ssh – Raz https://blog.razb.me Computer stuff Sun, 13 Jan 2019 01:25:31 +0000 en-US hourly 1 https://wordpress.org/?v=5.0.3 https://i2.wp.com/blog.razb.me/wp-content/uploads/2018/04/cropped-Untitled.png?fit=32%2C32&ssl=1 ssh – Raz https://blog.razb.me 32 32 108306310 Around the world in 15 seconds https://blog.razb.me/around-the-world-in-15-seconds/ https://blog.razb.me/around-the-world-in-15-seconds/#comments Sat, 19 Mar 2016 19:21:31 +0000 http://razb.me/?p=48 Read more…]]> The first aerial circumnavigation of the world was performed in 1924 by the United States Army Air Service. The trip took 175 days and covered over 27,000 miles. Today, we are going to circumnavigate the world in under 15 seconds.

In order to achieve this, what we are going to do is link together a chain of computers starting with yours, going all the way around the world, and ending right back where it started; with yours. After setting that up, we will be sending a picture of yourself from yourself to yourself, and in the process circumnavigating the world.

Before we begin, I will be using DigitalOcean to spin up our servers. If you want to follow along at home, DigitalOcean offers new users a promo code to get you up and running for free. Use: DONEWS or you can use my personal promo url: m.do.co/c/74fd80a9022a the choice is yours.

After creating an account with DigitalOcean, you will want to set up an SSH key for use with your servers. DigitalOcean has a great tutorial on how to set that up which you should follow and complete before reading further.

Now, we will spin up 6 servers, one in each of the following data centres: San Fransisco, New York, London, Amsterdam, Frankfurt, and Singapore. Upon creating each server, select Ubuntu 14.04.4, the $5/month option, and add your SSH key.

NOTE: All commands in this tutorial are assumed to be executed by the root user.

Once all of your servers are up and running, SSH into every one of them and set a root password. For the sake of simplicity, we will be communicating between our servers via SSH root@host. You probably do not want to do this in practise.

Before we go any further, it may be worth confirming that a request from Singapore->San Fransisco does indeed go across the Pacific Ocean to complete the loop around the world. In order to do that, SSH into your Singapore machine and type in the following command:

$ traceroute <San Fransisco IP Address> -T

Replacing <San Fransisco IP Address> with the actual address of your San Fransisco server.

If all goes well, you should see output similar to this:

root@AroundTheWorldSingapore:~# traceroute 192.241.221.191 -T
traceroute to 192.241.221.191 (192.241.221.191), 30 hops max, 60 byte packets
 1  128.199.191.253 (128.199.191.253)  0.477 ms 128.199.191.254 (128.199.191.254)  0.474 ms  0.452 ms
 2  103.253.144.233 (103.253.144.233)  0.440 ms 103.253.144.229 (103.253.144.229)  0.449 ms  0.429 ms
 3  116.51.27.189 (116.51.27.189)  1.371 ms 103.253.144.249 (103.253.144.249)  0.440 ms 116.51.27.189 (116.51.27.189)  1.596 ms
 4  ae-1.r20.sngpsi05.sg.bb.gin.ntt.net (129.250.3.146)  14.718 ms 116.51.27.189 (116.51.27.189)  1.692 ms ae-1.r20.sngpsi05.sg.bb.gin.ntt.net (129.250.3.146)  14.708 ms
 5  ae-8.r22.snjsca04.us.bb.gin.ntt.net (129.250.3.48)  167.050 ms  178.774 ms ae-1.r20.sngpsi05.sg.bb.gin.ntt.net (129.250.3.146)  14.732 ms
 6  ae-19.r01.snjsca04.us.bb.gin.ntt.net (129.250.3.27)  181.920 ms ae-8.r22.snjsca04.us.bb.gin.ntt.net (129.250.3.48)  168.298 ms  169.413 ms
 7  ae-40.r02.snjsca04.us.bb.gin.ntt.net (129.250.3.121)  175.240 ms ae-4.r05.plalca01.us.bb.gin.ntt.net (129.250.5.32)  197.201 ms ae-40.r02.snjsca04.us.bb.gin.ntt.net (129.250.3.121)  187.610 ms
 8  xe-0-4-0-17.r06.plalca01.us.ce.gin.ntt.net (129.250.203.82)  168.083 ms ae-4.r05.plalca01.us.bb.gin.ntt.net (129.250.5.32)  182.682 ms xe-0-0-0-23.r05.plalca01.us.ce.gin.ntt.net (129.250.204.118)  181.313 ms
 9  xe-0-0-0-23.r05.plalca01.us.ce.gin.ntt.net (129.250.204.118)  186.122 ms 198.199.99.238 (198.199.99.238)  184.223 ms xe-0-4-0-17.r06.plalca01.us.ce.gin.ntt.net (129.250.203.82)  178.457 ms
10  192.241.221.191 (192.241.221.191)  186.219 ms  176.327 ms  172.506 ms

Taking a look at lines 4 and 5, we can see that our packet went from sg.bb.gin.ntt.net to us.bb.gin.ntt.net and the time across those two nodes spiked from 14.718ms to 167.050ms. This is pretty promising that our packets do in fact cross the ocean. Now we can continue with linking our servers together.

