From b23084689bb91f800f237a18bff2fbfee7d7d304 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Thu, 28 Mar 2019 17:40:29 +0100 Subject: [PATCH 01/67] #464 lower minimum number of files in indexes --- home.admin/50copyHDD.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/50copyHDD.sh b/home.admin/50copyHDD.sh index c24f02d..d4c0451 100755 --- a/home.admin/50copyHDD.sh +++ b/home.admin/50copyHDD.sh @@ -111,8 +111,8 @@ if [ ${count} -gt 0 ]; then echo "Found data in /mnt/hdd/bitcoin/indexes/txindex" anyDataAtAll=1 fi -if [ ${count} -lt 1500 ]; then - echo "FAIL: less then 1500 .ldb files (${count}) in /mnt/hdd/bitcoin/indexes/txindex (transfere seems invalid)" +if [ ${count} -lt 500 ]; then + echo "FAIL: less then 500 .ldb files (${count}) in /mnt/hdd/bitcoin/indexes/txindex (transfere seems invalid)" quickCheckOK=0 fi From 7a1da7a18d48d1881571dcab9454bf583a0c46ac Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Mon, 1 Apr 2019 22:47:45 +0100 Subject: [PATCH 02/67] test python --- home.admin/config.scripts/internet.sshtunnel.py | 2 ++ 1 file changed, 2 insertions(+) create mode 100755 home.admin/config.scripts/internet.sshtunnel.py diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py new file mode 100755 index 0000000..ffee3b5 --- /dev/null +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -0,0 +1,2 @@ +#!/usr/bin/python +print "hello ssh tunnel" \ No newline at end of file From c741be74830304143ce1c6264d300b134cdca658 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Mon, 1 Apr 2019 22:49:53 +0100 Subject: [PATCH 03/67] test python3 --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index ffee3b5..cd81b34 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,2 +1,2 @@ -#!/usr/bin/python +#!/usr/bin/python3 print "hello ssh tunnel" \ No newline at end of file From 94f593bab14fba7c98b001838eb311cee596d60e Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Mon, 1 Apr 2019 23:19:17 +0100 Subject: [PATCH 04/67] hello python3 --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index cd81b34..2a0d43c 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,2 +1,2 @@ #!/usr/bin/python3 -print "hello ssh tunnel" \ No newline at end of file +print("hello ssh tunnel in python3") \ No newline at end of file From 727f9e8aba143a1dc6c80ae7dc5645d1c2463bce Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Mon, 1 Apr 2019 23:21:47 +0100 Subject: [PATCH 05/67] test args --- home.admin/config.scripts/internet.sshtunnel.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 2a0d43c..a19c61f 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,2 +1,6 @@ #!/usr/bin/python3 -print("hello ssh tunnel in python3") \ No newline at end of file + +import sys + +print("Number of Arguments: "+len(sys.argv)) +print("Arguments: "+str(sys.argv)) \ No newline at end of file From dc01339b7c009f662fbf182cb24d79c3b5aad1af Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Mon, 1 Apr 2019 23:26:27 +0100 Subject: [PATCH 06/67] formated strings --- home.admin/config.scripts/internet.sshtunnel.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index a19c61f..4a49de0 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,6 +1,5 @@ #!/usr/bin/python3 import sys - -print("Number of Arguments: "+len(sys.argv)) -print("Arguments: "+str(sys.argv)) \ No newline at end of file +print(f"Number of Arguments: {len(sys.argv)}") +print(f"Arguments: {sys.argv}") \ No newline at end of file From 67b25673d9e70dd6545bc6eb094f47578138dc60 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Mon, 1 Apr 2019 23:31:42 +0100 Subject: [PATCH 07/67] test strings --- home.admin/config.scripts/internet.sshtunnel.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 4a49de0..36e820e 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,5 +1,6 @@ #!/usr/bin/python3 import sys -print(f"Number of Arguments: {len(sys.argv)}") -print(f"Arguments: {sys.argv}") \ No newline at end of file + +print ('Number of arguments:', len(sys.argv), 'arguments.') +print ('Argument List:', str(sys.argv)) \ No newline at end of file From 2a0dac32bfad544c8f93052a55fd57b8dcd6f871 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Mon, 1 Apr 2019 23:43:21 +0100 Subject: [PATCH 08/67] help text --- home.admin/config.scripts/internet.sshtunnel.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 36e820e..7f2466c 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -2,5 +2,10 @@ import sys -print ('Number of arguments:', len(sys.argv), 'arguments.') -print ('Argument List:', str(sys.argv)) \ No newline at end of file +if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "-help": + print("forward ports from another server to raspiblitz with reverse SSH tunnel") + print("internet.sshtunnel.py [on|off] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]") + print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings") + sys.exit(1) + +print ("TODO: implement") \ No newline at end of file From ce32ce86e09163e98c2de21fb2a09b6cbe4e1f4a Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 00:05:37 +0100 Subject: [PATCH 09/67] check if running --- .../config.scripts/internet.sshtunnel.py | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 7f2466c..a0e1a73 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,11 +1,39 @@ #!/usr/bin/python3 -import sys +import sys, subprocess -if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "-help": +# display config script info +if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": print("forward ports from another server to raspiblitz with reverse SSH tunnel") print("internet.sshtunnel.py [on|off] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]") print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings") sys.exit(1) -print ("TODO: implement") \ No newline at end of file +# +# SWITCHING ON +# + +if sys.argv[1] == "on": + + # check if already running -> systemctl is-enabled autossh-tunnel.service + alreadyRunning = subprocess.check_output(['systemctl','is-enabled','autossh-tunnel.service'],shell=True) + if alreadyRunning == "enabled": + print("already running - run 'internet.sshtunnel.py off' first") + sys.exit(1) + + print ("TODO: Switch ON") + +# +# SWITCHING OFF +# + +elif sys.argv[1] == "off": + + print ("TODO: Switch OFF") + +# +# UNKOWN PARAMETER +# + +else: + print ("unkown parameter - use 'internet.sshtunnel.py -h' for help") \ No newline at end of file From ba6b7e100902c2143125e42eb61a650c2ca2b8f6 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 00:13:37 +0100 Subject: [PATCH 10/67] correct command call --- home.admin/config.scripts/internet.sshtunnel.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index a0e1a73..b595240 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -16,7 +16,8 @@ if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": if sys.argv[1] == "on": # check if already running -> systemctl is-enabled autossh-tunnel.service - alreadyRunning = subprocess.check_output(['systemctl','is-enabled','autossh-tunnel.service'],shell=True) + alreadyRunning = subprocess.check_output('systemctl is-enabled autossh-tunnel.service' ,shell=True) + print(alreadyRunning) if alreadyRunning == "enabled": print("already running - run 'internet.sshtunnel.py off' first") sys.exit(1) From 5c13ff35ce5f8255f805dcb96e7777e2c5aa8c9e Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 00:18:51 +0100 Subject: [PATCH 11/67] check command result --- home.admin/config.scripts/internet.sshtunnel.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index b595240..021ebb1 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -16,9 +16,9 @@ if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": if sys.argv[1] == "on": # check if already running -> systemctl is-enabled autossh-tunnel.service - alreadyRunning = subprocess.check_output('systemctl is-enabled autossh-tunnel.service' ,shell=True) + alreadyRunning = subprocess.check_output('systemctl is-enabled autossh-tunnel.service' ,shell=True, universal_newlines=True) print(alreadyRunning) - if alreadyRunning == "enabled": + if str(alreadyRunning).count("enabled") > 0: print("already running - run 'internet.sshtunnel.py off' first") sys.exit(1) From c2649f7c316e3d885a3e2fc18ffaf865f369923e Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 01:22:00 +0100 Subject: [PATCH 12/67] generating service content --- .../config.scripts/internet.sshtunnel.py | 101 ++++++++++++++++-- 1 file changed, 95 insertions(+), 6 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 021ebb1..d2acc0a 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,6 +1,7 @@ #!/usr/bin/python3 import sys, subprocess +from pathlib import Path # display config script info if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": @@ -9,20 +10,102 @@ if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings") sys.exit(1) +# +# CONSTANTS +# + +SERVICENAME="autossh-tunnel.service" +SERVICEFILE="/etc/systemd/system/"+SERVICENAME +SERVICETEMPLATE="""# see config script internet.sshtunnel.py +[Unit] +Description=AutoSSH tunnel service +After=network.target + +[Service] +User=root +Group=root +Environment="AUTOSSH_GATETIME=0" +ExecStart=/usr/bin/autossh -M 0 -N -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" [PLACEHOLDER] +StandardOutput=journal + +[Install] +WantedBy=multi-user.target +""" + # # SWITCHING ON # if sys.argv[1] == "on": - # check if already running -> systemctl is-enabled autossh-tunnel.service - alreadyRunning = subprocess.check_output('systemctl is-enabled autossh-tunnel.service' ,shell=True, universal_newlines=True) - print(alreadyRunning) - if str(alreadyRunning).count("enabled") > 0: - print("already running - run 'internet.sshtunnel.py off' first") + # check if already running + already_running = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) + if str(already_running).count("enabled") > 0: + print("already ON - run 'internet.sshtunnel.py off' first") + sys.exit(1) + + # check server address + ssh_server = sys.argv[2] + if ssh_server.count("@") != 1: + print(f"[USER]@[SERVER] wrong - use 'internet.sshtunnel.py -h' for help") + sys.exit(1) + + # check minimal forwardings + if len(sys.argv) < 4: + print("[INTERNAL-PORT]:[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first") sys.exit(1) - print ("TODO: Switch ON") + # genenate additional parameter for autossh (forwarding ports) + additional_parameters="" + i = 3 + while i < len(sys.argv): + + # check forwarding format + if sys.argv[i].count(":") != 1: + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] wrong format '{sys.argv[i]}'") + sys.exit(1) + + # get ports + ports = sys.argv[i].split(":") + port_internal = ports[0] + port_external = ports[1] + if port_internal.isdigit() == False: + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '{sys.argv[i]}'") + sys.exit(1) + if port_external.isdigit() == False: + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '{sys.argv[i]}'") + sys.exit(1) + + additional_parameters= additional_parameters + f"-R {port_external}:localhost:{port_internal} " + i=i+1 + + # genenate additional parameter for autossh (server) + additional_parameters= additional_parameters + ssh_server + + # generate custom service config + service_data = SERVICETEMPLATE.replace("[PLACEHOLDER]", additional_parameters) + + # DEBUG exit + print("****** SERVICE ******") + print(service_data) + sys.exit(0) + + # write service file + service_file = open(SERVICEFILE, "w") + service_file.write(service_data) + service_file.close() + + # enable service + print(f"*** Enabling systemd service: {{SERVICENAME}}") + subprocess.call(f"systemctl daemon-reload", shell=True) + subprocess.call(f"systemctl enable {SERVICENAME}", shell=True) + print() + + # final info (can be ignored if run by other script) + print(f"*** OK - SSH TUNNEL SERVICE STARTED ***") + print(f"- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") + print(f"- Tunnel service needs final reboot to start.") + print(f"- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") # # SWITCHING OFF @@ -30,6 +113,12 @@ if sys.argv[1] == "on": elif sys.argv[1] == "off": + # check if already disabled + alreadyRunning = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) + if str(alreadyRunning).count("enabled") == 0: + print("Was already OFF") + sys.exit(0) + print ("TODO: Switch OFF") # From 8bfb11b63ecff696a711616cc06b993cfe4042ea Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 01:25:36 +0100 Subject: [PATCH 13/67] string replacement --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index d2acc0a..47eceb4 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -39,7 +39,7 @@ WantedBy=multi-user.target if sys.argv[1] == "on": # check if already running - already_running = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) + already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) if str(already_running).count("enabled") > 0: print("already ON - run 'internet.sshtunnel.py off' first") sys.exit(1) From e5406ca5b8b37b1b96145c55a39d4a3db708df1c Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 01:40:14 +0100 Subject: [PATCH 14/67] string replacement changed --- .../config.scripts/internet.sshtunnel.py | 23 ++++++++++--------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 47eceb4..3328fca 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -40,6 +40,7 @@ if sys.argv[1] == "on": # check if already running already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + print(already_running) if str(already_running).count("enabled") > 0: print("already ON - run 'internet.sshtunnel.py off' first") sys.exit(1) @@ -47,7 +48,7 @@ if sys.argv[1] == "on": # check server address ssh_server = sys.argv[2] if ssh_server.count("@") != 1: - print(f"[USER]@[SERVER] wrong - use 'internet.sshtunnel.py -h' for help") + print("[USER]@[SERVER] wrong - use 'internet.sshtunnel.py -h' for help") sys.exit(1) # check minimal forwardings @@ -62,7 +63,7 @@ if sys.argv[1] == "on": # check forwarding format if sys.argv[i].count(":") != 1: - print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] wrong format '{sys.argv[i]}'") + print("[INTERNAL-PORT]:[EXTERNAL-PORT] wrong format '%s'" % (sys.argv[i])) sys.exit(1) # get ports @@ -70,13 +71,13 @@ if sys.argv[1] == "on": port_internal = ports[0] port_external = ports[1] if port_internal.isdigit() == False: - print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '{sys.argv[i]}'") + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i])) sys.exit(1) if port_external.isdigit() == False: - print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '{sys.argv[i]}'") + print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) sys.exit(1) - additional_parameters= additional_parameters + f"-R {port_external}:localhost:{port_internal} " + additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external,port_internal) i=i+1 # genenate additional parameter for autossh (server) @@ -98,14 +99,14 @@ if sys.argv[1] == "on": # enable service print(f"*** Enabling systemd service: {{SERVICENAME}}") subprocess.call(f"systemctl daemon-reload", shell=True) - subprocess.call(f"systemctl enable {SERVICENAME}", shell=True) + #subprocess.call(f"systemctl enable {SERVICENAME}", shell=True) print() # final info (can be ignored if run by other script) print(f"*** OK - SSH TUNNEL SERVICE STARTED ***") print(f"- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") print(f"- Tunnel service needs final reboot to start.") - print(f"- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") + #print(f"- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") # # SWITCHING OFF @@ -114,10 +115,10 @@ if sys.argv[1] == "on": elif sys.argv[1] == "off": # check if already disabled - alreadyRunning = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) - if str(alreadyRunning).count("enabled") == 0: - print("Was already OFF") - sys.exit(0) + #alreadyRunning = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) + #if str(alreadyRunning).count("enabled") == 0: + # print("Was already OFF") + # sys.exit(0) print ("TODO: Switch OFF") From 2cb768e7e225f7d2acf5c95d9709d4eaae2cc58f Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 01:41:00 +0100 Subject: [PATCH 15/67] debug line --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 3328fca..19bea20 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -104,7 +104,7 @@ if sys.argv[1] == "on": # final info (can be ignored if run by other script) print(f"*** OK - SSH TUNNEL SERVICE STARTED ***") - print(f"- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") + #print(f"- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") print(f"- Tunnel service needs final reboot to start.") #print(f"- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") From f5a9e37c06db1ae80b1747673f258cf65c53aaa1 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 01:42:25 +0100 Subject: [PATCH 16/67] fix strings --- home.admin/config.scripts/internet.sshtunnel.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 19bea20..9323e67 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -71,10 +71,10 @@ if sys.argv[1] == "on": port_internal = ports[0] port_external = ports[1] if port_internal.isdigit() == False: - print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i])) + print("[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i])) sys.exit(1) if port_external.isdigit() == False: - print(f"[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) + print("[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) sys.exit(1) additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external,port_internal) @@ -97,16 +97,16 @@ if sys.argv[1] == "on": service_file.close() # enable service - print(f"*** Enabling systemd service: {{SERVICENAME}}") - subprocess.call(f"systemctl daemon-reload", shell=True) + print("*** Enabling systemd service: SERVICENAME") + subprocess.call("systemctl daemon-reload", shell=True) #subprocess.call(f"systemctl enable {SERVICENAME}", shell=True) print() # final info (can be ignored if run by other script) - print(f"*** OK - SSH TUNNEL SERVICE STARTED ***") - #print(f"- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") - print(f"- Tunnel service needs final reboot to start.") - #print(f"- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") + print("*** OK - SSH TUNNEL SERVICE STARTED ***") + #print("- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") + print("- Tunnel service needs final reboot to start.") + #print("- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") # # SWITCHING OFF From e8bc313a7fa53446c8d5790146904c59f6d47302 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 01:51:11 +0100 Subject: [PATCH 17/67] temp test remove --- home.admin/config.scripts/internet.sshtunnel.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 9323e67..31e437e 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -39,11 +39,10 @@ WantedBy=multi-user.target if sys.argv[1] == "on": # check if already running - already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) - print(already_running) - if str(already_running).count("enabled") > 0: - print("already ON - run 'internet.sshtunnel.py off' first") - sys.exit(1) + #already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + #if str(already_running).count("enabled") > 0: + # print("already ON - run 'internet.sshtunnel.py off' first") + # sys.exit(1) # check server address ssh_server = sys.argv[2] From 65bf544883d736760000c9d00eccdbcacac1b838 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 01:53:28 +0100 Subject: [PATCH 18/67] fix validating data --- home.admin/config.scripts/internet.sshtunnel.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 31e437e..8809eeb 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -45,17 +45,18 @@ if sys.argv[1] == "on": # sys.exit(1) # check server address - ssh_server = sys.argv[2] - if ssh_server.count("@") != 1: + if len(sys.argv) < 3: + print("[USER]@[SERVER] missing - use 'internet.sshtunnel.py -h' for help") + sys.exit(1) + if sys.argv[2].count("@") != 1: print("[USER]@[SERVER] wrong - use 'internet.sshtunnel.py -h' for help") sys.exit(1) + ssh_server = sys.argv[2] - # check minimal forwardings + # genenate additional parameter for autossh (forwarding ports) if len(sys.argv) < 4: print("[INTERNAL-PORT]:[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first") sys.exit(1) - - # genenate additional parameter for autossh (forwarding ports) additional_parameters="" i = 3 while i < len(sys.argv): From dfe765ac88f8a9a0d91f05cb4ae224fc8f5182c7 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 02:54:30 +0100 Subject: [PATCH 19/67] FAQ and switch off --- FAQ.md | 59 +++++++++++++++++ build_sdcard.sh | 3 + .../config.scripts/internet.sshtunnel.py | 66 ++++++++++++++----- 3 files changed, 110 insertions(+), 18 deletions(-) diff --git a/FAQ.md b/FAQ.md index 3902cb8..429936d 100644 --- a/FAQ.md +++ b/FAQ.md @@ -624,3 +624,62 @@ If that not works ry to ping the IP of the RaspiBlitz with `ping [IP-of-RaspiBli - Some Routers have `IP Isolation` switched on - not allowing to devices to connect If that all is not working: Join the conversation on [GitHub Issue #420](https://github.com/rootzoll/raspiblitz/issues/420). + +## How to setup port-forwarding with a SSH tunnel? + +To use a public server for port-forwarding thru a SSH tunnel you can use the following experimental script on the RaspiBlitz (since v1.2): + +`/home/admin/config.scripts/internet.sshtunnel.py` + +But first you need to make sure that the public server you are using is supporting SSH reverse tunneling and authentification by public authorized key. Check the `/etc/ssh/sshd_config` on the public server to contain the following settings: + +``` +RSAAuthentication yes +PubkeyAuthentication yes +GatewayPorts yes +AllowTcpForwarding yes +``` + +You can add those at the end of the file, save and reboot. + +On the RaspiBlitz you can then setup for example to forward the gRPC port 10009 (internal port) to the port 20009 on the public server (external port) with the user = `test` and server address = `raspiblitz.com` with the following command: + +`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009:20009` + +You can even set multiple port forwardings like with: + +`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009:20009 8080:9090` + +Please beware that after you set such a port forwarding you need to set the domain of the public server as a `DynamicDNS` name (leave update url empty) and then connect mobile wallets fresh or export again the macaroons/certs. When connecting the mobile wallets you may need to adjust ports manually after QR code scan. And if you SSH tunnel the LND node port `9735` you may also need to sun the custom LND port script and maybe also a manual set of the domain in the LND service is needed. This all is very experimental at the moment ... better integration will come in the future. + +To switch this SSH tunneling off again use: + +`/home/admin/config.scripts/internet.sshtunnel.py off` and also deactivate the DynamicDNS again. + +## How to setup just a port-forwarding user on my public server? + +Make sure the `/etc/ssh/sshd_config` has the following lines at the end: + +``` +RSAAuthentication yes +PubkeyAuthentication yes +GatewayPorts yes +AllowTcpForwarding yes +AuthorizedKeysFile /etc/ssh/authorized_keys/%u +``` + +The last one stores all authorized_keys in one directory with a file per user. See https://serverfault.com/questions/313465/is-a-central-location-for-authorized-keys-a-good-idea#424659 To prepare this run: +``` +mkdir /etc/ssh/authorized_keys +groupadd forwardings +``` + +To add a forwarding user run: +``` +useradd -g forwardings -d /home [USERNAME] +echo "command="date" [CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]" > /etc/ssh/authorized_keys/[USERNAME] +passwd [USERNAME] +``` + +The `[CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]` you get when running the `internet.sshtunnel.py` script on the RaspiBlitz (see above). + diff --git a/build_sdcard.sh b/build_sdcard.sh index f1a00af..4d44cd1 100644 --- a/build_sdcard.sh +++ b/build_sdcard.sh @@ -237,6 +237,9 @@ sudo apt-get install -y vnstat # prepare for BTRFS data drive raid sudo apt-get install -y btrfs-tools +# prepare for ssh reverse tunneling +sudo apt-get install -y autossh + # prepare for display graphics mode # see https://github.com/rootzoll/raspiblitz/pull/334 sudo apt-get install -y fbi diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 8809eeb..dc87da3 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -39,10 +39,10 @@ WantedBy=multi-user.target if sys.argv[1] == "on": # check if already running - #already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) - #if str(already_running).count("enabled") > 0: - # print("already ON - run 'internet.sshtunnel.py off' first") - # sys.exit(1) + already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + if str(already_running).count("enabled") > 0: + print("already ON - run 'internet.sshtunnel.py off' first") + sys.exit(1) # check server address if len(sys.argv) < 3: @@ -87,26 +87,50 @@ if sys.argv[1] == "on": service_data = SERVICETEMPLATE.replace("[PLACEHOLDER]", additional_parameters) # DEBUG exit - print("****** SERVICE ******") + print() + print("*** New systemd service: %s" % (SERVICENAME)) print(service_data) - sys.exit(0) # write service file service_file = open(SERVICEFILE, "w") service_file.write(service_data) service_file.close() + # check if SSH keys for root user need to be created + print() + print("*** Checking root SSH keys") + if Path("/home/root/.ssh/id_rsa.pub").exists() == False: + print("Generating root SSH keys ...") + subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N """, shell=True) + print("DONE") + else: + print("OK - root id_rsa.pub file exists") + ssh_pubkey="" + with open('/home/root/.ssh/id_rsa.pub', 'r') as file: + ssh_pubkey = file.read().replace('\n', '') + + # make sure autossh is installed + # https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/ + print() + print("*** Install autossh") + subprocess.call("sudo apt-get install -y autossh", shell=True) + # enable service - print("*** Enabling systemd service: SERVICENAME") - subprocess.call("systemctl daemon-reload", shell=True) - #subprocess.call(f"systemctl enable {SERVICENAME}", shell=True) print() + print("*** Enabling systemd service: %s" % (SERVICENAME)) + subprocess.call("sudo systemctl daemon-reload", shell=True) + subprocess.call("sudo systemctl enable %s" % (SERVICENAME), shell=True) # final info (can be ignored if run by other script) - print("*** OK - SSH TUNNEL SERVICE STARTED ***") - #print("- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of {} ") + print() + print("*** OK - SSH TUNNEL SERVICE DONE SETUP ***") + print("For details see chapter '' in:") + print("https://github.com/rootzoll/raspiblitz/blob/master/FAQ.md") print("- Tunnel service needs final reboot to start.") - #print("- After reboot check logs: sudo journalctl -f -u {SERVICENAME}") + print("- After reboot check logs: sudo journalctl -f -u %s" % (SERVICENAME)) + print("- Make sure the SSH pub key of this RaspiBlitz is in 'authorized_keys' of %s :" % (ssh_server)) + print(ssh_pubkey) + print() # # SWITCHING OFF @@ -115,12 +139,18 @@ if sys.argv[1] == "on": elif sys.argv[1] == "off": # check if already disabled - #alreadyRunning = subprocess.check_output(f"systemctl is-enabled {SERVICENAME}" ,shell=True, universal_newlines=True) - #if str(alreadyRunning).count("enabled") == 0: - # print("Was already OFF") - # sys.exit(0) - - print ("TODO: Switch OFF") + alreadyRunning = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + if str(alreadyRunning).count("enabled") == 0: + print("Was already OFF") + sys.exit(0) + + print("*** Disabling systemd service: %s" % (SERVICENAME)) + subprocess.call("sudo systemctl stop %s" % (SERVICENAME), shell=True) + subprocess.call("sudo systemctl disable %s" % (SERVICENAME), shell=True) + subprocess.call("sudo rm %s" % (SERVICEFILE), shell=True) + subprocess.call("sudo systemctl daemon-reload", shell=True) + print("OK Done") + print() # # UNKOWN PARAMETER From c4d494db878d0dcabc125170324634625fbe33ba Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:00:24 +0100 Subject: [PATCH 20/67] add try catch --- home.admin/config.scripts/internet.sshtunnel.