@clintcparker

Code and such from a whiteboard enthusiast

RDP Tunnels

Rationale

I love the persistence of a host machine! I’m too cheap to get a VPS. I really like the windows 11 OS but really love mac laptops. I left 3389 open on my router (with DDNS) and found myself getting brute forced. I saw this post around the same time, and realized tunnelling could be a great alternative.

Assumptions

General Assumptions

I wrote this for my situation. While setting it up, I found there was not a central guide, so I made one. If it doesn’t perfectly fit your situation, hopefully a part of it will help.

Assumptions About You

  • You have administrator access to both machines
  • You are comfortable with the command line on both systems
  • You have VSCode installed on both machines
  • You’re aware of the concept of SSH
  • You have a Cloudflare account and a website there
  • You’re using brew

Assumptions About This Guide

  • I’ve got example.com on my cloudflare account (I don’t, obvs)
  • My tunnel is named wormhole
  • My tunnel id is 123455677890asdf
  • My macOS username is me

Host Setup

Windows Setup

  1. get pwsh (i used winget)

    PS> winget install Microsoft.PowerShell
    • At the time of writing, should be v7.2

  2. install chocolatey at https://chocolatey.org/

    PS> Set-ExecutionPolicy Bypass -Scope Process -Force [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

  3. install cloudflared via chocolatey

    PS> choco install cloudflared
  4. login 
    PS> cloudflared login
    • you may need to manually open the link in the output and select the site you’d like to add the tunnel to
  5. create a tunnel 
    PS> cloudflared tunnel create wormhole
  6. setup cloudflared as a service 
    PS> cloudflared service install
PS> mkdir C:\Windows\System32\config\systemprofile\.cloudflared
  7. create a config 
    PS> code C:\Windows\System32\config\systemprofile\.cloudflared\config.yml
    • example:
    tunnel: 123455677890asdf
credentials-file: C:\Windows\System32\config\systemprofile\.cloudflared\123455677890asdf.json
    
ingress:
    - hostname: wormhole.example.com
    service: ssh://localhost:22
    - service: http_status:404

  8. set service as automatic

    PS> Set-Service -Name Cloudflared -StartupType "Automatic"
PS> Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Services\Cloudflared\ -Name ImagePath -Value "C:\ProgramData\chocolatey\lib\cloudflared\tools\cloudflared.exe --config=C:\Windows\System32\config\systemprofile\.cloudflared\config.yml tunnel run"
PS> cloudflared tunnel route dns  wormhole.example

  9. add a non-admin user (for ssh only). enter a paasword when prompted

    PS> New-LocalUser -Name me-ssh

  10. set pwsh as your default shell

    PS> New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force

  11. create external user .ssh directory to house authorized_keys

    PS> mkdir C:\Users\me-ssh\.ssh

  12. modify sshd_config

    PS> code C:\ProgramData\ssh\sshd_config
    • enable publickey authentication, uncomment this line
    PubkeyAuthentication yes

  13. setup sshd & ssh-agent as automatic services, and start them

    PS> Set-Service -Name sshd -StartupType "Automatic"; Set-Service -Name ssh-agent -StartupType "Automatic"; Start-Service sshd; Start-Service ssh-agent

Client Config

MacOS

  1. make sure developer tools are up to date

    $> brew install cloudflare/cloudflare/cloudflared
    • to confirm install
    $> cloudflared -v
  2. Login (just like on the host setup) 
    $> cloudflared login

    • A browser window should have opened.

    • If the browser failed to open, please visit the output URL directly in your browser.

  3. Select the site you want to to log in to
    • after selecting you’ll see in the terminal
     You have successfully logged in.
 If you wish to copy your credentials to a server, they have been saved to:
 /Users/yourusername/.cloudflared/cert.pem
  4. next, update your hosts file 
    $> code ~/.ssh/config
    • add the following
    Host *.example.com
    ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
  5. now you can ssh into the box directly 
     $> ssh [email protected]

  6. But let’s take this further for RDP and setup local forwarding

     $> ssh -L 56789:127.0.0.1:3389 [email protected]
  7. Setup pub key and add to host 
     cat ./.ssh/id_rsa.pub | ssh [email protected] "echo | Out-File -FilePath ~/.ssh/authorized_keys -Append"

Further thoughts

  • Connect to the tunnel from the client machine on startup https://mpharrigan.com/2016/05/17/background-ssh.html
  • Remove the password from the newly created user
  • Change default ports (ssh, RDP)
  • Restrict RDP access to 127.0.0.1 only
  • Create a host and client scripts to just take care of all of this

Belvedere

dotnetcoreI recently created name-on using the DotNetCore command line tools and VS Code. It was surprisingly easy, and I love scaffolding from the command line.

fish-shellI also recently got my WSL setup working, which involved setting fish as my default shell, and revisiting some of the functions I have made in the past.

My quick experience with the DNC CLI seemed like the perfect thing to functionalize. I like having a standard structure to my apps:

  • class library
  • command line
  • web app / API
  • test project

DNC has the concept of tmeplates and extensions, but what can I say, I wanted to write this with fish. So I did.

I picked the name belvedere by looking up scaffolding in a thesaurus. Apparently its a “raised turret atop a house,” and comes from 1590’s italian.

Belvedere will create all the necessary projects, with the correct intra-project references, a solution, gitignore, and README. It also intializes a git repo and commits the created files.

You can find the code here: https://github.com/clintcparker/fish_functions/blob/master/belvedere.fish

Name-on

But Y tho?

I needed a unique name generator, so I built one.

I had used the Heroku unique-name generator before, when building bad ideas. I loved how it removed a mental hurdle from getting something out the door; coming up with a name. Personally, I’m horrible at naming things, so this was a necessity. I don’t want to get hung up on picking a good name, and the defaults are equally as bad (ConsoleApplication23, anybody?).

I’d also been wanting to get back to dot net core. The last time I had played around with it, they were still using the dnx command line tool and project.json files. So this project seemed small enough, and valuable enough, to actually keep me on task for the duration of v1.

The command line

I was stoked to be able to layout the project structure from the command line. I’m just so much more optimistic about a tool when there’s a CLI behind it. Even if I’ll never script it, the idea that i could is very appealing.

I scaffolded the whole project via the dotnet new and dotnet add commands. I was also able to build and test in the same manner. It was a nice break from VS 2017.

Structure

I found lists of adjectives and nouns online. And thank to some recent practice with regex crosswords, quickly stripped everything but the words themselves.

I added some tests for uniqueness, which is about 99.985%. I also added protection for never getting the same name twice in a row.

I was able to create a CLI for OS X, which was came in handy when publishing to Azure, and needing names for everything.

For the web app the dotnet help lists a template called razor with the description “mvc with razor pages.” I’ve used the Razor syntax since it debuted, and thought, “of course I want razor, not aspx.” Apparently though, Razor Pages is a new thing. I actually really liked it for build the web app component. I still created a controller for the API, but was happy I stumbled onto this new paradigm.

I really went over the top with the completeness. Azure for hosting. Custom domain through NameCheap. SSL through CloudFlare.

Next Steps

The README has a roadmap, which includes packaging the CLI and improving the site. PRs are welcomed.

Adventures in vs Extension Updates

While at //build I was inspired to update my extensions to support VS 2017. I meant to do it last year, but got distracted. The process was really simple, and is outlined on the new hotness that is MS Docs. It took me about 10 minutes to get it all configured an tested. But then…I was sidelined by my CI config.

For some reason, my AppVeyor builds were failing. They were clearly pulling the latest from my repo, but for some reason, the nuget restore stopped working. I probably should’ve googled the issue, and I think I did, but I was asking the wrong questions. I finally gave up and manually configured the build via the GUI, and then exported that config to YAML. When I went to do the next extension, I finally realized what the problem was. I used the exact same exported YAML, and got the exact same initial errors with the nuget restore.

Googling “appveyor not using yaml” led me to this help article. I still don’t understand why permissions were an issue to read the appveyor.yml, when it was clearly reading an updated csproj file. But I do now have extensions that support VS 2017.

Data Driven

This video absolutely changed my life. My friend and mentor showed it to me in the beginning of 2015. The early experiences of Etsy immediately resonated with me. And the concept of geometric growth being outside of the control of the business was something that I had never before considered, but absolutely made sense.

Don’t pick projects based on what’s cool, pick projects that make sense to the company.