In order to move data from one server to another, we’re going to use SSH port forwarding. In this tutorial I will explain how to do this for the first and last server, and the process for the ones in the middle is pretty much identical.

SSH into all of your servers, modify /etc/ssh/sshd_config, and add the following line to the file:

GatewayPorts clientspecified

After saving, restart ssh:

$ service ssh restart

This allows us to specify which interface the next machine in the chain should listen on.

Now, from your San Fransisco server, execute the following command:

$ screen ssh -L <San Fransisco IP Address>:4455:<New York IP Address>:4455 <New York IP Address>

This tells our San Fransisco server to forward all requests to its port 4455 over to our New York Server’s port 4455. Repeat this process for New York -> London, London -> Amsterdam, Amsterdam -> Frankfurt, and lastly Frankfurt -> Singapore.

If you are using OSX, before going onto the last step you need to allow remote login to your mac. To do this, go to Settings -> Sharing-> Remote Login. Make sure it is checked.

For the last link in the chain, we must hook up our Singapore server to our local computer. From your personal computer, execute the following command:

$ screen ssh -R <Singapore IP Address>:4455:localhost:22 <Singapore IP Address>

At this point, you now have a complete chain of computers starting from San Fransisco, around the world to Singapore, and finally crossing the Pacific Ocean and back to your personal computer.

Now, it is time to actually send a picture of yourself around the world.

Navigate to the directory of the picture you want to send, and execute the following command:

$ scp -P 4455 <picture> root@<San Fransisco IP Address>:/

This command is normally used to copy the file <picture> from your local machine to the / directory of the San Fransisco server. However, since we are specifying -P 4455, which the San Fransisco server is forwarding to New York, the copy file command gets forwarded to the New York server instead. And since the New York server is forwarding port 4455, the chain goes on all the way up to Singapore which is configured to forward its port 4455 to your local personal computer’s port 22.

Your beautiful picture travelled from your computer to San Fransisco, New York, London, Amsterdam, Frankfurt, Singapore, and back to your computer.

Congratulations! You have officially gone around the world!

A quick time profile gives us the following results:

root@Razvans-MacBook-Pro Desktop $ time scp -P 4455 selfie.JPG [email protected]:/
selfie.JPG                       100%   19KB  19.4KB/s   00:00    

real	0m12.866s
user	0m0.019s
sys	0m0.009s

Alas in just 12.866 seconds you have travelled over 20,000 miles. You deserve a break.

]]> https://blog.razb.me/around-the-world-in-15-seconds/feed/ 1 48 Minecraft behind a firewall https://blog.razb.me/networking-minecraft-on-an-inaccessible-server/ https://blog.razb.me/networking-minecraft-on-an-inaccessible-server/#respond Wed, 16 Mar 2016 06:02:28 +0000 http://razb.me/?p=28 Read more…]]> Several months ago I was given access to a free, moderately powerful virtual private server (VPS) with the catch that the server sat behind a firewall which denied all incoming connections. The company hosting the VPS provided a web interface for accessing the server via a VNC connection which they routed internally. This was the only way to interact with the server.

Upon getting access to the VPS I immediately tried the first thing anyone would try, and that of course was running a Minecraft server on it. I was very excited about the possibility of hosting a completely free Minecraft server for my friends and I to enjoy, until I realized that it was impossible to connect to the server from the Internet.

So, I gave up and ran my Minecraft server on AWS instead. Thanks for reading.

Just kidding. I came across SSH reverse tunnels instead.

SSH is an incredibly powerful tool which is capable of doing a lot more than just being a secure shell to a remote machine. One of the additional features it has is reverse tunnelling.

Imagine you have two machines: MachineA, and MachineB.
MachineA can create outgoing connections, but can not accept incoming connections.
MachineB accepts both incoming and outgoing connections.

MachineA establishes an SSH connection to MachineB, and configures MachineB to forward all requests to port 8080 over to MachineA’s port 2020 (using the same SSH connection).

It looks something like this:

MachineB <—SSH—- MachineA // Establish the connection MachineB:8080 —SSH—> MachineA:2020 // Port forwarding over the established connection

This works fine because MachineA is not relying on any incoming connections made directly to it, but rather is able to accept incoming connections which arrive at MachineB. Now all I needed was another server which is not behind a firewall to act as MachineB.

Fortunately I have several small, inexpensive servers which were perfect for the job.

Using this functionality of SSH, I was able to piggy back one of my weaker servers to act as a proxy for the stronger server which was running Minecraft. My friends would connect to my weak server port 8080, and get forwarded over the SSH tunnel to the Minecraft server sitting behind a firewall on port 2020.

Alas, we were finally able to play Minecraft.

]]> https://blog.razb.me/networking-minecraft-on-an-inaccessible-server/feed/ 0 28