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index dc87da3..402a7e3 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -39,7 +39,10 @@ WantedBy=multi-user.target if sys.argv[1] == "on": # check if already running - already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + try: + already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + except subprocess.CalledProcessError as e: + already_running = "disabled" if str(already_running).count("enabled") > 0: print("already ON - run 'internet.sshtunnel.py off' first") sys.exit(1) @@ -139,7 +142,10 @@ if sys.argv[1] == "on": elif sys.argv[1] == "off": # check if already disabled - alreadyRunning = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + try: + alreadyRunning = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + except subprocess.CalledProcessError as e: + already_running = "disabled" if str(alreadyRunning).count("enabled") == 0: print("Was already OFF") sys.exit(0) From 7d8b7c7bfcf5529627cadb10a98bf6e7e89450ea Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:04:35 +0100 Subject: [PATCH 21/67] sudo file write --- home.admin/config.scripts/internet.sshtunnel.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 402a7e3..fc82ebc 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -95,9 +95,10 @@ if sys.argv[1] == "on": print(service_data) # write service file - service_file = open(SERVICEFILE, "w") + service_file = open("./temp.service", "w") service_file.write(service_data) service_file.close() + subprocess.call("sudo mv ./temp.service SERVICEFILE", shell=True) # check if SSH keys for root user need to be created print() From e12ed58107d89070cf73bf2119b847e83a60d5f9 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:07:04 +0100 Subject: [PATCH 22/67] better check if running --- home.admin/config.scripts/internet.sshtunnel.py | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index fc82ebc..eda5911 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -40,12 +40,10 @@ if sys.argv[1] == "on": # check if already running try: - already_running = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + subprocess.call("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) except subprocess.CalledProcessError as e: - already_running = "disabled" - if str(already_running).count("enabled") > 0: - print("already ON - run 'internet.sshtunnel.py off' first") - sys.exit(1) + print("already ON - run 'internet.sshtunnel.py off' first") + sys.exit(1) # check server address if len(sys.argv) < 3: @@ -144,12 +142,10 @@ elif sys.argv[1] == "off": # check if already disabled try: - alreadyRunning = subprocess.check_output("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + subprocess.call("systemctl is-disabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) except subprocess.CalledProcessError as e: - already_running = "disabled" - if str(alreadyRunning).count("enabled") == 0: - print("Was already OFF") - sys.exit(0) + print("Was already OFF") + sys.exit(0) print("*** Disabling systemd service: %s" % (SERVICENAME)) subprocess.call("sudo systemctl stop %s" % (SERVICENAME), shell=True) From 17bd13e580d1a224aa2774f101e56266a80f4553 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:09:52 +0100 Subject: [PATCH 23/67] quote escaping --- home.admin/config.scripts/internet.sshtunnel.py | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index eda5911..dae877c 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -103,7 +103,7 @@ if sys.argv[1] == "on": print("*** Checking root SSH keys") if Path("/home/root/.ssh/id_rsa.pub").exists() == False: print("Generating root SSH keys ...") - subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N """, shell=True) + subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"", shell=True) print("DONE") else: print("OK - root id_rsa.pub file exists") @@ -140,13 +140,6 @@ if sys.argv[1] == "on": elif sys.argv[1] == "off": - # check if already disabled - try: - subprocess.call("systemctl is-disabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) - except subprocess.CalledProcessError as e: - print("Was already OFF") - sys.exit(0) - print("*** Disabling systemd service: %s" % (SERVICENAME)) subprocess.call("sudo systemctl stop %s" % (SERVICENAME), shell=True) subprocess.call("sudo systemctl disable %s" % (SERVICENAME), shell=True) From 1e97f1e3a7d0facd610c7497689df57ef1f8307c Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:15:53 +0100 Subject: [PATCH 24/67] sudo read file --- home.admin/config.scripts/internet.sshtunnel.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index dae877c..4e7bc62 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -107,9 +107,7 @@ if sys.argv[1] == "on": print("DONE") else: print("OK - root id_rsa.pub file exists") - ssh_pubkey="" - with open('/home/root/.ssh/id_rsa.pub', 'r') as file: - ssh_pubkey = file.read().replace('\n', '') + ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) # make sure autossh is installed # https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/ From 6d16b9f5e7ee097e23ae69b1527605c812fb7e0d Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:16:54 +0100 Subject: [PATCH 25/67] fix test path --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 4e7bc62..861145e 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -101,7 +101,7 @@ if sys.argv[1] == "on": # check if SSH keys for root user need to be created print() print("*** Checking root SSH keys") - if Path("/home/root/.ssh/id_rsa.pub").exists() == False: + if Path("/root/.ssh/id_rsa.pub").exists() == False: print("Generating root SSH keys ...") subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"", shell=True) print("DONE") From b2d9ef816106e4a113aaf77059732d3e44388156 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:22:00 +0100 Subject: [PATCH 26/67] fix sudo file exists --- home.admin/config.scripts/internet.sshtunnel.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 861145e..a5162c3 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -87,7 +87,7 @@ if sys.argv[1] == "on": # generate custom service config service_data = SERVICETEMPLATE.replace("[PLACEHOLDER]", additional_parameters) - # DEBUG exit + # debug print out service print() print("*** New systemd service: %s" % (SERVICENAME)) print(service_data) @@ -101,7 +101,9 @@ if sys.argv[1] == "on": # check if SSH keys for root user need to be created print() print("*** Checking root SSH keys") - if Path("/root/.ssh/id_rsa.pub").exists() == False: + sshkeys_exist = subprocess.check_output("sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub'", shell=True, universal_newlines=True) + print(sshkeys_exist) + if str(sshkeys_exist).count("1") == 0: print("Generating root SSH keys ...") subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"", shell=True) print("DONE") From f93e92653407d667997c7ed1b515829e4983db78 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:27:52 +0100 Subject: [PATCH 27/67] work with expection --- home.admin/config.scripts/internet.sshtunnel.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index a5162c3..7e50041 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -101,14 +101,13 @@ if sys.argv[1] == "on": # check if SSH keys for root user need to be created print() print("*** Checking root SSH keys") - sshkeys_exist = subprocess.check_output("sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub'", shell=True, universal_newlines=True) - print(sshkeys_exist) - if str(sshkeys_exist).count("1") == 0: + try: + subprocess.call("sudo ls /root/.ssh/id_rsa.pub", shell=True) + print("OK - root id_rsa.pub file exists") + except subprocess.CalledProcessError as e: print("Generating root SSH keys ...") subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"", shell=True) print("DONE") - else: - print("OK - root id_rsa.pub file exists") ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) # make sure autossh is installed From 6a30534d71fe9147d26477ec61ab8947e020c6b9 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:29:52 +0100 Subject: [PATCH 28/67] add grep to trigger excpetion --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 7e50041..39ed574 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -102,7 +102,7 @@ if sys.argv[1] == "on": print() print("*** Checking root SSH keys") try: - subprocess.call("sudo ls /root/.ssh/id_rsa.pub", shell=True) + subprocess.call("sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub'", shell=True) print("OK - root id_rsa.pub file exists") except subprocess.CalledProcessError as e: print("Generating root SSH keys ...") From cb63c971402b076f3d1329bfaa662c3a54ffa1a7 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:33:04 +0100 Subject: [PATCH 29/67] exception trigger --- home.admin/config.scripts/internet.sshtunnel.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 39ed574..fa7276b 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -100,16 +100,17 @@ if sys.argv[1] == "on": # check if SSH keys for root user need to be created print() - print("*** Checking root SSH keys") + print("*** Checking root SSH pub keys") + ssh_pubkey="" try: - subprocess.call("sudo ls /root/.ssh/id_rsa.pub | grep -c 'id_rsa.pub'", shell=True) + ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) print("OK - root id_rsa.pub file exists") except subprocess.CalledProcessError as e: print("Generating root SSH keys ...") subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"", shell=True) + ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) print("DONE") - ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) - + # make sure autossh is installed # https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/ print() From a588508c56908680d367c8c3be09a5a61c2c8d6e Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:45:53 +0100 Subject: [PATCH 30/67] force overwrite ssh --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index fa7276b..7d0bd37 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -107,7 +107,7 @@ if sys.argv[1] == "on": print("OK - root id_rsa.pub file exists") except subprocess.CalledProcessError as e: print("Generating root SSH keys ...") - subprocess.call("sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"", shell=True) + subprocess.call("sudo sh -c 'yes y | sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"'", shell=True) ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) print("DONE") From 29327b313d6f09d4529f05f9c96a45b10c3217c2 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:48:57 +0100 Subject: [PATCH 31/67] fix creation of service file --- home.admin/config.scripts/internet.sshtunnel.