We use Ansible to manage our servers, but several years ago we have wrote the script, that adds some quick commands to workstation for interconnections with remote server. Script isn't really high-end and Ansible still looks like a better solution, but it became so handy in years that I keep using it, especially server-mount command.
Script will create three commands in /usr/local/bin :server_name - triggers quick ssh connection
server_name-cmd - sends remote command
server_name-mount - mounts / of the server in /media/server_name
It will also setup key-based SSH authentication.
OpenVPN - for security reasons, workstation and the server should be in the same network. We think that no SSH port should be opened to public, never.
SSH Key - you can generate it with ssh-keygen -t rsa command, please store it in default location or change the script accordingly
sshpass - used as a temporary solution before key authentication is setup.
sshfs - used for ssh resources mounting.
server key accepted - to check if it is, simply try to connect with ssh to the server. when you do this first time, ssh will ask you to accept certificate with a message like that:
The authenticity of host '10.8.0.1 (10.8.0.1)' can't be established. ECDSA key fingerprint is aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp. Are you sure you want to continue connecting (yes/no)?
If you do not have it accepted, script will ask you before setting up ssh key, but for the smooth script operation you may add it before adding script.
Replace SERVER variable in the line 2 of the script with your remote server name.
Replace TARGET_IP variable with remote server VPN IP.
Replace SOURCE_IP variable with your workstation VPN IP.
Comment out apt-get line if you don't have Debian/Ubuntu or already have sshpass and sshfs installed.
Save the script under server-install.sh and use chmod +x on it.
Run as root:
sudo su ./server-install.sh
SERVER="test_server" TARGET_IP="10.8.0.1" SOURCE_IP="10.8.0.6" USER="root" apt-get install sshpass sshfs ############################################# clear echo "Welcome to $SERVER installator" echo echo "$SERVER root password:" read -s root_psw echo "ssh [email protected]$TARGET_IP" > /usr/local/bin/$SERVER echo "sshpass -p '$root_psw' ssh -X [email protected]$TARGET_IP \$1 \$2 \$3" > /usr/local/bin/$SERVER-cmd mkdir /media/$SERVER echo "sshfs $TARGET_IP:/ /media/$SERVER" > /usr/local/bin/$SERVER-mount chmod +x /usr/local/bin/$SERVER-mount chmod +x /usr/local/bin/$SERVER chmod +x /usr/local/bin/$SERVER-cmd $SERVER-cmd uname -a $SERVER-cmd echo "All OK." echo "Commands installed:" echo "$SERVER - connects with server" echo "$SERVER-cmd - sends command to server" echo "$SERVER-mount - mounts server in /media" echo echo "----------------------------" echo "Creating key authorization. Enter server root psw last time:" scp /$USER/.ssh/id_rsa.pub [email protected]$TARGET_IP:./temporary.pub $SERVER-cmd 'cat temporary.pub >> /root/.ssh/authorized_keys' $SERVER-cmd 'rm /root/temporary.pub' echo echo "Key authentication should be set. You should be able to use your server without password." echo "Updating $SERVER-cmd ..." echo "ssh -X [email protected]$TARGET_IP \$1 \$2 \$3" > /usr/local/bin/$SERVER-cmd echo