Comment 1 Christian Völker 2020-08-05 11:34:21 CEST

Currently dealing with a customer in a different timezone.

Since two days customer is trying to set up the tunnel.

If I see the tunnel I am getting mostly:

root@login:~# ssh customer
ssh_exchange_identification: read: Connection reset by peer

Comment 2 Philipp Hahn 2020-08-05 11:43:58 CEST

This has nothing  to to with UCS `univention-debug`!

(In reply to Christian Völker from comment #1)
> root@login:~# ssh customer
> ssh_exchange_identification: read: Connection reset by peer

Hint: use `ssh -v` to get verbose output.

Comment 3 Christian Völker 2020-08-05 11:51:17 CEST

It might be the wrong component. But no reason to close!

We do not need troubleshooting tips. 

We need a tool which can be handled by any customer in a reliable way.

Comment 4 Philipp Hahn 2020-08-05 13:07:36 CEST

(In reply to Christian Völker from comment #3)
> It might be the wrong component. But no reason to close!

Yes, as this is the Bug-Tracker for "Univention Corporate Server" and its related components.
It is NOT for dumping problems with your specific working environment or .
The "ssh reverse tunnel for paying customers of UCS" is NOT part of UCS and as such does not belong in this bug-tracker. Use PlanIO or ORTS or Trello or what ever tool you use in Support to organize your work-flows.

> We do not need troubleshooting tips. 

As long as you file bugs in this Bugzilla we developers need data to work on; if you don't provide that the bug will be closed nor or in 5 years. Especially if you pick a random component for which I'm the maintainer.
If you want help, provide the requested data.

Hint 2: `ssh -v` will probably tell you that you're still using a RSA1 key, which is INSECURE and no longer supported!


> We need a tool which can be handled by any customer in a reliable way.

Again: not here in Bugzilla.

We use ssh all the time with UCS and it works flawlessly. If it does not work in your environment provide the requested data to prove that it is a generic problem with UCS.


(In reply to Christian Völker from comment #0)
> See: https://trello.com/

Pleas do not linkt to external tools as they are not persistent.

Comment 5 Nico Gulden 2020-08-24 16:43:36 CEST

In order to better help customers, support needs the following: A simple possibility to access customer systems via command line.

Simple means, simple from the customer's point of view: only execute _one_ command. No further steps by the customer like sending a password, e.g. via insecure email or copy a key, which customers fail to do. A simple switch on the shell that activates and deactivates the access. Afterwards, almost everything needs to be in the same status as before.

Customer view - acceptance criteria:

* As simple as it can get, script most of it.
* No further steps by the customer
* No password!
* Decent feedback like "remote access is activated / deactivated"
* Simply possibility for the customer to have a look at what support is doing, e.g. screen or tmux
* Possibility to cancel by the customer and revert to the previous status.
* Upon session closing (e.g. putty), a notification that tunnel is still activated
* Possibility to close the tunnel or keep it open although putty session disconnect


Support view - acceptance criteria:

* List of all active tunnels (`listtunnels` with full names, if possible)
* Possibility to specify the username (uni-support@ or root@ …)
* Ideally access or access extension, without knowing the root password (sudo?)
* Support should have possibility to quit the remote access