by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 01:30
    gomex synchronize #279
  • 01:30

    gomex on add-ui-gateway-build

    cicd: adding ui and gateway bui… (compare)

  • 01:29
    gomex synchronize #279
  • 01:29

    gomex on add-ui-gateway-build

    cicd: the ubuntu version should… (compare)

  • 01:28
    gomex review_requested #279
  • 01:28
    gomex opened #279
  • 01:27

    gomex on add-ui-gateway-build

    cicd: adding ui and gateway bui… (compare)

  • Aug 10 21:51
    eduardoveiga synchronize #270
  • Aug 10 21:51

    eduardoveiga on envName

    wip (compare)

  • Aug 10 21:49
    eduardoveiga synchronize #270
  • Aug 10 21:49

    eduardoveiga on envName

    wip (compare)

  • Aug 10 21:47
    eduardoveiga synchronize #270
  • Aug 10 21:47

    eduardoveiga on envName

    wip (compare)

  • Aug 10 21:46
    eduardoveiga synchronize #270
  • Aug 10 21:46

    eduardoveiga on envName

    wip (compare)

  • Aug 10 21:42
    eduardoveiga synchronize #270
  • Aug 10 21:42

    eduardoveiga on envName

    wip (compare)

  • Aug 10 21:28
    eduardoveiga synchronize #270
  • Aug 10 21:28

    eduardoveiga on envName

    wip wip (compare)

  • Aug 10 20:57

    gustavosbarreto on remove_firewall_rules

    WIP (compare)

Otavio Salvador
@otavio
Hello there!
Fabiano da Rosa Gomes
@gomes-fdr
boa tarde Otavio, uma dúvida com relação ao shellhub - com o agent rodando no dispositivo que desejo acessar, eu tenho acesso aos processos do dispositivo? Pergunto pq por estar rodando em um container, imaginamos que teriamos acesso apenas aos processos do container...
Luis Gustavo S. Barreto
@gustavosbarreto
Boa tarde
Fabiano da Rosa Gomes
@gomes-fdr
opa, tudo bem Luis, pode me ajudar nessa duvida?
Luis Gustavo S. Barreto
@gustavosbarreto
Fabiano, como o container roda em modo privilegiado ele tem acesso aos processos do "host" da máquina
Então quando tu fizer SSH para o dispositivo tu vai estar "dentro" da máquina apesar do agent rodar no container
Fabiano da Rosa Gomes
@gomes-fdr
interessante - era justamente essa a nossa dúvida, pq nosso desejo é justamente controlar os processos e nossas apps que estaram rodando fora do container do agent
Luis Gustavo S. Barreto
@gustavosbarreto
Fizemos isso utilizando uma feature de "namespace" do kernel linux
Fabiano da Rosa Gomes
@gomes-fdr
grato Luis, vou levar isso adiante para iniciarmos alguns testes praticos
Luis Gustavo S. Barreto
@gustavosbarreto
Se tiver alguma dúvida no processo pode ir largando aqui que nós vamos respondendo
Fabiano da Rosa Gomes
@gomes-fdr
Muito obrigado pela atenção Luis, vamos testar e te dou um retorno na sequencia - abraço!
Otavio Salvador
@otavio
@gustavosbarreto eu revisei a PR da Domarys mas a PR nao apareceu aqui. Tinhamos que vincular os outros repositorios aqui tb.
gapaluec
@gapaluec
Can I replace port 22 with any other port number? And what all changes are required to do the same?
Luis Gustavo S. Barreto
@gustavosbarreto
@gapaluec Hi
Otavio Salvador
@otavio
@gapaluec you wish to change the port on the server side, or on the target side?
Luis Gustavo S. Barreto
@gustavosbarreto
@gapaluec Edit docker-compose.yml file and replace the port 22 with something else in ports section of ssh service
gapaluec
@gapaluec

@gustavosbarreto I did change the docker-compose.yml, but still the endpoint API was returning 22
{"api":"localhost", "ssh": "localhost:22", "mqtt": "localhost:1883"}

Also, there should be an option to change "localhost" returned by endpoint to a valid domain name / ip address... As I was trying shellhub on AWS with a domain name.

