Change log

2012.05.22: Version 2 of the SSH tunnel script.

TODO

- check the time of data transfer at Argentinian ATMOSCOPE.
- update ssh.tunnel.sh form Ver. 1 to Ver. 2 at ATMOSCOPEs.
- change port number at Argentina from 3000 to 2001

Passwordless SSH login

All automated operations require the ability to login via SSH without the need to provide the password. This can be achieved by acknowledging at the SSH server (here - mira.astrouw.edu.pl) the public RSA key of the client (ATMOSCOPE).
To generate new pair of keys (private and public): 

cd ~/.ssh
ssh-keygen
Accept all the default options (location of files and empty passphrase). This will generate two files: id_rsa and id_rsa.pub.
And then, copy the content of the id_rsa.pub to the /home/cta/.ssh/authorized_keys at mira.astrouw.edu.pl: 
cd ~/.ssh
ssh cta@mira.astrouw.edu.pl "echo `cat id_rsa.pub` >> ~/.ssh/authorized_keys"

Data acquisition

Data transfer is done using the rsync program.
For example - transferring data from the Argentina looks like: 

rsync -avr /mnt/cf_usb/data/ -e ssh cta@193.0.88.15:~/argentina/data/
The corresponding crontab entry: 
15 14 * * * root  rsync -avr /mnt/cf_usb/data/ -e ssh cta@193.0.88.15:~/argentina/data/

Connection to mira.astrouw.edu.pl

The security settings at mira.astrouw.edu.pl require to add specific IP from witch the connection can be made. This is the most simple method and since at all current ATMOSCOPE's sites there is static IP, it is not an issue.
If the IP is not known for some reasons, it can be obtained by executing: 
wget -q -O - checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'
You can then mail me (mcie AT astrouw DOT edu DOT pl) and I will add it to the allowed list.

SSH Tunnel

NOTES:
Version 2 adds the check option. It checks the existing connection without resetting it. Therefor it should be used in the crontab instead of the reset as in Version 1.
Version 2 has NOT been deployed to the ATMOSCOPEs.

File's location at the ATMOSCOPEs: 

/etc/init.d/ssh.tunnel.sh

To add the script to runlevel: 

update-rc.d ssh.tunnel.sh defaults
The system can complain about the script not being written with guidelines etc. In version 3 it should be corrected as the scripts relays on the networking.

Crontab entry: 

0 *  * * * root /etc/init.d/ssh.tunnel.sh check

File:
ssh.tunnel.sh
Please be sure to change the default parameters.
Current used/reserved port numbers are: 

2000 Namibia
3000 Argentina (will be changed to 2001)
Please, use port numbers within the range 2002-2100 and let me know (mcie AT astrouw DOT edu DOT pl) as soon as they are set.

Version 2 script content: 
#!/bin/bash
#22.05.2012 version 2
#

#the parameters
user="cta"
port="12345" #port at the mira.astrouw.edu.pl
mira="193.0.88.15"
host=`hostname`

#command to create a backword ssh tunnel through active ssh connection
#ssh -R $port:localhost:22 $user@$mira -f -N

#finding the pid of the ssh tunnel - so it can be restarted or killed
#pid=`pgrep -f $mira`
#pgrep -f "ssh -R 2000:localhost:22 cta@193.0.88.15 -f -N"

case "$1" in
start)          echo "Starting the ssh tunnel between $host and $mira"
                ssh -R $port:localhost:22 $user@$mira -f -N
        ;;

stop)           echo "Stopping the ssh tunnel between $host and $mira"
                kill `pgrep -f "ssh -R $port:localhost:22 $user@$mira -f -N"`
        ;;
restart)        echo "Stopping the ssh tunnel between $host and $mira"
                kill `pgrep -f "ssh -R $port:localhost:22 $user@$mira -f -N"`
                ssh -R $port:localhost:22 $user@$mira -f -N
        ;;
check)
		echo "Checking the ssh tunnel between $host and $mira"
		checkstr=`ssh $user@$mira "netstat -ano | grep \"127.0.0.1:$port\" "`
		if [ "$checkstr" != "" ]
		then
			echo "OK"
		else
			echo "Not working"
			echo "Starting the ssh tunnel between $host and $mira"
                	ssh -R $port:localhost:22 $user@$mira -f -N
		fi
	;;
*)              echo "$host <-> $mira ssh tunnel script"
                echo "usage: start, stop, restart, check"
        ;;
esac

exit 0