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 7d0bd37..46e298d 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -93,10 +93,10 @@ if sys.argv[1] == "on": print(service_data) # write service file - service_file = open("./temp.service", "w") + service_file = open("/home/admin/temp.service", "w") service_file.write(service_data) service_file.close() - subprocess.call("sudo mv ./temp.service SERVICEFILE", shell=True) + subprocess.call("sudo mv /home/admin/temp.service %s" % (SERVICEFILE), shell=True) # check if SSH keys for root user need to be created print() From 2f68add49d35e85116bf7e2e2c73bb2c119eb618 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 03:50:08 +0100 Subject: [PATCH 32/67] FAQ link --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 46e298d..b19f374 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -126,7 +126,7 @@ if sys.argv[1] == "on": # final info (can be ignored if run by other script) print() print("*** OK - SSH TUNNEL SERVICE DONE SETUP ***") - print("For details see chapter '' in:") + print("See chapter 'How to setup port-forwarding with a SSH tunnel?' in:") print("https://github.com/rootzoll/raspiblitz/blob/master/FAQ.md") print("- Tunnel service needs final reboot to start.") print("- After reboot check logs: sudo journalctl -f -u %s" % (SERVICENAME)) From 703624f48cb8932a8625f89ecb0c9be842697d4e Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 15:45:43 +0100 Subject: [PATCH 33/67] comment on how to follow logs on tunnel --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index b19f374..9898562 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -12,7 +12,7 @@ if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": # # CONSTANTS -# +# sudo journalctl -f -u autossh-tunnel SERVICENAME="autossh-tunnel.service" SERVICEFILE="/etc/systemd/system/"+SERVICENAME From 4d4227066622caa62389e845a27155b1e41f711d Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 19:16:37 +0100 Subject: [PATCH 34/67] backup ssh and raspiconfig --- .../config.scripts/internet.sshtunnel.py | 32 +++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 9898562..aad7d86 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -1,6 +1,6 @@ #!/usr/bin/python3 -import sys, subprocess +import sys, subprocess, re from pathlib import Path # display config script info @@ -82,6 +82,7 @@ if sys.argv[1] == "on": i=i+1 # genenate additional parameter for autossh (server) + ssh_ports= additional_parameters.strip() additional_parameters= additional_parameters + ssh_server # generate custom service config @@ -109,8 +110,25 @@ if sys.argv[1] == "on": print("Generating root SSH keys ...") subprocess.call("sudo sh -c 'yes y | sudo -u root ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N \"\"'", shell=True) ssh_pubkey = subprocess.check_output("sudo cat /root/.ssh/id_rsa.pub", shell=True, universal_newlines=True) - print("DONE") + # copy SSH keys for backup (for update with new sd card) + print("making backup copy of SSH keys") + subprocess.call("sudo cp -r /root/.ssh /mnt/hdd/ssh/root_backup", shell=True) + print("DONE") + + # write ssh tunnel data to raspiblitz config (for update with new sd card) + print("*** Updating RaspiBlitz Config") + with open('/mnt/hdd/raspiblitz.conf') as f: + file_content = f.read() + if file_content.count("sshtunnel=") == 0: + file_content = file_content+"\nsshtunnel=''" + file_content = re.sub("sshtunnel=.*", "sshtunnel='%s %s'" % (ssh_server, ssh_ports), file_content) + file_content = re.sub("\n\n", "\n", file_content) + print(file_content) + with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: + text_file.write(file_content+"\n") + print("DONE") + # make sure autossh is installed # https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/ print() @@ -148,6 +166,16 @@ elif sys.argv[1] == "off": print("OK Done") print() + print("*** Removing SSH Tunnel data from RaspiBlitz config") + with open('/mnt/hdd/raspiblitz.conf') as f: + file_content = f.read() + file_content = re.sub("sshtunnel=.*", "", file_content) + file_content = re.sub("\n\n", "\n", file_content) + print(file_content) + with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: + text_file.write(file_content) + print("OK Done") + # # UNKOWN PARAMETER # From 324420a163de0937bb6809bc17b1576cb90be401 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 21:00:39 +0100 Subject: [PATCH 35/67] #324 & #485 --- home.admin/_bootstrap.provision.sh | 53 +++++++++++++++++++ .../config.scripts/internet.sshtunnel.py | 14 ++++- 2 files changed, 66 insertions(+), 1 deletion(-) diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index 77a344e..946530f 100644 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -82,6 +82,21 @@ sed -i "6s/.*/After=${network}d.service/" /home/admin/assets/lnd.service >> ${lo sudo cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service >> ${logFile} 2>&1 sudo chmod +x /etc/systemd/system/lnd.service >> ${logFile} 2>&1 +# backup LND dir (especially for macaroons and tlscerts) +# https://github.com/rootzoll/raspiblitz/issues/324 +echo "*** Make backup of LND directory" >> ${logFile} +sudo rm -r /mnt/hdd/backup_lnd +sudo cp -r /mnt/hdd/lnd /mnt/hdd/backup_lnd >> ${logFile} 2>&1 +numOfDiffers=$(sudo diff -arq /mnt/hdd/lnd /mnt/hdd/backup_lnd | grep -c "differ") +if [ ${numOfDiffers} -gt 0 ]; then + echo "FAIL: Backup was not successfull" >> ${logFile} + sudo diff -arq /mnt/hdd/lnd /mnt/hdd/backup_lnd >> ${logFile} 2>&1 + echo "removing backup dir to prevent false override" >> ${logFile} +else + echo "OK Backup is valid." >> ${logFile} +fi +echo "" >> ${logFile} + # finish setup (SWAP, Benus, Firewall, Update, ..) sudo sed -i "s/^message=.*/message='Setup System ..'/g" ${infoFile} /home/admin/90finishSetup.sh >> ${logFile} 2>&1 @@ -170,6 +185,44 @@ else echo "Was not able to get LND port from config." >> ${logFile} fi +# SSH TUNNEL +if [ "${#sshtunnel}" -gt 0 ]; then + echo "Provisioning SSH Tunnel - run config script" >> ${logFile} + sudo sed -i "s/^message=.*/message='Setup SSH Tunnel'/g" ${infoFile} + sudo /home/admin/config.scripts/internet.sshtunnel.py restore ${sshtunnel} >> ${logFile} 2>&1 +else + echo "Provisioning SSH Tunnel - keep default" >> ${logFile} +fi + +# ROOT SSH KEYS +# check if a backup on HDD exists and when retsore back +backupRootSSH=$(sudo ls /mnt/hdd/ssh/root_backup 2>/dev/null | grep -c "id_rsa") +if [ ${backupRootSSH} -gt 0 ]; then + echo "Provisioning Root SSH Keys - RESTORING from HDD" >> ${logFile} + sudo cp -r /mnt/hdd/ssh/root_backup /root/.ssh + sudo chown -R root:root /root/.ssh +else + echo "Provisioning Root SSH Keys - keep default" >> ${logFile} +fi + +# replay backup LND dir (especially for macaroons and tlscerts) +# https://github.com/rootzoll/raspiblitz/issues/324 +echo "" >> ${logFile} +echo "*** Replay backup of LND directory" >> ${logFile} +if [ -d "/mnt/hdd/backup_lnd" ]; then + echo "Copying ..." >> ${logFile} + sudo cp -r /mnt/hdd/backup_lnd /mnt/hdd/lnd >> ${logFile} 2>&1 + echo "Updating user admin creds ..." >> ${logFile} + sudo cp /mnt/hdd/lnd/lnd.conf /home/admin/.lnd/lnd.conf >> ${logFile} 2>&1 + sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd/tls.cert >> ${logFile} 2>&1 + sudo cp -r /mnt/hdd/lnd/data/chain /home/admin/.lnd/data/chain >> ${logFile} 2>&1 + sudo chown -R admin:admin /home/admin/.lnd >> ${logFile} 2>&1 + echo "DONE" >> ${logFile} +else + echo "No BackupDir so skipping that step." >> ${logFile} +fi +echo "" >> ${logFile} + sudo sed -i "s/^message=.*/message='Setup Done'/g" ${infoFile} echo "DONE - Give raspi some cool off time after hard building .... 20 secs sleep" >> ${logFile} diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index aad7d86..f3968cc 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -6,13 +6,14 @@ from pathlib import Path # display config script info if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": print("forward ports from another server to raspiblitz with reverse SSH tunnel") - print("internet.sshtunnel.py [on|off] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]") + print("internet.sshtunnel.py [on|off|restore] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]") print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings") sys.exit(1) # # CONSTANTS # sudo journalctl -f -u autossh-tunnel +# SERVICENAME="autossh-tunnel.service" SERVICEFILE="/etc/systemd/system/"+SERVICENAME @@ -32,6 +33,17 @@ StandardOutput=journal WantedBy=multi-user.target """ +# +# RESTORE = SWITCHING ON with restore flag on +# on restore other external scripts dont need calling +# + +restoringOnUpdate = False +if sys.argv[1] == "restore": + print("internet.sshtunnel.py -> running with restore flag") + sys.argv[1] = "on" + restoringOnUpdate = True + # # SWITCHING ON # From ef99172712cfb87d3a002d5dfd74bb152ca28592 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 21:46:56 +0100 Subject: [PATCH 36/67] changed syntax to allow local ssh tunnel in future --- FAQ.md | 4 ++-- .../config.scripts/internet.sshtunnel.py | 20 +++++++++++-------- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/FAQ.md b/FAQ.md index 429936d..4b46bf7 100644 --- a/FAQ.md +++ b/FAQ.md @@ -644,11 +644,11 @@ You can add those at the end of the file, save and reboot. On the RaspiBlitz you can then setup for example to forward the gRPC port 10009 (internal port) to the port 20009 on the public server (external port) with the user = `test` and server address = `raspiblitz.com` with the following command: -`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009:20009` +`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009<20009` You can even set multiple port forwardings like with: -`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009:20009 8080:9090` +`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009<20009 8080<9090` Please beware that after you set such a port forwarding you need to set the domain of the public server as a `DynamicDNS` name (leave update url empty) and then connect mobile wallets fresh or export again the macaroons/certs. When connecting the mobile wallets you may need to adjust ports manually after QR code scan. And if you SSH tunnel the LND node port `9735` you may also need to sun the custom LND port script and maybe also a manual set of the domain in the LND service is needed. This all is very experimental at the moment ... better integration will come in the future. diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index f3968cc..9cd792e 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -3,11 +3,15 @@ import sys, subprocess, re from pathlib import Path +# IDEA: At the momemt its just Reverse-SSh Tunnels thats why [INTERNAL-PORT]<[EXTERNAL-PORT] +# For the future also just local ssh tunnels could be added with [INTERNAL-PORT]>[EXTERNAL-PORT] +# for the use case when a server wants to use a RaspiBlitz behind a NAT as Lightning backend + # display config script info if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": print("forward ports from another server to raspiblitz with reverse SSH tunnel") - print("internet.sshtunnel.py [on|off|restore] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]") - print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings") + print("internet.sshtunnel.py [on|off|restore] [USER]@[SERVER] [INTERNAL-PORT]<[EXTERNAL-PORT]") + print("note that [INTERNAL-PORT]<[EXTERNAL-PORT] can one or multiple forwardings") sys.exit(1) # @@ -68,26 +72,26 @@ if sys.argv[1] == "on": # genenate additional parameter for autossh (forwarding ports) if len(sys.argv) < 4: - print("[INTERNAL-PORT]:[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first") + print("[INTERNAL-PORT]<[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first") sys.exit(1) additional_parameters="" i = 3 while i < len(sys.argv): # check forwarding format - if sys.argv[i].count(":") != 1: - print("[INTERNAL-PORT]:[EXTERNAL-PORT] wrong format '%s'" % (sys.argv[i])) + if sys.argv[i].count("<") != 1: + print("[INTERNAL-PORT]<[EXTERNAL-PORT] wrong format '%s'" % (sys.argv[i])) sys.exit(1) # get ports - ports = sys.argv[i].split(":") + ports = sys.argv[i].split("<") port_internal = ports[0] port_external = ports[1] if port_internal.isdigit() == False: - print("[INTERNAL-PORT]:[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i])) + print("[INTERNAL-PORT]<[EXTERNAL-PORT] internal not number '%s'" % (sys.argv[i])) sys.exit(1) if port_external.isdigit() == False: - print("[INTERNAL-PORT]:[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) + print("[INTERNAL-PORT]<[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) sys.exit(1) additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external,port_internal) From 157f5ba5da557015b25fb4048f365402aebb2675 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 21:55:52 +0100 Subject: [PATCH 37/67] fix already running detection --- home.admin/config.scripts/internet.sshtunnel.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 9cd792e..537a9c9 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -56,10 +56,11 @@ if sys.argv[1] == "on": # check if already running try: - subprocess.call("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + subprocess.call("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + print("already ON - run 'internet.sshtunnel.py off' first") + sys.exit(1) except subprocess.CalledProcessError as e: - print("already ON - run 'internet.sshtunnel.py off' first") - sys.exit(1) + print("*** Installing SSH TUNNEL") # check server address if len(sys.argv) < 3: From ff459cbc690d7cbb8a068ad4366938385593b402 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 22:07:54 +0100 Subject: [PATCH 38/67] another test if running --- home.admin/config.scripts/internet.sshtunnel.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 537a9c9..cacc499 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -55,12 +55,11 @@ if sys.argv[1] == "restore": if sys.argv[1] == "on": # check if already running - try: - subprocess.call("systemctl is-enabled %s" % (SERVICENAME) ,shell=True, universal_newlines=True) - print("already ON - run 'internet.sshtunnel.py off' first") - sys.exit(1) - except subprocess.CalledProcessError as e: - print("*** Installing SSH TUNNEL") + isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep 'autossh-tunnel' -c %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + print(isRunning) + if int(str(isRunning)) > 1: + print("already ON - run 'internet.sshtunnel.py off' first") + sys.exit(1) # check server address if len(sys.argv) < 3: From 0b2f7dfebec5b269b21826b3b31c586b0f143016 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 22:09:52 +0100 Subject: [PATCH 39/67] fix subprocess return --- home.admin/config.scripts/internet.sshtunnel.