I can see that port 22 is hardcoded in https://github.com/shellhub-io/shellhub/blob/ee6d67a609310611a05f0639dd6c939c63cfc2f2/gateway/shellhub.conf#L62
Luis Gustavo S. Barreto
@gustavosbarreto
@gapaluec
Luis Gustavo S. Barreto
@gustavosbarreto
@gapaluec can you please open a issue for this?
Luis Gustavo S. Barreto
@gustavosbarreto
@gapaluec shellhub-io/shellhub#20
Luis Gustavo S. Barreto
@gustavosbarreto
New release: https://github.com/shellhub-io/shellhub/releases/tag/v0.0.2
surfinside
@surfinside
Hello,
I would like mount an ssh tunnel, unfortunately I have an error
channel 2: open failed: unknown channel type: unsupported channel type
debug1: channel 2: free: direct-tcpip: listening port 443 for 10.10.10.1 port 443, connect from 127.0.0.1 port 51926 to 127.0.0.1 port 443, nchannels 4
channel 3: open failed: unknown channel type: unsupported channel type
debug1: channel 3: free: direct-tcpip: listening port 443 for 10.10.10.1 port 443, connect from 127.0.0.1 port 51927 to 127.0.0.1 port 443, nchannels 3
MyPC - > INTERNET -> ShellHub <- INTERNET <- Router (10.10.10.1/24) <- RPi (Up on ShellHub (10.10.10.xxx/24))
MyPC:443 = https://10.10.10.1
I thank you in advance
Luis Gustavo S. Barreto
@gustavosbarreto
@surfinside Are you trying to create a tunnel through ShellHub server?
I think this is not supported by ShellHub
https://github.com/shellhub-io/shellhub/blob/master/ssh/server.go#L47
Accoring to this the supported channel types:
"tcpip-forward":        forwardHandler.HandleSSHRequest,
"cancel-tcpip-forward": forwardHandler.HandleSSHRequest,
"tcpip-forward-connected":
direct-tcpip is not supported
surfinside
@surfinside

@gustavosbarreto Thank you for your reply
Yes, i would like create a ssh tunnel with a other device on the LAN of device up in shellhub and mypc with internet.
Ex : MyPC - > INTERNET -> ShellHub <- INTERNET <- RPi (Up on ShellHub (10.10.10.101/24)) | Other RPi with nginx 80&443 (10.10.10.102/24)
mypc:9999 = 10.10.10.102:443
mypc:9998 = 10.10.10.102:80

ssh -L 9999:10.10.10.102:443 pi@rpiname.usershellhub@subname.mydomain.com

What do you think about this ? This is supported by ShellHub ?
https://wiki.archlinux.org/index.php/VPN_over_SSH

surfinside
@surfinside
Hello, i found a solution with
https://github.com/sshuttle/sshuttle
I love ShellHub :)
it's possible to add https with certbot ?
For mongodb, why not add persistent data ?
On Gateway or Ui docker, it's possible to add fail2ban (SSH & Ngnix Jail) ?
Thank you
Luis Gustavo S. Barreto
@gustavosbarreto

t's possible to add https with certbot ?

@surfinside HTTPS support is on our roadmap (end Q1 2020)

For mongodb, why not add persistent data ?

@surfinside You can do this by extending the docker-compose file

Luis Gustavo S. Barreto
@gustavosbarreto

On Gateway or Ui docker, it's possible to add fail2ban (SSH & Ngnix Jail) ?

@surfinside Can you please explain this in more detail?

I love ShellHub :)

@surfinside I'm really appreciate and very pleased to hear that you enjoyed it

Otavio Salvador
@otavio
:-)
haydenbarton96
@haydenbarton96
Hi, Im trying to run 'docker-compose up id' and it says its running on port 22 but i changed the port to 2222 in docker-compose.yml and it doesnt seem to be changing (im trying to keep the openssh port as 22) am i doing something wrong?
Luis Gustavo S. Barreto
@gustavosbarreto
@haydenbarton96 change the SHELLHUB_SSH_PORT variable inside .env file instead of docker-compose.yml
Revert the changes that you made to docker-compose.yml and edit the .env
haydenbarton96
@haydenbarton96
Thank you for the fast reply! However i cant find a .env file, just the docker-compose .yml and .dev.yml files, is it in a different directory to shellhub-v0.1.1?
Ah I found it, the file was just hidden, i just used nano .env in that directory. No errors and everything says its done, but nothing on the localhost, it is port 80 or 8080 isnt it?
haydenbarton96
@haydenbarton96
I get a login screen on port 18083 but the account i added successfully doesnt login and shows "username not found"
Luis Gustavo S. Barreto
@gustavosbarreto
@haydenbarton96 The WebUI is available at http://localhost
@haydenbarton96 Can you please paste the output of docker-compose logs ui?
haydenbarton96
@haydenbarton96
I'm running on a raspberry pi and have been connected through ssh from my pc on the same network, going to the ip of the pi with port 80 or without any port doesnt show anything, but going to the ip of the pi with port 18083 shows the EMQ dashboard, ill post logs now