...
Code Block | ||||
---|---|---|---|---|
| ||||
useradd -m voipmonitor -s /bin/bash
sudo -u voipmonitor ssh-keygen
cat << EOF > /etc/systemd/system/mariadb-tunnel.service
[Unit]
Description=SSH tunnel for remote MariaDB
After=network.target
Wants=network.target
[Service]
User=voipmonitor
Group=voipmonitor
ExecStart=/usr/bin/ssh -NL 3307:localhost:3306 -o TCPKeepAlive=yes -o ServerAliveInterval=300 nms
Restart=on-failure
RestartSec=20s
TimeoutStartSec=20s
[Install]
WantedBy=multi-user.target
EOF
mkdir -p /etc/systemd/system/voipmonitor.service.d
cat << EOF > /etc/systemd/system/voipmonitor.service.d/wait-tunnel.conf
[Unit]
After=mariadb-tunnel.service
Requires=mariadb-tunnel.service
EOF
cat << EOF > /etc/systemd/system/voipmonitor.service.d/less-verbosity.conf
[Service]
ExecStart=
ExecStart=/usr/bin/voipmonitor --config-file /etc/voipmonitor.conf
Restart=on-failure
RestartSec=20s
TimeoutStartSec=20s
EOF
systemctl daemon-reload |
...
Code Block | ||||
---|---|---|---|---|
| ||||
useradd -m voipmonitor mkdir -p /home/voipmonitor/.ssh chmod 700 /home/voipmonitor/.ssh echo 'command="/sbin/nologin",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="localhost:3306" ssh-rsa <key> voipmonitor@voipmon' >> /home/voipmonitor/.ssh/authorized_keys chmod 600 /home/voipmonitor/.ssh/authorized_keys chown -R voipmonitor:voipmonitor /home/voipmonitor/.ssh mysql -u root -p -e "GRANT ALL ON voipmonitor.* TO 'voipmonitor'@'%' IDENTIFIED BY '<password>';" |
...
Code Block | ||||
---|---|---|---|---|
| ||||
sudo -u voipmonitor ssh -NL 3307:localhost:3306 -o TCPKeepAlive=yes -o ServerAliveInterval=300 nms systemctl start mariadb-tunnel vim /etc/voipmonitor.conf mysqlport = 3307 mysqlpassword = <password> systemctl restart voipmonitor |
...