-
- Notifications
You must be signed in to change notification settings - Fork 422
Deployment
This page documents how to deploy ssh-chat using various methods.
You can run ssh-chat on port 22, but then you'll need to change the port of OpenSSH to something else like 2022. You can do this in /etc/ssh/sshd_config. Two services can't run on the same port like this.
There are two popular Service Managers for Unix-Like systems, OpenRC (BSD systems) and systemd (Linux). Either one must be set up to run ssh-chat as a service (in the background). ssh-chat can be run as a user (not a daemon) but will stop servicing once the running user exits the terminal instance.
/etc/init.d/openrc:
#!/sbin/openrc-run name="$RC_SVCNAME" description="Chat server over SSH" command="/usr/local/bin/ssh-chat" command_args="-i '$server_ident' --bind='$port' --admin='$admin_fingerprint' --whitelist='$whitelist' --motd='$motdfile' --log=$logfile" pidfile="/run/$RC_SVCNAME.pid" command_background="yes" command_user="nobody" # If you want to secure your keyfile, you should change this to a # user specifically for running ssh-chat /etc/conf.d/openrc:
# Config for /etc/init.d/ssh-chat # See `/usr/bin/ssh-chat --help` for more details # The admin's key fingerprint #admin_fingerprint=SHA256:[INSERT HERE] # The server's private key (path) server_ident=[INSERT HERE] # The port to bind to # port=22 # The whitelist file # whitelist="" # The MOTD (Message Of The Day) file # motd="" # The logfile location log="/var/log/ssh-chat.log" (Replace /PATH/TO/)
/etc/systemd/system/ssh-chat.service:
[Unit] Description=ssh-chat After=network.target [Service] Type=simple User=root #You can store keys ouside of root and comment out 'User=root' then uncomment 'User=nobody' #User=nobody ExecStart=/PATH/TO/ssh-chat --bind=":22" -i="/PATH/TO/host_key" --admin="/PATH/TO/authorized_keys" AmbientCapabilities=CAP_NET_BIND_SERVICE Restart=always [Install] WantedBy=multi-user.target Make sure all your paths are readable by the user you're running as. If it's User=nobody, then they need to be readable by everyone!
It's best to make a separate user just for your ssh-chat service and store all files on this user.
The following installation steps can be used to automate the installation on Ubuntu Linux 16 (LTS), some slight modifications may be required for other distributions.
$ export LATEST_SSHCHAT=$(curl -s https://api.github.com/repos/shazow/ssh-chat/releases | grep -om1 "https://.*/ssh-chat-linux_amd64.tgz") $ wget "${LATEST_SSHCHAT}" $ sudo tar -xf ssh-chat-linux_amd64.tgz -C /opt # extracts ssh-chat to /opt $ sudo ln -sf /opt/ssh-chat/ssh-chat /usr/local/bin/ssh-chat # creates a symlink in /usr/local/bin for convenience $ sudo ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # generates a key/fingerprint for your server $ sudo sed -i -e '/^Port/s/^.*$/Port 2222/' /etc/ssh/sshd_config # ensures that system sshd runs on port 2222 $ sudo service ssh restart # restarts sshd (now on port 2222) - create /etc/systemd/system/ssh-chat.service based on the instructions above $ sudo systemctl daemon-reload # restarts systemd daemon $ sudo systemctl enable ssh-chat # ensures ssh-chat will start up after a reboot $ sudo systemctl start ssh-chat # starts the ssh-chat daemonBuilding ssh-chat on OpenBSD is the same as in other systems. All we need is to install Go.
# pkg_add go It's perfectly valid to not run ssh-chat as a service. Simply running $ ssh-chat yourself or running it inside Tmux works great. For example, you can add the following to run ssh-chat whenever your computer boots by putting the following in your crontab:
@reboot tmux new-session -d '/path/to/ssh-chat [...]' But if you want to run it as a service, you can try the following:
You can create a link to the existing binary or move it completely to /usr/local/bin.
# ln -s ~/ssh-chat/ssh-chat /usr/local/bin/ssh-chat You can use useradd or adduser. For example:
# useradd -m chat Let's make sure to set the right permissions as well.
# mkdir /var/ssh-chat # chown chat:chat /var/chat Finally, let's create the service. Create a file called /etc/rc.d/ssh_chat with the following contents:
#!/bin/ksh daemon="/usr/local/bin/ssh-chat" daemon_logger="daemon.info" daemon_flags="--verbose --bind ':PORT' --identity PRIVATE_KEY --admin=ADMIN_FILE --motd=MOTD_FILE" daemon_user="USER" . /etc/rc.d/rc.subr rc_bg=YES rc_reload=NO rc_cmd $1 Modify the values in daemon_flags and daemon_user based on your configurations. Alternately, you can set the flags directly with rcctl:
# rcctl set ssh_chat flags --verbose --bind [...] --identity [...] After that, you can enable and run the service:
# rcctl enable ssh_chat # rcctl start ssh_chat The logs will be found in /var/log/daemon so monitor that file if you run into any issues.