and CPU2 requires heatsink SNK-P0047PS.
-## SAS Backplane & Motherboard SATA ###
+### SAS Backplane & Motherboard SATA ###
The SAS backplane is a little odd. The first eight drive bays connect via a
pair of SFF-8087 connectors and the last two drive bays connect via standard
Install various no-config-required userland packages before continuing.
apt-get install net-tools bzip2 zip ntp htop xterm screen git \
- build-essential pciutils smartmontools gdb valgrind
+ build-essential pciutils smartmontools gdb valgrind wget \
+ texlive texlive-latex-extra graphviz firefox sysfsutils
#### X Window Manager ####
Change the default shell for new users by editing `/etc/adduser.conf`, setting
the `DSHELL` variable to `/bin/tcsh`. Then use the `chsh` command to change the
shell for root and ataylor. Create `~/.cshrc` in ataylor's and root's homedir
-with the following contents.
+with the following contents. Remember to also copy it to `/etc/skel` and set
+permissions so it's used for any future users on the system.
# .cshrc - csh resource script, read at beginning of execution by each shell
alias j jobs -l
alias la ls -aF
alias lf ls -FA
- alias ll ls -lAF --color
+ alias ll ls -lF --color
alias ls ls --color
# These are normally set through /etc/login.conf. You may override them here
/bin/xscreensaver -nosplash &
+#### Go Toolchain ####
+
+The version of Go provided via `apt-get` is always out of date, so all Go
+installs on this server are done via tarball from the <https://golang.com>
+website. Go 1.16.3 is used for this example but the newest version of Go may be
+found at <https://golang.org/dl/>.
+
+Previous versions of Go are installed entirely under `/usr/local/go`. Delete
+the entire `/usr/local/go` directory before proceeding.
+
+ wget https://golang.org/dl/go1.16.3.linux-amd64.tar.gz
+ tar -C /usr/local -xzf go1.16.3.linux-amd64.tar.gz
+
+If this is the first time installing Go on the system, update everyone's
+`$PATH` to include `/usr/local/go/bin`. Remember to update files under
+`/etc/skel` at the same time.
+
+
#### ZFS Snapshots ####
In order to configure automatic ZFS snapshots, use the `auto-zfs-snapshot`
SHELL=/bin/bash
0 0 * * 0 root /sbin/zpool status | echo -e "Subject:FROSTBURG: zpool status\n\n $(cat -)" | msmtp ataylor@subgeniuskitty.com
+
+#### Public SSH Access ####
+
+Although frostburg is on a private subnet, I want public SSH access. The
+easiest way to set this up is via a reverse SSH tunnel to one of the public
+subgeniuskitty.com servers.
+
+This section refers to three machines:
+
+ - The **server** is frostburg.subgeniuskitty.com, a machine which we desire
+ to access across the internet despite residing on a private subnet.
+
+ - The **endpoint** is a server with public IP address which will serve as an
+ access portal for the *server*.
+
+ - The **client** is the human user's workstation, the machine which is
+ attempting to login to the *server* via the *endpoint*.
+
+First, setup appropriate login credentials on the *server*, which in this case
+is `frostburg.subgeniuskitty.com`. Ignore any warnings about `/home/username`
+already existing or not being owned by the correct user. These are simply a
+side effect of using ZFS since we must create the homedir before adding the
+user, but we can't change ownership until after the new user exists.
+
+ server:~ # zfs create rpool/home/username
+ server:~ # adduser username
+ server:~ # cp -a /etc/skel/. /home/username
+ server:~ # chown -R username:username /home/username
+ server:~ # zfs snapshot rpoot/home/username@account_creation
+
+If necessary for the intended tasks, add the user to any relevant groups with
+something like the following command.
+
+ server:~ # usermod -a -G netdev,plugdev,sudo,video username
+
+The user will also need login credentials on the *endpoint*. These credentials
+don't need to allow anything other than simply SSHing through to the *server*.
+
+ endpoint:~ # adduser username
+
+With appropriate credentials successfully created, move on to setting up a
+reverse SSH tunnel from *server* to *endpoint*.
+
+First, create an SSH key on the *server* with no passphrase and authorize it
+for logins on the *endpoint*. This will be used to bring the tunnel up when the
+machine boots. If a non-empty passphrase is specified, you will need to type it
+during the boot process.
+
+ server:~ # ssh-keygen
+ server:~ # scp /root/.ssh/id_rsa.pub username@endpoint:/home/username/temp_key_file
+ server:~ # ssh username@endpoint
+ (login requires password)
+ endpoint:~ % mkdir -p /home/username/.ssh
+ endpoint:~ % mv /home/username/temp_key_file /home/username/.ssh/authorized_keys
+ endpoint:~ % logout
+ server:~ # ssh username@endpoint
+ (login does not require password)
+ endpoint:~ % logout
+ server:~ # mv /root/.ssh/id_rsa rtunnel_nopwd
+ server:~ # mv /root/.ssh/id_rsa.pub rtunnel_nopwd.pub
+
+Next, create the tunnel using AutoSSH to maintain a long-term connection.
+
+ server:~ # apt-get install autossh
+ server:~ # vi /etc/systemd/system/autossh-tunnel.service
+ [Unit]
+ Description=AutoSSH tunnel between frostburg.SGK and www.SGK
+ After=network-online.target
+
+ [Service]
+ Environment="AUTOSSH_GATETIME=0"
+ ExecStart=/bin/autossh -N -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -i /root/.ssh/rtunnel_nopwd -R 4242:localhost:22 username@endpoint
+
+ [Install]
+ WantedBy=multi-user.target
+ server:~ # systemctl daemon-reload
+ server:~ # systemctl start autossh-tunnel.service
+ server:~ # systemctl enable autossh-tunnel.service
+
+At this point the SSH tunnel is operational. Let's make things a little easier
+for the user by storing most of the config options in an SSH config file.
+
+ endpoint:~ # su - username
+ endpoint:~ % vi /home/username/.ssh/config
+ Host server
+ Hostname localhost
+ User username
+ Port 4242
+
+Now, when we execute `ssh server`, it is equivalent to the command
+`ssh -p 4242 username@localhost`, much easier to remember.
+
+It's time to test everything out. Starting from the *client*, you should now be
+able to login to the *server* via the *endpoint*.
+
+ client:~ % ssh username@endpoint
+ endpoint:~ % ssh server
+ server:~ %
+
--------------------------------------------------------------------------------