Photo by Claudia Soraya on Unsplash

Photo by Claudia Soraya on Unsplash

Remote maintenance and automation with RPort

Light at the End of the Tunnel

Article from ADMIN 68/2022
Firewalls and network address translation often stand in the way of access to remote systems, but the free RPort software works around these obstacles and supports remote maintenance through a tunnel locally, in the cloud, and from your home office.

The days when all servers and employee PCs were located on a common subnet are long gone. IT infrastructure has spread across various locations, service providers, and networks. Even devices in coworkers' home offices often fall under the aegis of system administrators. Keeping track of a growing number of servers and devices is a problem for many IT departments: Which team is responsible for which systems? Where are the systems located? How can remote access be achieved quickly?

Remote access does not usually mean an admin entering the IP address of the remote system on the remote desktop or secure shell (SSH) client and logging in. Firewalls and routers only allow this in rare cases. Jump hosts, SSH chains, or virtual private networks (VPNs) are common technologies for accessing systems behind firewalls. However, this means considerable overhead with VPNs, and jump hosts need to be meticulously documented by system administrators because coworkers need to be able to identify the jump host they need to use for a specific system. Additionally, jump hosts have a certain amount of administrative overhead for user accounts.

RPort with a New Approach

RPort [1] aims to solve this remote access problem. The open source software updates the inventory independently, integrating access to all systems by SSH or remote desktop. In the centralized, web-based dashboard, the inventory shows all systems with the RPort client. You can find internal and external IP addresses, their locations, and many other details.

The client keeps this information up to date at all times. Tags and an encrypted key-value store can be used to expand the system information. If you manage many systems with RPort, the software supports the use of groups for sorting purposes, and you can connect to machines on the dashboard at the press of a button and execute commands and scripts, which are optionally stored in a library for reuse.

Fast Server Installation

To install the RPort server, the developers recommend a small virtual machine (VM) in the cloud. If the RPort server is accessible over the public Internet, you can include servers on different networks and at different locations. However, installation on a private network is also possible.

A VM with Debian 10 (Buster) or 11 (Bullseye) and 1GB of RAM is all you need for the RPort server. The costs amount to $3-$7 per month, depending on the cloud provider. For an RPort server in Azure, Amazon Elastic Compute Cloud (AWS EC2), or Google Compute, you have to pay attention to the correct firewall settings when creating the VM. In addition to SSH port 22, you need to allow TCP ports 80 and 443 for the web server and the TCP port range 20000 to 30000 on the firewall. With cloud providers (e.g., Hetzner, Scaleway, DigitalOcean), firewalls are optional, and new VMs have no restrictions. To create inexpensive, small systems in Azure, setting the filters to 0-2GB RAM and 1-2 CPUs would get you to the B1s or B1ls (Linux only) series. The B1ls series is fine for up to 100 systems managed with RPort.

After the VM becomes available, you will want to update with

sudo apt-get update && sudo apt-get dist-upgrade

and reboot. After the reboot, switch to the root account and run the RPort cloud installer:

sudo -i
curl -o &&sh ./

If running a script with root privileges is too scary, you can run the steps grouped in the script manually. You need to specify an email address with two-factor authentication to ensure maximum security from the start. The email addresses are only stored in the local database and are not transferred.

The installation script downloads RPort from GitHub and creates a user and the required configuration files. It also creates a random fully qualified domain name (FQDN) in the * subdomain. You need this to generate valid SSL certificates with Let's Encrypt. To use your own hostname after initial testing, see the RPort help pages for instructions [2].

After the installation script has run, you will receive a URL and a randomly generated initial password. Open this URL in your browser and log in. After you receive the two-factor token by email, the RPort server is ready for use.

Rolling Out an RPort Client

For remote access to servers behind routers and firewalls to work, you need to install the RPort client on each system. It establishes the connection from the inside out, which means you don't have to set up these connections specifically on your firewalls; the RPort client uses the HTTP protocol and port 80 for first contact. An HTTP proxy server is another option. Once the connection has been opened, an SSH session wrapped in HTTP is created.

The client installation is done quickly. On the web interface, click on the gear icon top right and then press Client Access . Clicking on Install Client will show you two scripts with a randomly generated pairing code that is valid for 10 minutes. When you copy the script to the clipboard and run it in PowerShell or a Linux console, the client connects directly to your server.

The pairing service only generates and transfers the client configuration and does not intervene in the data connection, which is established directly between the client and the server. You can also download the client installation scripts and distribute them from a file server or USB stick.

After clicking on the refresh button in the top left corner, new clients appear immediately in the inventory. If clients do not have direct access to the Internet, you can enter an HTTP proxy in the rport.conf client configuration file. An example is included in the file.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus