Java in cloud

I have a box on Amazon EC2. And I want to have my OpenWRT that is behind IPv4 CGN and have public IPv6 to be reachable from IPv4 Internet. The best idea is to use ssh reverse tunnel connected with autossh to keep connection going. The very first think is to test if I can connect to my Amazon instance from my OpenWRT: root@OpenWrt:~# ssh 54.111.111.111 Host '54.111.111.111' is not in the trusted hosts file. (ssh-rsa fingerprint md5 0f:51:11:11:11:11:11:11:11:11:11:11:11:11:11:11) Do you want to continue connecting? (y/n) y root@54.111.111.111's password: At this point the public key of remote host will be added to .ssh/known_hosts. It is important as we can't have autossh to interact with console in future. root@OpenWrt:~# cat .ssh/known_hosts 2001:1111:1111:1111::1111:1111 ssh-rsa AAAAB3N....... 54.111.111.111 ssh-rsa AAAAB3N.......... Now we need to generate public/private key pair we will be using to connect to our Amazon instance. Invoke fol

I have at home an OpenWRT on TP-Link 1043ND. As I'm most of the time out of my home, I use this for two functions:  - as reliable WiFi Access Point  - as last resort remote access device  - as a box used to wake up other Ethernet enabled devices @ home. As this box is exposed to Internet via IPv6 address, I decided to harden it a little. 1. Adding extra non privileged user account: root@OpenWrt:~# opkg update root@OpenWrt:~# opkg install shadow-useradd root@OpenWrt:~# mkdir /home root@OpenWrt:~# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL= SKEL=/etc/skel CREATE_MAIL_SPOOL=no root@OpenWrt:~# useradd -m -s /bin/ash bart root@OpenWrt:~# cat /etc/passwd root:x:0:0:root:/root:/bin/ash daemon:*:1:1:daemon:/var:/bin/false ftp:*:55:55:ftp:/home/ftp:/bin/false network:*:101:101:network:/var:/bin/false nobody:*:65534:65534:nobody:/var:/bin/false bart:x:1000:1000::/home/bart:/bin/ash root@OpenWrt:~# passwd bart Changing password for bart New passw

My new ISP is providing me with CGN (carrier grade NAT) for IPv4 but also full /64 IPv6 connectivity with routable unicast addresses. So I've enabled IPv6 on my Raspberry Pi. I've also bougth for couple of bucks a cheap VPS ( http://www.lowendtalk.com/ ) that have dual stack to be used as proxy for access to my home network. The access I will configure using SSH tunnels, what allows me for opening access only when I really need it. After logging to my VPS I issue the following to facilitate local post forwarding from VPS to my home network: ssh -L 10.111.111.111:8080 : 192.168.1.1:80 -l pi 2a01:2222:2222:2222:3333:3333:3333:3333 The parameters are as follow: 10.111.111.111 is address of my VPS (man in the middle box). VPS will listen on port 8080 for incoming connections. 192.168.1.1 is an IP address of device I want to access on my internal home network. 80 is a port I want to access on the device in my internal home network. pi is user name that I want to use to c