Bering-uClibc 7.x - User Guide - Advanced Topics - Setting Up rtty to access the console from a web browser

From bering-uClibc
Revision as of 14:30, 26 June 2021 by Kapeka (Talk | contribs) (Created page with "{| summary="Navigation header" width="100%" ! colspan="3" align="center" | Bering-uClibc 7.x - User Guide - Advanced Topics - Setting Up rtty to access the console from a we...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Setting Up rtty to access the console from a web browser
Prev Bering-uClibc 7.x - User Guide Next

Objectives

This chapter introduces the rtty tool to get console access to a LEAF router from a web browser.

A possible scenario could be that you are sitting in an office, a hotel room or whatever without the possibility to establish a ssh connection to your LEAF router but at least can connect to the web with http to your own web server.

The rttytool is a combination of the rtty client running on a LEAF router and a rttys"server" running on your web server.

The server notes are only a short example, how it works from localhost, hopefully you'll get the picture what's needed to add it to your web server. The client running on your LEAF router will be explained in more detail.

Setting up a rttys server

Setting up the rttysserver requires mysql/mariadb on your server.

To set up the server side download rtty from https://github.com/zhaojh329/rttys/releases and untar the tarball.

Next prepare your database:

On database instance, login to database console as root: 

mysql -u root -p

Create database user which will be used by rttys, authenticated by password. This example uses 'rttys' as password. Please use a secure password for your instance. 

CREATE USER 'rttys' IDENTIFIED BY 'rttys';

Create database with UTF-8 charset and collation. Make sure to use utf8mb4 charset instead of utf8 as the former supports all Unicode characters (including emojis) beyond Basic Multilingual Plane. Also, collation chosen depending on your expected content. When in doubt, use either unicode_ci or general_ci. 

CREATE DATABASE rttys CHARACTER SET 'utf8mb4' COLLATE 'utf8mb4_unicode_ci';

Grant all privileges on the database to database user created above. 

GRANT ALL PRIVILEGES ON rttys.* TO 'rttys';
FLUSH PRIVILEGES;

Quit from database console by exit.

Change into the new directory and run: 

./rttys token

Note the token given for next step and the client setup on the LEAF router.

To start the server side running 

./rttys run -t [yourtoken]

You should be now able to connect to rttys server from you browser: 

http://localhost:5913/

Setting up the rtty client on a LEAF router

Installing and configuring rtty.lrp add rtty.lrp to leaf.cfg and reboot your LEAF router.

Configure rtty in /etc/default/rtty

In /etc/default/rttyset your rttys server address, add the token and the hostname: 

# IP address of the rttys Server
SERVER="192.168.1.1"

# Token on your remote rttys server
TOKEN="yourtoken"

# Set your hostname
HOSTNAME="firewall"

Configure root access via rtty

To allow root login from rttys into the LEAF router it is necessary to add pts ports (pseudo terminal ports) to /etc/securetty. 

...
pts/0
pts/1
pts/2
pts/3

Configure shorewall

To connect rtty from the LEAF router to your rttys server you need to open the port 5912 from your firewall to the zone where the webserver is located running rtty. This could be the local zone (as in the example below), the DMZ or on the net depending on your needs. change /etc/shorewall/rules and add 

# enable rtty (assuming the rttys server is in local zone)
ACCEPT fw loc tcp 5912

Restart shorewall with 

shorewall restart

Testing

From your browser pointing to http://localhost:5913/ refresh the list of rtty clients and access the devcies's shell. Login and enjoy.

Prev Up Next
Retrieved from "http://bering-uclibc.zetam.org/index.php?title=Bering-uClibc_7.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_rtty_to_access_the_console_from_a_web_browser&oldid=5280"