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index cacc499..5619ff2 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -55,9 +55,9 @@ if sys.argv[1] == "restore": if sys.argv[1] == "on": # check if already running - isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep 'autossh-tunnel' -c %s" % (SERVICENAME) ,shell=True, universal_newlines=True) + isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep 'autossh-tunnel' -c %s" % (SERVICENAME)) print(isRunning) - if int(str(isRunning)) > 1: + if int(isRunning) > 1: print("already ON - run 'internet.sshtunnel.py off' first") sys.exit(1) From 31a09f389e5004c6f0dd983824e77ea134883dc2 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 22:17:30 +0100 Subject: [PATCH 40/67] fix grep --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 5619ff2..15b7ab4 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -55,7 +55,7 @@ if sys.argv[1] == "restore": if sys.argv[1] == "on": # check if already running - isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep 'autossh-tunnel' -c %s" % (SERVICENAME)) + isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep '%s' -c" % (SERVICENAME)) print(isRunning) if int(isRunning) > 1: print("already ON - run 'internet.sshtunnel.py off' first") From 4c2d31620c975bafebd02d64c574705aa065185c Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 22:28:59 +0100 Subject: [PATCH 41/67] fix ssh ports value --- home.admin/config.scripts/internet.sshtunnel.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 15b7ab4..fd693e8 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -4,13 +4,13 @@ import sys, subprocess, re from pathlib import Path # IDEA: At the momemt its just Reverse-SSh Tunnels thats why [INTERNAL-PORT]<[EXTERNAL-PORT] -# For the future also just local ssh tunnels could be added with [INTERNAL-PORT]>[EXTERNAL-PORT] +# For the future also just local ssh tunnels could be added with [INTERNAL-PORT]-[EXTERNAL-PORT] # for the use case when a server wants to use a RaspiBlitz behind a NAT as Lightning backend # display config script info if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help": print("forward ports from another server to raspiblitz with reverse SSH tunnel") - print("internet.sshtunnel.py [on|off|restore] [USER]@[SERVER] [INTERNAL-PORT]<[EXTERNAL-PORT]") + print("internet.sshtunnel.py [on|off|restore] [USER]@[SERVER] \"[INTERNAL-PORT]<[EXTERNAL-PORT]\"") print("note that [INTERNAL-PORT]<[EXTERNAL-PORT] can one or multiple forwardings") sys.exit(1) @@ -56,9 +56,8 @@ if sys.argv[1] == "on": # check if already running isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep '%s' -c" % (SERVICENAME)) - print(isRunning) if int(isRunning) > 1: - print("already ON - run 'internet.sshtunnel.py off' first") + print("SSH TUNNEL ALREADY ACTIVATED - run 'internet.sshtunnel.py off' first to set new tunnel") sys.exit(1) # check server address @@ -72,8 +71,9 @@ if sys.argv[1] == "on": # genenate additional parameter for autossh (forwarding ports) if len(sys.argv) < 4: - print("[INTERNAL-PORT]<[EXTERNAL-PORT] missing - run 'internet.sshtunnel.py off' first") + print("[INTERNAL-PORT]<[EXTERNAL-PORT] missing") sys.exit(1) + ssh_ports="" additional_parameters="" i = 3 while i < len(sys.argv): @@ -94,11 +94,12 @@ if sys.argv[1] == "on": print("[INTERNAL-PORT]<[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) sys.exit(1) + ssh_ports = ssh_ports + "\"%s\" " % (sys.argv[i]) additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external,port_internal) i=i+1 # genenate additional parameter for autossh (server) - ssh_ports= additional_parameters.strip() + ssh_ports = ssh_ports.strip() additional_parameters= additional_parameters + ssh_server # generate custom service config From 27d78394f8732088ba63fff5e6526590142b2326 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 22:38:26 +0100 Subject: [PATCH 42/67] remove empty lines --- home.admin/config.scripts/internet.sshtunnel.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index fd693e8..2a94995 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -140,10 +140,10 @@ if sys.argv[1] == "on": if file_content.count("sshtunnel=") == 0: file_content = file_content+"\nsshtunnel=''" file_content = re.sub("sshtunnel=.*", "sshtunnel='%s %s'" % (ssh_server, ssh_ports), file_content) - file_content = re.sub("\n\n", "\n", file_content) + file_content = "".join([s for s in file_content.splitlines(True) if s.strip("\r\n")]) + "\n" print(file_content) with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: - text_file.write(file_content+"\n") + text_file.write(file_content) print("DONE") # make sure autossh is installed @@ -160,7 +160,9 @@ if sys.argv[1] == "on": # final info (can be ignored if run by other script) print() - print("*** OK - SSH TUNNEL SERVICE DONE SETUP ***") + print("**************************************") + print("*** WIN - SSH TUNNEL SERVICE SETUP ***") + print("**************************************") print("See chapter 'How to setup port-forwarding with a SSH tunnel?' in:") print("https://github.com/rootzoll/raspiblitz/blob/master/FAQ.md") print("- Tunnel service needs final reboot to start.") From 852c3fd80ce9b7882ae835aa2a7b27bce6e9659d Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Tue, 2 Apr 2019 22:39:09 +0100 Subject: [PATCH 43/67] updated FAQ --- FAQ.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/FAQ.md b/FAQ.md index 4b46bf7..41517c2 100644 --- a/FAQ.md +++ b/FAQ.md @@ -644,11 +644,11 @@ You can add those at the end of the file, save and reboot. On the RaspiBlitz you can then setup for example to forward the gRPC port 10009 (internal port) to the port 20009 on the public server (external port) with the user = `test` and server address = `raspiblitz.com` with the following command: -`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009<20009` +`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com "10009<20009"` You can even set multiple port forwardings like with: -`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com 10009<20009 8080<9090` +`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com "10009<20009" "8080<9090"` Please beware that after you set such a port forwarding you need to set the domain of the public server as a `DynamicDNS` name (leave update url empty) and then connect mobile wallets fresh or export again the macaroons/certs. When connecting the mobile wallets you may need to adjust ports manually after QR code scan. And if you SSH tunnel the LND node port `9735` you may also need to sun the custom LND port script and maybe also a manual set of the domain in the LND service is needed. This all is very experimental at the moment ... better integration will come in the future. From e780cfbe404940895313fdaaf2fb8a162ef0d22e Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 00:44:55 +0100 Subject: [PATCH 44/67] fix #462 --- home.admin/_bootstrap.provision.sh | 22 ++++++++++++------- .../config.scripts/internet.sshtunnel.py | 2 +- home.admin/config.scripts/lnd.setname.sh | 2 +- 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index 946530f..8b9cfef 100644 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -101,14 +101,6 @@ echo "" >> ${logFile} sudo sed -i "s/^message=.*/message='Setup System ..'/g" ${infoFile} /home/admin/90finishSetup.sh >> ${logFile} 2>&1 -# set the local network hostname -if [ ${#hostname} -gt 0 ]; then - echo "Setting new network hostname '$hostname'" >> ${logFile} - sudo raspi-config nonint do_hostname ${hostname} >> ${logFile} 2>&1 -else - echo "No hostname set." >> ${logFile} -fi - ########################## # PROVISIONING SERVICES ########################## @@ -225,6 +217,20 @@ echo "" >> ${logFile} sudo sed -i "s/^message=.*/message='Setup Done'/g" ${infoFile} +# set the local network hostname +# have at the end - see https://github.com/rootzoll/raspiblitz/issues/462 +if [ ${#hostname} -gt 0 ]; then + hostnameSanatized=$(echo "${hostname}"| tr -dc '[:alnum:]\n\r') + if [ ${#hostnameSanatized} -gt 0 ]; then + echo "Setting new network hostname '$hostnameSanatized'" >> ${logFile} + sudo raspi-config nonint do_hostname ${hostnameSanatized} >> ${logFile} 2>&1 + else + echo "WARNING: hostname in raspiblitz.conf contains just special chars" >> ${logFile} + fi +else + echo "No hostname set." >> ${logFile} +fi + echo "DONE - Give raspi some cool off time after hard building .... 20 secs sleep" >> ${logFile} sleep 20 diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 2a94995..c684bc9 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -55,7 +55,7 @@ if sys.argv[1] == "restore": if sys.argv[1] == "on": # check if already running - isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep '%s' -c" % (SERVICENAME)) + isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep -c '%s'" % (SERVICENAME)) if int(isRunning) > 1: print("SSH TUNNEL ALREADY ACTIVATED - run 'internet.sshtunnel.py off' first to set new tunnel") sys.exit(1) diff --git a/home.admin/config.scripts/lnd.setname.sh b/home.admin/config.scripts/lnd.setname.sh index eab11dd..2400983 100644 --- a/home.admin/config.scripts/lnd.setname.sh +++ b/home.admin/config.scripts/lnd.setname.sh @@ -17,7 +17,7 @@ if [ ${#newName} -eq 0 ]; then dialog --backtitle "Set LND Name/Alias" --inputbox "ENTER the new Name/Alias for LND node: (free to choose, one word, use basic characters) " 8 52 2>./.tmp - newName=$( cat ./.tmp ) + newName=$( cat ./.tmp | tr -dc '[:alnum:]\n\r' ) if [ ${#newName} -eq 0 ]; then echo "FAIL input cannot be empty" exit 1 From 1a6234f866321aca9bcbf775e993650b08877bec Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 01:34:42 +0100 Subject: [PATCH 45/67] #386 set custom LND port --- home.admin/config.scripts/lnd.setport.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/home.admin/config.scripts/lnd.setport.sh b/home.admin/config.scripts/lnd.setport.sh index e880f82..3b67558 100644 --- a/home.admin/config.scripts/lnd.setport.sh +++ b/home.admin/config.scripts/lnd.setport.sh @@ -1,6 +1,7 @@ #!/bin/bash # based on: https://github.com/rootzoll/raspiblitz/issues/100#issuecomment-465997126 +# based on: https://github.com/rootzoll/raspiblitz/issues/386 if [ $# -eq 0 ]; then echo "small config script set the port LND is running on" @@ -62,6 +63,16 @@ sudo systemctl disable lnd echo "change port in lnd config" sudo sed -i "s/^listen=.*/listen=0.0.0.0:${portnumber}/g" /mnt/hdd/lnd/lnd.conf +# add to raspiblitz.config (so it can survive update) +valueExists=$(sudo cat /mnt/hdd/raspiblitz.conf | grep -c 'customPortLND=') +if [ ${valueExists} -eq 0 ]; then + # add as new value + echo "customPortLND=${portnumber}" >> /mnt/hdd/raspiblitz.conf +else + # update existing value + sudo sed -i "s/^customPortLND=.*/customPortLND=${portnumber}/g" /mnt/hdd/raspiblitz.conf +fi + # editing service file echo "editing /etc/systemd/system/lnd.service" sudo sed -i "s/^ExecStart=\/usr\/local\/bin\/lnd.*/ExecStart=\/usr\/local\/bin\/lnd --externalip=\${publicIP}:${portnumber}/g" /etc/systemd/system/lnd.service From 88078e9a40bd98eecf9980f99586b1c9bf4aae21 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 02:58:10 +0100 Subject: [PATCH 46/67] #386 set external lndAddress --- home.admin/40addHDD.sh | 2 +- home.admin/_background.sh | 8 +- home.admin/_bootstrap.sh | 77 +++++++++++++------ home.admin/assets/lnd.service | 2 +- .../config.scripts/internet.sshtunnel.py | 14 ++++ home.admin/config.scripts/lnd.setport.sh | 8 +- 6 files changed, 78 insertions(+), 33 deletions(-) diff --git a/home.admin/40addHDD.sh b/home.admin/40addHDD.sh index 864e92a..b273368 100755 --- a/home.admin/40addHDD.sh +++ b/home.admin/40addHDD.sh @@ -87,7 +87,7 @@ if [ ${existsHDD} -gt 0 ]; then echo "WARNING: No publicIP information at all yet - working with placeholder : ${localIP}" freshPublicIP="${localIP}" fi - echo "publicIP=${freshPublicIP}" >> $configFile + echo "publicIP='${freshPublicIP}'" >> $configFile fi diff --git a/home.admin/_background.sh b/home.admin/_background.sh index 35204b5..ed785f3 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -87,6 +87,10 @@ do # every 15min - not too often # because its a ping to external service recheckPublicIP=$((($counter % 900)+1)) + # prevent when lndAddress is set + if [ ${#lndAddress} -gt 3 ]; then + recheckPublicIP=0 + fi updateDynDomain=0 if [ ${recheckPublicIP} -eq 1 ]; then echo "*** RECHECK PUBLIC IP ***" @@ -120,8 +124,8 @@ do # 1) update config file echo "update config value" - sed -i "s/^publicIP=.*/publicIP=${freshPublicIP}/g" ${configFile} - publicIP=${freshPublicIP} + sed -i "s/^publicIP=.