-
-
Notifications
You must be signed in to change notification settings - Fork 412
Deployment
This page documents how to deploy ssh-chat using various methods.
You can run ssh-chat on port 22, but then you'll need to change the port of OpenSSH to something else like 2022. You can do this in /etc/ssh/sshd_config
. Two services can't run on the same port like this.
There are two popular Service Managers for Unix-Like systems, OpenRC (BSD systems) and systemd (Linux). Either one must be set up to run ssh-chat as a service (in the background). ssh-chat can be run as a user (not a daemon) but will stop servicing once the running user exits the terminal instance.
/etc/init.d/openrc
:
#!/sbin/openrc-run
name="$RC_SVCNAME"
description="Chat server over SSH"
command="/usr/local/bin/ssh-chat"
command_args="-i '$server_ident' --bind='$port' --admin='$admin_fingerprint' --whitelist='$whitelist' --motd='$motdfile' --log=$logfile"
pidfile="/run/$RC_SVCNAME.pid"
command_background="yes"
command_user="nobody" # If you want to secure your keyfile, you should change this to a
# user specifically for running ssh-chat
/etc/conf.d/openrc
:
# Config for /etc/init.d/ssh-chat
# See `/usr/bin/ssh-chat --help` for more details
# The admin's key fingerprint
#admin_fingerprint=SHA256:[INSERT HERE]
# The server's private key (path)
server_ident=[INSERT HERE]
# The port to bind to
# port=22
# The whitelist file
# whitelist=""
# The MOTD (Message Of The Day) file
# motd=""
# The logfile location
log="/var/log/ssh-chat.log"
(Replace /PATH/TO/
)
/etc/systemd/system/ssh-chat.service
:
[Unit]
Description=ssh-chat
After=network.target
[Service]
Type=simple
User=root
#You can store keys ouside of root and comment out 'User=root' then uncomment 'User=nobody'
#User=nobody
ExecStart=/PATH/TO/ssh-chat --bind=":22" -i="/PATH/TO/host_key" --admin="/PATH/TO/authorized_keys"
AmbientCapabilities=CAP_NET_BIND_SERVICE
Restart=always
[Install]
WantedBy=multi-user.target
Make sure all your paths are readable by the user you're running as. If it's User=nobody
, then they need to be readable by everyone!
It's best to make a separate user just for your ssh-chat service and store all files on this user.
The following installation steps can be used to automate the installation on Ubuntu Linux 16 (LTS), some slight modifications may be required for other distributions.
$ export LATEST_SSHCHAT=$(curl -s https://api.github.com/repos/shazow/ssh-chat/releases | grep -om1 "https://.*/ssh-chat-linux_amd64.tgz")
$ wget "${LATEST_SSHCHAT}"
$ sudo tar -xf ssh-chat-linux_amd64.tgz -C /opt # extracts ssh-chat to /opt
$ sudo ln -sf /opt/ssh-chat/ssh-chat /usr/local/bin/ssh-chat # creates a symlink in /usr/local/bin for convenience
$ sudo ssh-keygen -t rsa -N '' -f /root/.ssh/id_rsa # generates a key/fingerprint for your server
$ sudo sed -i -e '/^Port/s/^.*$/Port 2222/' /etc/ssh/sshd_config # ensures that system sshd runs on port 2222
$ sudo service ssh restart # restarts sshd (now on port 2222)
- create /etc/systemd/system/ssh-chat.service based on the instructions above
$ sudo systemctl daemon-reload # restarts systemd daemon
$ sudo systemctl enable ssh-chat # ensures ssh-chat will start up after a reboot
$ sudo systemctl start ssh-chat # starts the ssh-chat daemon
Additional resources: