Setting up SSH and Bastion
This is mainly for the use of private cloud, not our Skellig or Errigal Systems.
1. Install Ubuntu for windows (in windows app store Ubuntu 2X.X).
You can follow the below guide to install.
https://www.microsoft.com/store/productId/9PN20MSR04DW
2. Connecting to Bastion – Generating SSH keys.
Bastion is our server we use to connect to all our self-hosted servers (SpamTitan and WebTitan). We also use bastion to make a connection between out machine and a customers’ servers which are hosted on their network (Gateway). Follow the instructions below to allow you to connect to our Bastion server.
A. To generate a key, open Ubuntu and on the command line run the below:
ssh-keygen -t ed25519 -f ~/.ssh/gitlab
The above will generate a key pair (i.e. two files, gitlab and gitlab.pub).
B. To access this Key, use the cat function to read the contents of the file and get your Key.
cat ~/.ssh/gitlab.pub
C. Log in to GitLab using the below link:
https://gitlab.titanhq.com/
D. Click your profile picture in the top right of the Window, and then click on preferences.
E. Select “SSH Keys” from the menu on the left of the page:
F. Copy a public key from the file you used the “cat” function on into the “Key” text field:
G. Assign the key a name and expiry date and click “Add Key”.
This key gives you a secure connection to the Bastion Server from your machine. Now let's create a script so you can easily access the bastion server using this key.
3. Connect to Bastion – Creating the script
To connect to the bastion server, you can use the command below using your own username.
ssh -i LocationOfSSHKeyFile -p2222 username@support.titanhq.net
An example of the command would be:
ssh -i bashkey -p2222 jo@support.titanhq.net
It will ask you for a passphrase when you run above. This will be the same you use every time you connect, so put in something you remember.
Once the passphrase is typed, hit enter.
You will then be connect to bastion server, it will look something like this on the command prompt:
rspringett@support:~$
Each time you will have to use the below command to connect to bastion:
ssh -i LocationOfSSHKeyFile -p2222 username@support.titanhq.net
Or you can set up a script to use a simpler connection string. To create the script, follow the below steps:
Commands:
Vi bastion – This creates a file in your terminal called “bastion”
Hit "i" to go into insert mode.
Then copy and paste the below into that file (make sure you use your personal command, not the example given). To paste into a “vi” file, just right click after clicking the “i” key.
#!/bin/bash
ssh -i LocationOfSSHKeyFile -p2222 username@support.titanhq.net
Hit "esc"
Then use :wq! To save and quit out of the file
After saving and exiting the file, run the following command
Chmod x+u bastion - This makes the file executable, meaning you can run the script and not just read it.
Then run the below to connect to bastion:
./bastion - The “./” means to execute and followed by the script name. Now each time you connect to bastion, you will not need to remember a long command, you can run a script that connects for you.
Step 4. Set Up Cachier
The last thing you must set up is cachier, and this is the special key we use to allow us to connect to any server we have. You must use this from within bastion. If you have not connected to bastion yet, please
follow the steps above.
This special key has an expiry after 24 hours and renews, meaning it changes 24 hours after you
generate a key for yourself.
Please follow the below instructions to set up Cachier
1. open https://ssh1-ca.titanhq.com
2. run this command on your bastion
3. cashier --ca https://ssh1-ca.titanhq.com
4. copy the website token and paste it in your shell
5. now when you want to connect to a server you just need to run
ssh stadmin@>server>
If your token expires, (after 24 hours) you will need to follow the above steps again