*/publicIP='${freshPublicIP}'/g" ${configFile} + publicIP='${freshPublicIP}' # 2) only restart LND if dynDNS is activated # because this signals that user wants "public node" diff --git a/home.admin/_bootstrap.sh b/home.admin/_bootstrap.sh index 456b5eb..66ef549 100644 --- a/home.admin/_bootstrap.sh +++ b/home.admin/_bootstrap.sh @@ -302,38 +302,65 @@ echo "Check if HDD contains configuration .." >> $logFile configExists=$(ls ${configFile} | grep -c '.conf') if [ ${configExists} -eq 1 ]; then + # make sure lndAddress & lndPort exist + valueExists=$(cat ${configFile} | grep -c 'lndPort=') + if [ ${valueExists} -eq 0 ]; then + lndPort=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep "^listen=*" | cut -f2 -d':') + if [ ${#lndPort} -eq 0 ]; then + lndPort="9735" + fi + echo "lndPort='${lndPort}'" >> ${configFile} + fi + valueExists=$(cat ${configFile} | grep -c 'lndAddress=') + if [ ${valueExists} -eq 0 ]; then + echo "lndAddress=''" >> ${configFile} + fi + # load values echo "load and update publicIP" >> $logFile source ${configFile} + freshPublicIP="" + + # determine the publicIP/domain that LND should announce + if [ ${#lndAddress} -gt 3 ]; then + + # use domain as PUBLICIP + freshPublicIP="${lndAddress}" - # update public IP on boot - # wait otherwise looking for publicIP fails - sleep 5 - freshPublicIP=$(curl -s http://v4.ipv6-test.com/api/myip.php) - - # sanity check on IP data - # see https://github.com/rootzoll/raspiblitz/issues/371#issuecomment-472416349 - echo "-> sanity check of IP data: ${freshPublicIP}" - if [[ $freshPublicIP =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$ ]]; then - echo "OK IPv6" - elif [[ $freshPublicIP =~ ^([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ ]]; then - echo "OK IPv4" else - echo "FAIL - not an IPv4 or IPv6 address" - freshPublicIP="" - fi - if [ ${#freshPublicIP} -eq 0 ]; then - # prevent having no publicIP set at all and LND getting stuck - # https://github.com/rootzoll/raspiblitz/issues/312#issuecomment-462675101 - if [ ${#publicIP} -eq 0 ]; then - localIP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') - echo "WARNING: No publicIP information at all - working with placeholder: ${localIP}" >> $logFile - freshPublicIP="${localIP}" + # update public IP on boot + # wait otherwise looking for publicIP fails + sleep 5 + freshPublicIP=$(curl -s http://v4.ipv6-test.com/api/myip.php) + + # sanity check on IP data + # see https://github.com/rootzoll/raspiblitz/issues/371#issuecomment-472416349 + echo "-> sanity check of IP data: ${freshPublicIP}" + if [[ $freshPublicIP =~ ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$ ]]; then + echo "OK IPv6" + elif [[ $freshPublicIP =~ ^([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ ]]; then + echo "OK IPv4" + else + echo "FAIL - not an IPv4 or IPv6 address" + freshPublicIP="" fi + + if [ ${#freshPublicIP} -eq 0 ]; then + # prevent having no publicIP set at all and LND getting stuck + # https://github.com/rootzoll/raspiblitz/issues/312#issuecomment-462675101 + if [ ${#publicIP} -eq 0 ]; then + localIP=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + echo "WARNING: No publicIP information at all - working with placeholder: ${localIP}" >> $logFile + freshPublicIP="${localIP}" + fi + fi + fi + + # set publicip value in raspiblitz.conf if [ ${#freshPublicIP} -eq 0 ]; then - echo "WARNING: Was not able to determine external IP on startup." >> $logFile + echo "WARNING: Was not able to determine external IP/domain on startup." >> $logFile else publicIPValueExists=$( sudo cat ${configFile} | grep -c 'publicIP=' ) if [ ${publicIPValueExists} -gt 1 ]; then @@ -344,10 +371,10 @@ if [ ${configExists} -eq 1 ]; then fi if [ ${publicIPValueExists} -eq 0 ]; then echo "create value (${freshPublicIP})" >> $logFile - echo "publicIP=${freshPublicIP}" >> $configFile + echo "publicIP='${freshPublicIP}'" >> $configFile else echo "update value (${freshPublicIP})" >> $logFile - sed -i "s/^publicIP=.*/publicIP=${freshPublicIP}/g" ${configFile} + sed -i "s/^publicIP=.*/publicIP='${freshPublicIP}'/g" ${configFile} fi fi diff --git a/home.admin/assets/lnd.service b/home.admin/assets/lnd.service index 6af4d7a..5d44255 100644 --- a/home.admin/assets/lnd.service +++ b/home.admin/assets/lnd.service @@ -10,7 +10,7 @@ After=bitcoind.service [Service] EnvironmentFile=/mnt/hdd/raspiblitz.conf -ExecStart=/usr/local/bin/lnd --externalip=${publicIP} +ExecStart=/usr/local/bin/lnd --externalip=${publicIP}:{lndPort} PIDFile=/home/bitcoin/.lnd/lnd.pid User=bitcoin Group=bitcoin diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index c684bc9..7e19fe1 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -37,6 +37,11 @@ StandardOutput=journal WantedBy=multi-user.target """ +# get LND port form lnd.conf +LNDPORT = subprocess.getoutput("sudo cat /mnt/hdd/lnd/lnd.conf | grep '^listen=*' | cut -f2 -d':'") +if len(LNDPORT) == 0: + LNDPORT="9735" + # # RESTORE = SWITCHING ON with restore flag on # on restore other external scripts dont need calling @@ -93,6 +98,11 @@ if sys.argv[1] == "on": if port_external.isdigit() == False: print("[INTERNAL-PORT]<[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) sys.exit(1) + if port_internal == LNDPORT: + if port_internal != port_external: + print("FAIL: When tunneling your local LND port '%s' it needs to be the same on the external server, but is '%s'" % (LNDPORT,port_external)) + print("Try again by using the same port. If you cant change the external port, change local LND port with: /home/config.scripts/lnd.setport.sh") + sys.exit(1) ssh_ports = ssh_ports + "\"%s\" " % (sys.argv[i]) additional_parameters= additional_parameters + "-R %s:localhost:%s " % (port_external,port_internal) @@ -140,6 +150,9 @@ if sys.argv[1] == "on": if file_content.count("sshtunnel=") == 0: file_content = file_content+"\nsshtunnel=''" file_content = re.sub("sshtunnel=.*", "sshtunnel='%s %s'" % (ssh_server, ssh_ports), file_content) + if restoringOnUpdate == False: + serverdomain=ssh_server.split("@")[1] + file_content = re.sub("lndAddress=.*", "lndAddress='%s'" % (serverdomain), file_content) file_content = "".join([s for s in file_content.splitlines(True) if s.strip("\r\n")]) + "\n" print(file_content) with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: @@ -189,6 +202,7 @@ elif sys.argv[1] == "off": with open('/mnt/hdd/raspiblitz.conf') as f: file_content = f.read() file_content = re.sub("sshtunnel=.*", "", file_content) + file_content = re.sub("lndAddress=.*", "lndAddress=''", file_content) file_content = re.sub("\n\n", "\n", file_content) print(file_content) with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: diff --git a/home.admin/config.scripts/lnd.setport.sh b/home.admin/config.scripts/lnd.setport.sh index 3b67558..c3c8d90 100644 --- a/home.admin/config.scripts/lnd.setport.sh +++ b/home.admin/config.scripts/lnd.setport.sh @@ -64,18 +64,18 @@ echo "change port in lnd config" sudo sed -i "s/^listen=.*/listen=0.0.0.0:${portnumber}/g" /mnt/hdd/lnd/lnd.conf # add to raspiblitz.config (so it can survive update) -valueExists=$(sudo cat /mnt/hdd/raspiblitz.conf | grep -c 'customPortLND=') +valueExists=$(sudo cat /mnt/hdd/raspiblitz.conf | grep -c 'lndPort=') if [ ${valueExists} -eq 0 ]; then # add as new value - echo "customPortLND=${portnumber}" >> /mnt/hdd/raspiblitz.conf + echo "lndPort=${portnumber}" >> /mnt/hdd/raspiblitz.conf else # update existing value - sudo sed -i "s/^customPortLND=.*/customPortLND=${portnumber}/g" /mnt/hdd/raspiblitz.conf + sudo sed -i "s/^lndPort=.*/lndPort=${portnumber}/g" /mnt/hdd/raspiblitz.conf fi # editing service file echo "editing /etc/systemd/system/lnd.service" -sudo sed -i "s/^ExecStart=\/usr\/local\/bin\/lnd.*/ExecStart=\/usr\/local\/bin\/lnd --externalip=\${publicIP}:${portnumber}/g" /etc/systemd/system/lnd.service +sudo sed -i "s/^ExecStart=\/usr\/local\/bin\/lnd.*/ExecStart=\/usr\/local\/bin\/lnd --externalip=\${publicIP}:\${lndPort}/g" /etc/systemd/system/lnd.service # enable service again echo "enable service again" From 7c9d9272b60b18c2c916f1cda4b1629c4b553678 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 03:01:11 +0100 Subject: [PATCH 47/67] #446 removed constant output --- home.admin/_background.sh | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/home.admin/_background.sh b/home.admin/_background.sh index ed785f3..a5aca8c 100644 --- a/home.admin/_background.sh +++ b/home.admin/_background.sh @@ -169,11 +169,8 @@ do passwordC=$(sudo cat /root/lnd.autounlock.pwd) command="sudo python /home/admin/config.scripts/lnd.unlock.py '${passwordC}'" bash -c "${command}" - else - echo "lncli says not locked" + fi - else - echo "auto-unlock is OFF" fi fi From fe291635287878a4da57f95d9637cf67902708fd Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 03:32:58 +0100 Subject: [PATCH 48/67] #386 script for setting external IP/Domain --- home.admin/config.scripts/lnd.setaddress.sh | 98 +++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100755 home.admin/config.scripts/lnd.setaddress.sh diff --git a/home.admin/config.scripts/lnd.setaddress.sh b/home.admin/config.scripts/lnd.setaddress.sh new file mode 100755 index 0000000..726bfcc --- /dev/null +++ b/home.admin/config.scripts/lnd.setaddress.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +# command info +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "small config script to set a fixed domain or IP for LND" + echo "internet.dyndomain.sh [domain|ip|off] [?address]" + exit 1 +fi + +# 1. parameter [domain|ip|off] +mode="$1" + +echo "number of args($#)" + +# config file +configFile="/mnt/hdd/raspiblitz.conf" + +# lnd conf file +lndConfig="/mnt/hdd/lnd/lnd.conf" + +# check if config file exists +configExists=$(ls ${configFile} | grep -c '.conf') +if [ ${configExists} -eq 0 ]; then + echo "FAIL - missing ${configFile}" + exit 1 +fi + +# FIXED DOMAIN +if [ "${mode}" = "domain" ]; then + + address=$2 + if [ ${#address} -eq 0 ]; then + echo "missing parameter" + exit(1) + fi + + echo "switching fixed LND Domain ON" + echo "address(${address})" + + # setting value in raspi blitz config + sudo sed -i "s/^lndAddress=.*/lndAddress='${address}'/g" /mnt/hdd/raspiblitz.conf + + echo "changing lnd.conf" + + # lnd.conf: uncomment tlsextradomain (just if it is still uncommented) + sudo sed -i "s/^#tlsextradomain=.*/tlsextradomain=/g" /mnt/hdd/lnd/lnd.conf + + # lnd.conf: domain value + sudo sed -i "s/^tlsextradomain=.*/tlsextradomain=${address}/g" /mnt/hdd/lnd/lnd.conf + + # refresh TLS cert + sudo /home/admin/config.scripts/lnd.newtlscert.sh + + echo "fixedAddress is now ON" +fi + +# FIXED IP +if [ "${mode}" = "ip" ]; then + + address=$2 + if [ ${#address} -eq 0 ]; then + echo "missing parameter" + exit(1) + fi + + echo "switching fixed LND IP ON" + echo "address(${address})" + + # setting value in raspi blitz config + sudo sed -i "s/^lndAddress=.*/lndAddress='${address}'/g" /mnt/hdd/raspiblitz.conf + + echo "fixedAddress is now ON" +fi + +# switch off +if [ "${mode}" = "off" ]; then + echo "switching fixedAddress OFF" + + # stop services + echo "making sure services are not running" + sudo systemctl stop lnd 2>/dev/null + + # setting value in raspi blitz config + sudo sed -i "s/^lndAddress=.*/lndAddress=/g" /mnt/hdd/raspiblitz.conf + + echo "changing lnd.conf" + + # lnd.conf: comment tlsextradomain out + sudo sed -i "s/^tlsextradomain=.*/#tlsextradomain=/g" /mnt/hdd/lnd/lnd.conf + + # refresh TLS cert + sudo /home/admin/config.scripts/lnd.newtlscert.sh + + echo "fixedAddress is now OFF" +fi + +echo "may needs reboot to run normal again" +exit 0 \ No newline at end of file From 5f5ba7e76e9a826b0f2c8d76172b984ff7861a4e Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 03:48:35 +0100 Subject: [PATCH 49/67] set lnd adress on ssh tunnel --- .../config.scripts/internet.sshtunnel.py | 15 ++++++++-- home.admin/config.scripts/lnd.setaddress.sh | 29 +++++-------------- 2 files changed, 20 insertions(+), 24 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 7e19fe1..5120251 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -47,6 +47,7 @@ if len(LNDPORT) == 0: # on restore other external scripts dont need calling # +forwardingLND = False restoringOnUpdate = False if sys.argv[1] == "restore": print("internet.sshtunnel.py -> running with restore flag") @@ -99,6 +100,7 @@ if sys.argv[1] == "on": print("[INTERNAL-PORT]<[EXTERNAL-PORT] external not number '%s'" % (sys.argv[i])) sys.exit(1) if port_internal == LNDPORT: + forwardingLND = True if port_internal != port_external: print("FAIL: When tunneling your local LND port '%s' it needs to be the same on the external server, but is '%s'" % (LNDPORT,port_external)) print("Try again by using the same port. If you cant change the external port, change local LND port with: /home/config.scripts/lnd.setport.sh") @@ -152,7 +154,13 @@ if sys.argv[1] == "on": file_content = re.sub("sshtunnel=.*", "sshtunnel='%s %s'" % (ssh_server, ssh_ports), file_content) if restoringOnUpdate == False: serverdomain=ssh_server.split("@")[1] - file_content = re.sub("lndAddress=.