client so will not use tsocks
else
$1 >/dev/null 2>&1 &
fi
fi


Basically what I am looking to see if I am at a particular client (I do this by checkin my ip address). I then check if there is already a PID for my ssh tunnel if there is I will not setup the tunnel again. However , if I am at ClientABC I will launch my app ($1) with tsocks. I can use this script at home as my ip address is different and I will then launch my app as simply $1.

Hope this helps
Acidhawk

No comments: