-
-
Notifications
You must be signed in to change notification settings - Fork 416
Deployment
This page documents how to deploy ssh-chat using various methods.
You can run ssh-chat on port 22, but then you'll need to change the port of OpenSSH to something else like 2022. You can do this in /etc/ssh/sshd_config. Two services can't run on the same port like this.
There are two popular Service Managers for Unix-Like systems, OpenRC (BSD systems) and systemd (Linux). Either one must be set up to run ssh-chat as a service (in the background). ssh-chat can be run as a user (not a daemon) but will stop servicing once the running user exits the terminal instance.
/etc/init.d/openrc:
#!/sbin/openrc-run
name="$RC_SVCNAME"
description="Chat server over SSH"
command="/usr/local/bin/ssh-chat"
command_args="-i '$server_ident' --bind='$port' --admin='$admin_fingerprint' --whitelist='$whitelist' --motd='$motdfile' --log=$logfile"
pidfile="/run/$RC_SVCNAME.pid"
command_background="yes"
command_user="nobody" # If you want to secure your keyfile, you should change this to a
# user specifically for running ssh-chat
/etc/conf.d/openrc:
# Config for /etc/init.d/ssh-chat
# See `/usr/bin/ssh-chat --help` for more details
# The admin's key fingerprint
#admin_fingerprint=SHA256:[INSERT HERE]
# The server's private key (path)
server_ident=[INSERT HERE]
# The port to bind to
# port=22
# The whitelist file
# whitelist=""
# The MOTD (Message Of The Day) file
# motd=""
# The logfile location
log="/var/log/ssh-chat.log"
(Replace /PATH/TO/)
/etc/systemd/system/ssh-chat.service:
[Unit]
Description=ssh-chat
After=network.target
[Service]
Type=simple
User=root
#You can store keys ouside of root and comment out 'User=root' then uncomment 'User=nobody'
#User=nobody
ExecStart=/PATH/TO/ssh-chat --bind=":22" -i="/PATH/TO/host_key" --admin="/PATH/TO/authorized_keys"
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
[Install]
WantedBy=multi-user.target
Make sure all your paths are readable by the user you're running as. If it's User=nobody, then they need to be readable by everyone!
It's best to make a separate user just for your ssh-chat service and store all files on this user.
The following installation steps can be used to automate the installation on Ubuntu Linux 16 (LTS), some slight modifications may be required for other distributions.
$ export LATEST_SSHCHAT=$(curl -s https://api.github.com/repos/shazow/ssh-chat/releases | grep -om1 "https://.*/ssh-chat-linux_amd64.tgz")
$ wget "${LATEST_SSHCHAT}"
$ sudo tar -xf ssh-chat-linux_amd64.tgz -C /opt # extracts ssh-chat to /opt
$ sudo ln -sf /opt/ssh-chat/ssh-chat /usr/local/bin/ssh-chat # creates a symlink in /usr/local/bin for convenience
$ sudo ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # generates a key/fingerprint for your server
$ sudo sed -i -e '/^Port/s/^.*$/Port 2222/' /etc/ssh/sshd_config # ensures that system sshd runs on port 2222
$ sudo service ssh restart # restarts sshd (now on port 2222)
- create /etc/systemd/system/ssh-chat.service based on the instructions above
$ sudo systemctl daemon-reload # restarts systemd daemon
$ sudo systemctl enable ssh-chat # ensures ssh-chat will start up after a reboot
$ sudo systemctl start ssh-chat # starts the ssh-chat daemonBuilding ssh-chat on OpenBSD is the same as in other systems. All we need is to install Go.
# pkg_add go
It's perfectly valid to not run ssh-chat as a service. Simply running $ ssh-chat yourself or running it inside Tmux works great. For example, you can add the following to run ssh-chat whenever your computer boots by putting the following in your crontab:
@reboot tmux new-session -d '/path/to/ssh-chat [...]'
But if you want to run it as a service, you can try the following:
You can create a link to the existing binary or move it completely to /usr/local/bin.
# ln -s ~/ssh-chat/ssh-chat /usr/local/bin/ssh-chat
You can use useradd or adduser. For example:
# useradd -m chat
Let's make sure to set the right permissions as well.
# mkdir /var/ssh-chat
# chown chat:chat /var/chat
Finally, let's create the service. Create a file called /etc/rc.d/ssh_chat with the following contents:
#!/bin/ksh
daemon="/usr/local/bin/ssh-chat"
daemon_logger="daemon.info"
daemon_flags="--verbose --bind ':PORT' --identity PRIVATE_KEY --admin=ADMIN_FILE --motd=MOTD_FILE"
daemon_user="USER"
. /etc/rc.d/rc.subr
rc_bg=YES
rc_reload=NO
rc_cmd $1
Modify the values in daemon_flags and daemon_user based on your configurations. Alternately, you can set the flags directly with rcctl:
# rcctl set ssh_chat flags --verbose --bind [...] --identity [...]
After that, you can enable and run the service:
# rcctl enable ssh_chat
# rcctl start ssh_chat
The logs will be found in /var/log/daemon so monitor that file if you run into any issues.