*", "lndAddress='%s'" % (serverdomain), file_content) + # setting server on DynDomain for all other ports + print("Setting server domain for service dyndomain") + subprocess.call("sudo /home/admin/config.scripts/internet.dyndomain.sh on %s" % (serverdomain), shell=True) + if forwardingLND: + # setting server explicitly on LND if LND port is forwarded + print("Setting server domain for LND Port") + subprocess.call("sudo /home/admin/config.scripts/lnd.setadress.sh on %s" % (serverdomain), shell=True) file_content = "".join([s for s in file_content.splitlines(True) if s.strip("\r\n")]) + "\n" print(file_content) with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: @@ -198,11 +206,14 @@ elif sys.argv[1] == "off": print("OK Done") print() + print("*** Removing LND Address") + subprocess.call("sudo /home/admin/config.scripts/lnd.setadress.sh off", shell=True) + print() + print("*** Removing SSH Tunnel data from RaspiBlitz config") with open('/mnt/hdd/raspiblitz.conf') as f: file_content = f.read() file_content = re.sub("sshtunnel=.*", "", file_content) - file_content = re.sub("lndAddress=.*", "lndAddress=''", file_content) file_content = re.sub("\n\n", "\n", file_content) print(file_content) with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: diff --git a/home.admin/config.scripts/lnd.setaddress.sh b/home.admin/config.scripts/lnd.setaddress.sh index 726bfcc..47fc3b2 100755 --- a/home.admin/config.scripts/lnd.setaddress.sh +++ b/home.admin/config.scripts/lnd.setaddress.sh @@ -1,13 +1,16 @@ #!/bin/bash +# INFO : Does not need to be part of update/provision, because +# all data is already on HDD ready + # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "small config script to set a fixed domain or IP for LND" - echo "internet.dyndomain.sh [domain|ip|off] [?address]" + echo "internet.dyndomain.sh [on|off] [?address]" exit 1 fi -# 1. parameter [domain|ip|off] +# 1. parameter [on|off] mode="$1" echo "number of args($#)" @@ -25,8 +28,8 @@ if [ ${configExists} -eq 0 ]; then exit 1 fi -# FIXED DOMAIN -if [ "${mode}" = "domain" ]; then +# FIXED DOMAIN/IP +if [ "${mode}" = "on" ]; then address=$2 if [ ${#address} -eq 0 ]; then @@ -54,24 +57,6 @@ if [ "${mode}" = "domain" ]; then echo "fixedAddress is now ON" fi -# FIXED IP -if [ "${mode}" = "ip" ]; then - - address=$2 - if [ ${#address} -eq 0 ]; then - echo "missing parameter" - exit(1) - fi - - echo "switching fixed LND IP ON" - echo "address(${address})" - - # setting value in raspi blitz config - sudo sed -i "s/^lndAddress=.*/lndAddress='${address}'/g" /mnt/hdd/raspiblitz.conf - - echo "fixedAddress is now ON" -fi - # switch off if [ "${mode}" = "off" ]; then echo "switching fixedAddress OFF" From beb1e33a7f03e319602e67349250facd80deb05c Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 03:53:33 +0100 Subject: [PATCH 50/67] fix script call --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 5120251..a7ebc9d 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -160,7 +160,7 @@ if sys.argv[1] == "on": if forwardingLND: # setting server explicitly on LND if LND port is forwarded print("Setting server domain for LND Port") - subprocess.call("sudo /home/admin/config.scripts/lnd.setadress.sh on %s" % (serverdomain), shell=True) + subprocess.call("sudo /home/admin/config.scripts/lnd.setaddress.sh on %s" % (serverdomain), shell=True) file_content = "".join([s for s in file_content.splitlines(True) if s.strip("\r\n")]) + "\n" print(file_content) with open("/mnt/hdd/raspiblitz.conf", "w") as text_file: From 1cc3b88f10763efbd291b2478d8b3789c419db30 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 03:58:40 +0100 Subject: [PATCH 51/67] fix exit --- home.admin/config.scripts/lnd.setaddress.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/lnd.setaddress.sh b/home.admin/config.scripts/lnd.setaddress.sh index 47fc3b2..0487394 100755 --- a/home.admin/config.scripts/lnd.setaddress.sh +++ b/home.admin/config.scripts/lnd.setaddress.sh @@ -34,7 +34,7 @@ if [ "${mode}" = "on" ]; then address=$2 if [ ${#address} -eq 0 ]; then echo "missing parameter" - exit(1) + exit 1 fi echo "switching fixed LND Domain ON" From 336fe31fd0fc5f5bf63bae1e5330b5912f1420f3 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 04:37:46 +0100 Subject: [PATCH 52/67] lnd port update --- home.admin/_bootstrap.provision.sh | 4 +++- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index 8b9cfef..9c49b5e 100644 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -165,7 +165,9 @@ fi # CUSTOM PORT echo "Provisioning LND Port" >> ${logFile} -lndPort=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep "^listen=*" | cut -f2 -d':') +if [ ${#lndPort} -eq 0 ]; then + lndPort=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep "^listen=*" | cut -f2 -d':') +fi if [ ${#lndPort} -gt 0 ]; then if [ "${lndPort}" != "9735" ]; then echo "User is running custom LND port: ${lndPort}" >> ${logFile} diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index a7ebc9d..e96b6df 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -103,7 +103,7 @@ if sys.argv[1] == "on": forwardingLND = True if port_internal != port_external: print("FAIL: When tunneling your local LND port '%s' it needs to be the same on the external server, but is '%s'" % (LNDPORT,port_external)) - print("Try again by using the same port. If you cant change the external port, change local LND port with: /home/config.scripts/lnd.setport.sh") + print("Try again by using the same port. If you cant change the external port, change local LND port with: /home/admin/config.scripts/lnd.setport.sh") sys.exit(1) ssh_ports = ssh_ports + "\"%s\" " % (sys.argv[i]) From cc3486d1b2a14c2db665beed6aa0e452a4fd3c67 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 12:47:41 +0100 Subject: [PATCH 53/67] #484 consider sshtunnel forwarding --- home.admin/97addMobileWalletZap.sh | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/home.admin/97addMobileWalletZap.sh b/home.admin/97addMobileWalletZap.sh index 5d2dd0a..e8ee4b0 100755 --- a/home.admin/97addMobileWalletZap.sh +++ b/home.admin/97addMobileWalletZap.sh @@ -79,14 +79,31 @@ read key clear echo "*** PAIRING STEP 2 : Click on Scan (make whole QR code fill camera) ***" -if [ ${#dynDomain} -eq 0 ]; then - # If you drop the -i parameter, lndconnect will use the external IP. - lndconnect -i -else - # when dynamic domain is set - lndconnect --host=${dynDomain} +# default host to local IP +host=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') +# default port to 10009 +port="10009" + +# change host to dynDNS if set +if [ ${#dynDomain} -gt 0 ]; then + host="${dynDomain}" + echo "port 10009 forwarding from dynDomain ${host}" fi +# check if port 10009 is forwarded +if [ ${#sshtunnel} -gt 0 ]; then + isForwarded=$(echo "${sshtunnel}" | grep -c "10009<") + if [ ${isForwarded} -gt 0 ]; then + host=$(echo $sshtunnel | cut -d '@' -f2 | cut -d ' ' -f1) + port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | sed 's/[^0-9]//g') + echo "port 10009 forwarding from port ${port} from server ${host}" + else + echo "port 10009 is not part of the ssh forwarding - keep default port 10009" + fi +fi + +lndconnect --host=${host} --port=${port} + echo "(To shrink QR code: OSX->CMD- / LINUX-> CTRL-) Press ENTER when finished." read key From e19588178be61697ec284d11ff590b4bf9acee24 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 13:07:25 +0100 Subject: [PATCH 54/67] update just local detection --- README.md | 5 ++++- home.admin/97addMobileWallet.sh | 26 ++++++++++++++++++++++---- home.admin/97addMobileWalletZap.sh | 2 +- 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2e704a2..a485450 100644 --- a/README.md +++ b/README.md @@ -384,12 +384,15 @@ To do so you can register at an DynamicDomain service like freedns.afraid.org an * 8333 (Bitcoin/mainnet) * 9735 (LND Node) -* 10009 (LND RPC) +* 10009 (LND RPC) +* 8080 (LND REST API) ... from your internet router to the local IP of your RaspiBlitz and then activate unter "Services" the "DynamicDNS" option. You will be asked for your dynamic domain name such like "mynode.crabdance.org" and you can also optionally set an URL that will be called regularly to update your routers IP with the dynnamic domain service. At freedns.afraid.org this URL is called "Direct URL" under the menu "Dynamic DNS" once you added one. +*NOTE: DynamicDNS just works if you can forward ports on your router and you have a temporary public IP address (your ISP is not running you behind a NAT - like on most mobile connections). Another solution to make your ports reachable from the public internet is to use reverse ssh tunneling - see FAQ on ['How to setup port-forwarding with a SSH tunnel?'](FAQ.md#how-to-setup-port-forwarding-with-a-ssh-tunnel)* + ##### Run behind TOR You can run your Bitcoin- and Lightning-Node as a TOR hidden service - replacing your IP with an .onion-address diff --git a/home.admin/97addMobileWallet.sh b/home.admin/97addMobileWallet.sh index 0d53805..71fa27f 100644 --- a/home.admin/97addMobileWallet.sh +++ b/home.admin/97addMobileWallet.sh @@ -4,19 +4,37 @@ source /home/admin/raspiblitz.info source /mnt/hdd/raspiblitz.conf +justLocal=1 + +# if dynDomain is set connect from outside is possible (no notice) +if [ ${#dynDomain} -gt 0 ]; then + justLocal=0 +fi + +# if sshtunnel to 10009/8080 then outside reach is possible (no notice) +isForwarded=$(echo ${sshtunnel} | grep -c "10009<") +if [ ${isForwarded} -gt 0 ]; then + justLocal=0 +fi +isForwarded=$(echo ${sshtunnel} | grep -c "8080<") +if [ ${isForwarded} -gt 0 ]; then + justLocal=0 +fi + # check if dynamic domain is set -if [ ${#dynDomain} -eq 0 ]; then +if [ ${justLocal} -eq 1 ]; then dialog --title " Just Local Network? " --yesno "If you want to connect with your RaspiBlitz also from outside your local network you need to -activate 'Services' -> 'DynamicDNS' FIRST. +activate 'Services' -> 'DynamicDNS' FIRST. +Or use SSH tunnel forwarding for port 10009. For more details see chapter in GitHub README -'Public Domain with DynamicDNS' +on the service 'DynamicDNS' https://github.com/rootzoll/raspiblitz Do you JUST want to connect with your mobile when your are on the same LOCAL NETWORK? -" 14 54 +" 15 54 response=$? case $response in 1) exit ;; diff --git a/home.admin/97addMobileWalletZap.sh b/home.admin/97addMobileWalletZap.sh index e8ee4b0..6d8bea2 100755 --- a/home.admin/97addMobileWalletZap.sh +++ b/home.admin/97addMobileWalletZap.sh @@ -92,7 +92,7 @@ fi # check if port 10009 is forwarded if [ ${#sshtunnel} -gt 0 ]; then - isForwarded=$(echo "${sshtunnel}" | grep -c "10009<") + isForwarded=$(echo ${sshtunnel} | grep -c "10009<") if [ ${isForwarded} -gt 0 ]; then host=$(echo $sshtunnel | cut -d '@' -f2 | cut -d ' ' -f1) port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | sed 's/[^0-9]//g') From aae91fcb2771d677c64192cadb72237201114881 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 13:16:47 +0100 Subject: [PATCH 55/67] fix running detection --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index e96b6df..2d66ae0 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -62,7 +62,7 @@ if sys.argv[1] == "on": # check if already running isRunning = subprocess.getoutput("sudo systemctl --no-pager | grep -c '%s'" % (SERVICENAME)) - if int(isRunning) > 1: + if int(isRunning) > 0: print("SSH TUNNEL ALREADY ACTIVATED - run 'internet.sshtunnel.py off' first to set new tunnel") sys.exit(1) From f7375d76b4a15cae6a966f1e49def374948553ca Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 14:26:09 +0100 Subject: [PATCH 56/67] tls alias and cert update --- home.admin/config.scripts/internet.sshtunnel.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 2d66ae0..e81f8dc 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -154,9 +154,11 @@ if sys.argv[1] == "on": file_content = re.sub("sshtunnel=.*", "sshtunnel='%s %s'" % (ssh_server, ssh_ports), file_content) if restoringOnUpdate == False: serverdomain=ssh_server.split("@")[1] - # setting server on DynDomain for all other ports - print("Setting server domain for service dyndomain") - subprocess.call("sudo /home/admin/config.scripts/internet.dyndomain.sh on %s" % (serverdomain), shell=True) + # make sure serverdomain is set as tls alias + print("Setting server as tls alias and generating new certs") + subprocess.call("sudo sed -i \"s/^#tlsextradomain=.*/tlsextradomain=/g\" /mnt/hdd/lnd/lnd.conf") + subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%$/g\" /mnt/hdd/lnd/lnd.conf" % (serverdomain)) + subprocess.call("sudo /home/admin/config.scripts/lnd.newtlscert.sh", shell=True) if forwardingLND: # setting server explicitly on LND if LND port is forwarded print("Setting server domain for LND Port") From c52e5fd6e149f976b8394813f4213cba5ea9d9e4 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 14:35:37 +0100 Subject: [PATCH 57/67] subprocess --- home.admin/config.scripts/internet.sshtunnel.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index e81f8dc..4bce782 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -156,8 +156,8 @@ if sys.argv[1] == "on": serverdomain=ssh_server.split("@")[1] # make sure serverdomain is set as tls alias print("Setting server as tls alias and generating new certs") - subprocess.call("sudo sed -i \"s/^#tlsextradomain=.*/tlsextradomain=/g\" /mnt/hdd/lnd/lnd.conf") - subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%$/g\" /mnt/hdd/lnd/lnd.conf" % (serverdomain)) + subprocess.call("sudo sed -i \"s/^#tlsextradomain=.