[arm-allstar] Workaround: How to use *4 Remote Command mode?

Doug Crompton wa3dsp at gmail.com
Tue Apr 3 11:26:42 EST 2018 

John,

 The method you are using is one of the right ways to do it. The *4 method
is very insecure and NOT recommended. We are going to be making some fixes
to the code to correct this in the near future but overall your method is
preferred. In fact there are IOS and Android apps that do exactly what you
are doing by providing buttons to perform certain tasks. They login,
perform the task and logout just by hitting a button you have programmed.

I might also point out that Supermon with remote manager support and
recommended iptables security would also be an option. It is an excellent
way to control multiple nodes from one location. I manage upwards of 12
local and remote nodes in this way. You can create your own control
sequences and store them.

I will use your suggestion in a future howto I am thinking about doing on
methods to remotely control a server.


*73 Doug*

*WA3DSP*

*http://www.crompton.com/hamradio <http://www.crompton.com/hamradio>*


On Tue, Apr 3, 2018 at 11:54 AM, "John Wagner via arm-allstar" <
arm-allstar at hamvoip.org> wrote:

> A few days ago I posted a question about using the *4 remote command
> function in Allstar to be able to enter DTMF on one node, and have it
> execute functions on another node. I was not able to get the *4 remote
> command function to work, and didn’t receive any good tips on what I was
> doing wrong.
>
> Here’s what I ended up doing instead and I figured I’d post it to the list
> in hopes it helps someone else in the future.
>
> For this to work, Node #1 needs to be able to reach Node #2 via SSH, and
> you’ll need to be able to log into both. In our case they’re all behind the
> same firewall, but you could accomplish the same thing with port
> forwarding, VPN, or other techniques. As always, if you’re going to expose
> your SSH directly to the Internet, use strong passwords, patch often, and
> use non-standard ports.
>
> Short version of entering DTMF on Node #1 and having it execute commands
> on Node #2:
> 1. On Node #1, generate SSH keys so a script can log in from one node to
> another node via SSH without entering a password, and copy the public key
> Node #2. Instructions here: https://www.digitalocean.com/
> community/tutorials/how-to-set-up-ssh-keys--2
> 2. Make a shell script on Node #1 that uses SSH and the key you created
> and copied in step 1 to run a command on Node #2. Instructions on how to
> remotely execute commands via SSH are here: https://www.cyberciti.biz/faq/
> unix-linux-execute-command-using-ssh/
> 3. Test it from the command line on Node #1 to make sure your script works
> from the command line on Node #1.
> 4. Add a line in Node #1’s rpt.conf to run the script you created above in
> step #2 with a DTMF command
> 5. Restart Asterisk on Node #1, test, celebrate your success.
>
>
> Longer version of Entering DTMF on Node #1 to make Node #2 announce the
> time (or any other Allstar function):
> In this example - Node #1 is 42757 with the prompt “[root at 42757 ~]#” and
> Node #2 is 43258 on the IP address 192.168.102.10. Replace node numbers and
> IP addresses with your own. I tested this with the Say Time function *81,
> but you should be able to do it with any function.
>
> 1. On Node #1, generate SSH keys so a script can log in from one node to
> another node via SSH, and copy the public key Node #2. Instructions here:
> https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
> .
>
> **** GENERATE A PUBLIC/PRIVATE KEYPAIR FOR SSH ****
> [root at 42757 ~]# ssh-keygen -t rsa
>    Generating public/private rsa key pair.
>    Enter file in which to save the key (/root/.ssh/id_rsa): **leave this
> blank and hit enter**
>    Enter passphrase (empty for no passphrase): **leave this blank and hit
> enter**
>    Enter same passphrase again: **leave this blank and hit enter**
>    Your identification has been saved in /root/.ssh/id_rsa.
>    Your public key has been saved in /root/.ssh/id_rsa.pub.
>    The key fingerprint is:
>    SHA256:Xnm12Y0fvvlQ2OSCkk5UkIHnQxN57X1w7TpTzQLzLjA root at 442-7375
>    The key's randomart image is:
>    +---[RSA 2048]----+
>    |           .. . .|
>    |            o o.o|
>    |             . o-o|
>    +----[SHA256]-----+
>
> **** COPY THE PUBLIC KEY TO NODE #2 ****
> [root at 42757 ~]# ssh-copy-id -p 222 root at 192.168.102.10
>    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
> "/root/.ssh/id_rsa.pub"
>    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
> to filter out any that are already installed
>    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you
> are prompted now it is to install the new keys
>    root at 192.168.102.10's password:
>    Number of key(s) added: 1
>
>
> 2. Make a script to run the SSH command on the other machine. In my case,
> my script was “/root/saytime-on-43258.sh", and contains one line:
> ssh -p 222 root at 192.168.102.10 'asterisk -rx "rpt fun 43258 *81” '
>
>
> 3. From Node #1, make your script executable and test it to make sure time
> announces on Node #2
> [root at 42757 ~]# chmod a+x /root/saytime-on-43258.sh
> [root at 42757 ~]# /root/saytime-on-43258.sh
>
>
> 4. In the Functions section of /etc/asterisk/rpt.conf , add a line to
> execute your script when a DTMF sequence is entered. I used *966:
> [functions42757]
> ...
> 966=cmd,/root/saytime-on-43258.sh
>>
>
> 5. on Node #1, do an astres.sh to reload the rpt.conf, and then on Node #1
> enter DTMF *966 (in my case) on the radio. If you did it all right, the
> time should be announced on Node #2.
>
>
>
>
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org

More information about the arm-allstar mailing list