rapidscaleclusters.com

Remote Support for ClusterMaker



Overview

We provide a remote support tool to make it easier for our technicians to help you. Because all ClusterMaker functions can be controlled from the command line, an SSH tunnel is usually all we need to provide effective support. However, it can sometimes be difficult for us to SSH into your server because of firewalls between your test server and the public Internet. Our tools provide an easy way around this and enable you to allow temporary access directly to the server in question.

Once connected, there is a temporary encrypted tunnel going directly from our support server to port 22 on the server where you are running the connect script. We still need a valid login and password, but firewalls between us and port 22 are essentially bypassed. This makes it easy for whoever is working with our software to request support for a server that may not have a public IP address, and eliminates the need for port forwarding and other types of firewall manipulation. In many cases, firewall settings may be difficult to change, may be under someone else's control, and the changes may leave your server vulnerable to attack (for instance, opening port 22).

Our method is much more secure because it leaves the firewall settings intact, your server remains on a private network, and connects to us directly without allowing any access for others in the public Internet. Also, it is completely under your control. When you need support, connect the tunnel. When we are done, close the tunnel and we have no access to your server at all.

Enabling remote support will allow you to request and receive support much more quickly and safely. There are a just few simple steps to follow, which are outlined below.


Create an ssh key

If you don't have an SSH key for the root user, you will need to create one. First check for the existence of a public key:

ls /root/.ssh/

If there is no such directory or if it does not contain files like id_rsa and id_rsa.pub, then SSH keys need to be created as follows. If they do exist, skip this step. Logged in as root, type:

ssh-keygen -t rsa

And press enter. Press enter again to accept the default location, and press enter twice more to create a blank passphrase. The key has been generated and now it needs to be sent to RapidScale Clusters Technical Support. Upon receipt it will be entered into our support server, and remote connections from your installation will be authorized.

You can view the key in the contents of the public key file:

cat /root/.ssh/id_rsa.pub

It will look something like this:

ssh-rsa AAAAB3NzaC1yc2EAAAACIwAAAIEAsVUhwE6lGz39Nx
X/x1s/kulopteXyQwRTEbydc15IoZwO1z1ciUsrE8QCq9eTVhL
W7HsQSAsL7QD3aXdQ2TjyaKzDScuZObukJvp1zKN3ouFpeafRK
1HUh4cjDwzNQR9VWDoY4Dm4ncbGoiqOvVm+F6/1Wr/4Pl4GKWF
DcjBb2U= This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Email your key to support <at> linuxwebcluster <dot> com and request that remote support be enabled for your server, and we'll allow connections that provide this key as authentication.



Set up connection script

When we receive your SSH public key, we'll assign a random port number for your remote support connections and build a personalized "connection script" for you to run. Just create a new file called connect.sh, like this:

vi /root/connect.sh

Paste the contents of the script we send you, and save the file. Be sure to make it executable as well:

chmod +x /root/connect.sh

Now run it:
./connect.sh

... and you should see a message telling you it connected to us successfully:

Attempting port 6200 connection with Sample Customer credentials...

You have successfuly created a secure tunnel to our server,
which our technicians can use to interact with this computer.

When you reboot or kill process ID 23791, the tunnel is closed
and we can no longer connect to you. Thank you for using
RapidScale Clusters Remote Support!

Please note the process ID [ 23791 ] which can be killed with:
'kill 23791'


Slow networks, frequently dropped connections

If the connection gets dropped, just run the script again. Sometimes if the connectivity is poor and the tunnel gets dropped frequently, it is easiest to schedule the connect.sh script as a cron job and have it run every 5 minutes (it will exit silently if already connected, and reconnect if not). That way it will stay connected for the duration of our need for tech support.

You can schedule the cron job like this:
crontab -e
 And enter this line:
*/5 * * * * /root/connect.sh

 

 

Tell the developers:

The type of clustering you are most likely to deploy is:
 
What Linux distro do you use for clusters?
 

Copyright 2010    RapidScale Clusters, LLC