*/tlsextradomain=/g\" /mnt/hdd/lnd/lnd.conf", shell=True) + subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%$/g\" /mnt/hdd/lnd/lnd.conf" % (serverdomain), shell=True) subprocess.call("sudo /home/admin/config.scripts/lnd.newtlscert.sh", shell=True) if forwardingLND: # setting server explicitly on LND if LND port is forwarded From 05e7af25bda836b8734520b4d2763e77e3840a5d Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 14:38:31 +0100 Subject: [PATCH 58/67] fix invalid char --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 4bce782..47b3f23 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -157,7 +157,7 @@ if sys.argv[1] == "on": # make sure serverdomain is set as tls alias print("Setting server as tls alias and generating new certs") subprocess.call("sudo sed -i \"s/^#tlsextradomain=.*/tlsextradomain=/g\" /mnt/hdd/lnd/lnd.conf", shell=True) - subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%$/g\" /mnt/hdd/lnd/lnd.conf" % (serverdomain), shell=True) + subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%/g\" /mnt/hdd/lnd/lnd.conf" % (serverdomain), shell=True) subprocess.call("sudo /home/admin/config.scripts/lnd.newtlscert.sh", shell=True) if forwardingLND: # setting server explicitly on LND if LND port is forwarded From 1c2f9b2552096553feae48af5cb9374b111c4515 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 14:40:29 +0100 Subject: [PATCH 59/67] fix string insert --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 47b3f23..4924a14 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -157,7 +157,7 @@ if sys.argv[1] == "on": # make sure serverdomain is set as tls alias print("Setting server as tls alias and generating new certs") subprocess.call("sudo sed -i \"s/^#tlsextradomain=.*/tlsextradomain=/g\" /mnt/hdd/lnd/lnd.conf", shell=True) - subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%/g\" /mnt/hdd/lnd/lnd.conf" % (serverdomain), shell=True) + subprocess.call("sudo sed -i \"s/^tlsextradomain=.*/tlsextradomain=%s/g\" /mnt/hdd/lnd/lnd.conf" % (serverdomain), shell=True) subprocess.call("sudo /home/admin/config.scripts/lnd.newtlscert.sh", shell=True) if forwardingLND: # setting server explicitly on LND if LND port is forwarded From 7455af220a16ebacc7a9daad052ba0a884b66d2b Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 14:47:07 +0100 Subject: [PATCH 60/67] #484 consider tunnel forwarding Shango --- home.admin/97addMobileWalletShango.sh | 46 ++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 8 deletions(-) diff --git a/home.admin/97addMobileWalletShango.sh b/home.admin/97addMobileWalletShango.sh index 2d85f70..14bd940 100644 --- a/home.admin/97addMobileWalletShango.sh +++ b/home.admin/97addMobileWalletShango.sh @@ -9,12 +9,19 @@ clear echo "*** Setup ***" sudo apt-get install qrencode -y -# get local IP -myip=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') - -# replace dyndomain if available -if [ ${#dynDomain} -gt 0 ]; then - myip="${dynDomain}" +justLocal=1 +# if dynDomain is set connect from outside is possible (no notice) +if [ ${#dynDomain} -gt 0 ]; then + justLocal=0 +fi +# if sshtunnel to 10009/8080 then outside reach is possible (no notice) +isForwarded=$(echo ${sshtunnel} | grep -c "10009<") +if [ ${isForwarded} -gt 0 ]; then + justLocal=0 +fi +isForwarded=$(echo ${sshtunnel} | grep -c "8080<") +if [ ${isForwarded} -gt 0 ]; then + justLocal=0 fi clear @@ -28,7 +35,7 @@ echo "iOS: Read https://testflight.apple.com/join/WwCjFnS8 (open on device)" echo "Android: https://play.google.com/apps/testing/com.shango (open on device)" echo "" echo "*** STEP 1 ***" -if [ ${#dynDomain} -eq 0 ]; then +if [ ${justLocal} -eq 1 ]; then echo "Once you have the app is running make sure you are on the same local network (WLAN same as LAN)." fi echo "On Setup Step 'Choose LND Server Type' connect to 'DIY SELF HOSTED'" @@ -40,10 +47,33 @@ echo "Make the this terminal as big as possible - fullscreen would be best." echo "Then PRESS ENTER here in the terminal to generare the QR code and scan it with the app." read key +# default host to local IP +host=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') +# default port to 10009 +port="10009" + +# change host to dynDNS if set +if [ ${#dynDomain} -gt 0 ]; then + host="${dynDomain}" + echo "port 10009 forwarding from dynDomain ${host}" +fi + +# check if port 10009 is forwarded +if [ ${#sshtunnel} -gt 0 ]; then + isForwarded=$(echo ${sshtunnel} | grep -c "10009<") + if [ ${isForwarded} -gt 0 ]; then + host=$(echo $sshtunnel | cut -d '@' -f2 | cut -d ' ' -f1) + port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | sed 's/[^0-9]//g') + echo "port 10009 forwarding from port ${port} from server ${host}" + else + echo "port 10009 is not part of the ssh forwarding - keep default port 10009" + fi +fi + clear echo "*** STEP 2 : SCAN MACAROON (make whole QR code fill camera) ***" #echo -e "${myip}:10009,\n$(xxd -p -c2000 ~/.lnd/data/chain/${network}/${chain}net/admin.macaroon)," > qr.txt && qrencode -t ANSIUTF8 < qr.txt -echo -e "${myip}:10009,\n$(xxd -p -c2000 ./.lnd/data/chain/${network}/${chain}net/admin.macaroon)," > qr.txt && qrencode -t ANSI256 < qr.txt +echo -e "${host}:${port},\n$(xxd -p -c2000 ./.lnd/data/chain/${network}/${chain}net/admin.macaroon)," > qr.txt && qrencode -t ANSI256 < qr.txt echo "(To shrink QR code: OSX->CMD- / LINUX-> CTRL-) Press ENTER when finished." read key shred qr.txt From 793f6d3ddd4bc58a77737cc771592934cd7cc043 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 14:55:39 +0100 Subject: [PATCH 61/67] fix getting forward port --- home.admin/97addMobileWalletShango.sh | 5 +++-- home.admin/97addMobileWalletZap.sh | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/home.admin/97addMobileWalletShango.sh b/home.admin/97addMobileWalletShango.sh index 14bd940..bad539a 100644 --- a/home.admin/97addMobileWalletShango.sh +++ b/home.admin/97addMobileWalletShango.sh @@ -63,7 +63,7 @@ if [ ${#sshtunnel} -gt 0 ]; then isForwarded=$(echo ${sshtunnel} | grep -c "10009<") if [ ${isForwarded} -gt 0 ]; then host=$(echo $sshtunnel | cut -d '@' -f2 | cut -d ' ' -f1) - port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | sed 's/[^0-9]//g') + port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | cut -d ' ' -f1) echo "port 10009 forwarding from port ${port} from server ${host}" else echo "port 10009 is not part of the ssh forwarding - keep default port 10009" @@ -82,4 +82,5 @@ clear echo "Now press 'Connect' within the Shango Wallet." echo "If its not working - check issues on GitHub:" echo "https://github.com/neogeno/shango-lightning-wallet/issues" -echo "" \ No newline at end of file +echo "" + diff --git a/home.admin/97addMobileWalletZap.sh b/home.admin/97addMobileWalletZap.sh index 6d8bea2..a6a415b 100755 --- a/home.admin/97addMobileWalletZap.sh +++ b/home.admin/97addMobileWalletZap.sh @@ -95,7 +95,7 @@ if [ ${#sshtunnel} -gt 0 ]; then isForwarded=$(echo ${sshtunnel} | grep -c "10009<") if [ ${isForwarded} -gt 0 ]; then host=$(echo $sshtunnel | cut -d '@' -f2 | cut -d ' ' -f1) - port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | sed 's/[^0-9]//g') + port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | cut -d ' ' -f1) echo "port 10009 forwarding from port ${port} from server ${host}" else echo "port 10009 is not part of the ssh forwarding - keep default port 10009" From 8dc8175e255525a43830962133eced07cf678896 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 14:59:19 +0100 Subject: [PATCH 62/67] fix extraction forward port --- home.admin/97addMobileWalletShango.sh | 2 +- home.admin/97addMobileWalletZap.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/97addMobileWalletShango.sh b/home.admin/97addMobileWalletShango.sh index bad539a..f1409ff 100644 --- a/home.admin/97addMobileWalletShango.sh +++ b/home.admin/97addMobileWalletShango.sh @@ -63,7 +63,7 @@ if [ ${#sshtunnel} -gt 0 ]; then isForwarded=$(echo ${sshtunnel} | grep -c "10009<") if [ ${isForwarded} -gt 0 ]; then host=$(echo $sshtunnel | cut -d '@' -f2 | cut -d ' ' -f1) - port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | cut -d ' ' -f1) + port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | cut -d ' ' -f1 | sed 's/[^0-9]//g') echo "port 10009 forwarding from port ${port} from server ${host}" else echo "port 10009 is not part of the ssh forwarding - keep default port 10009" diff --git a/home.admin/97addMobileWalletZap.sh b/home.admin/97addMobileWalletZap.sh index a6a415b..26e21bd 100755 --- a/home.admin/97addMobileWalletZap.sh +++ b/home.admin/97addMobileWalletZap.sh @@ -95,7 +95,7 @@ if [ ${#sshtunnel} -gt 0 ]; then isForwarded=$(echo ${sshtunnel} | grep -c "10009<") if [ ${isForwarded} -gt 0 ]; then host=$(echo $sshtunnel | cut -d '@' -f2 | cut -d ' ' -f1) - port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | cut -d ' ' -f1) + port=$(echo $sshtunnel | awk '{split($0,a,"10009<"); print a[2]}' | cut -d ' ' -f1 | sed 's/[^0-9]//g') echo "port 10009 forwarding from port ${port} from server ${host}" else echo "port 10009 is not part of the ssh forwarding - keep default port 10009" From 0a7c2842df91ce2512fa79104467a3374534a5e8 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 15:06:52 +0100 Subject: [PATCH 63/67] fix removing lndAddress --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 4924a14..743df23 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -209,7 +209,7 @@ elif sys.argv[1] == "off": print() print("*** Removing LND Address") - subprocess.call("sudo /home/admin/config.scripts/lnd.setadress.sh off", shell=True) + subprocess.call("sudo /home/admin/config.scripts/lnd.setaddress.sh off", shell=True) print() print("*** Removing SSH Tunnel data from RaspiBlitz config") From d290d8613f41ae1d06f3502dd93023d839bb7816 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 18:59:56 +0100 Subject: [PATCH 64/67] clean port strings --- home.admin/_bootstrap.provision.sh | 2 +- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index 9c49b5e..5a318f8 100644 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -185,7 +185,7 @@ if [ "${#sshtunnel}" -gt 0 ]; then sudo sed -i "s/^message=.*/message='Setup SSH Tunnel'/g" ${infoFile} sudo /home/admin/config.scripts/internet.sshtunnel.py restore ${sshtunnel} >> ${logFile} 2>&1 else - echo "Provisioning SSH Tunnel - keep default" >> ${logFile} + echo "Provisioning SSH Tunnel - not active" >> ${logFile} fi # ROOT SSH KEYS diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index 743df23..e7fafa8 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -90,7 +90,7 @@ if sys.argv[1] == "on": sys.exit(1) # get ports - ports = sys.argv[i].split("<") + ports = re.sub('\W+','', sys.argv[i] ).split("<") port_internal = ports[0] port_external = ports[1] if port_internal.isdigit() == False: From d443101f3db3ee282050a6f2996ccdac6d786f55 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 19:04:18 +0100 Subject: [PATCH 65/67] fix bug on restore --- home.admin/config.scripts/internet.sshtunnel.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index e7fafa8..fd56dbe 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -90,7 +90,7 @@ if sys.argv[1] == "on": sys.exit(1) # get ports - ports = re.sub('\W+','', sys.argv[i] ).split("<") + ports = re.sub('"','', sys.argv[i] ).split("<") port_internal = ports[0] port_external = ports[1] if port_internal.isdigit() == False: From bdac3a626e0a9f9cf901a1fd1a1224661fb127bf Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 19:05:51 +0100 Subject: [PATCH 66/67] fix remove chars --- home.admin/config.scripts/internet.sshtunnel.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py index fd56dbe..e5be79a 100755 --- a/home.admin/config.scripts/internet.sshtunnel.py +++ b/home.admin/config.scripts/internet.sshtunnel.py @@ -90,7 +90,8 @@ if sys.argv[1] == "on": sys.exit(1) # get ports - ports = re.sub('"','', sys.argv[i] ).split("<") + sys.argv[i] = re.sub('"','', sys.argv[i] ) + ports = sys.argv[i].split("<") port_internal = ports[0] port_external = ports[1] if port_internal.isdigit() == False: From d5b0574cca49f6962049e42f8754aff079c82e40 Mon Sep 17 00:00:00 2001 From: Christian Rotzoll Date: Wed, 3 Apr 2019 23:13:42 +0100 Subject: [PATCH 67/67] move SSH key restore for SSH tunnel --- home.admin/_bootstrap.provision.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh index 5a318f8..f10bf42 100644 --- a/home.admin/_bootstrap.provision.sh +++ b/home.admin/_bootstrap.provision.sh @@ -179,15 +179,6 @@ else echo "Was not able to get LND port from config." >> ${logFile} fi -# SSH TUNNEL -if [ "${#sshtunnel}" -gt 0 ]; then - echo "Provisioning SSH Tunnel - run config script" >> ${logFile} - sudo sed -i "s/^message=.*/message='Setup SSH Tunnel'/g" ${infoFile} - sudo /home/admin/config.scripts/internet.sshtunnel.py restore ${sshtunnel} >> ${logFile} 2>&1 -else - echo "Provisioning SSH Tunnel - not active" >> ${logFile} -fi - # ROOT SSH KEYS # check if a backup on HDD exists and when retsore back backupRootSSH=$(sudo ls /mnt/hdd/ssh/root_backup 2>/dev/null | grep -c "id_rsa") @@ -199,6 +190,15 @@ else echo "Provisioning Root SSH Keys - keep default" >> ${logFile} fi +# SSH TUNNEL +if [ "${#sshtunnel}" -gt 0 ]; then + echo "Provisioning SSH Tunnel - run config script" >> ${logFile} + sudo sed -i "s/^message=.*/message='Setup SSH Tunnel'/g" ${infoFile} + sudo /home/admin/config.scripts/internet.sshtunnel.py restore ${sshtunnel} >> ${logFile} 2>&1 +else + echo "Provisioning SSH Tunnel - not active" >> ${logFile} +fi + # replay backup LND dir (especially for macaroons and tlscerts) # https://github.com/rootzoll/raspiblitz/issues/324 echo "" >> ${logFile}