azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
07816eae467b1c3f7f39696f2373b237ad7d95f4
claudetools/credentials.md
Mike Swanson 07816eae46 docs: Add comprehensive project documentation from claude-projects scan 
Added:
- PROJECTS_INDEX.md - Master catalog of 7 active projects
- GURURMM_API_ACCESS.md - Complete API documentation and credentials
- clients/dataforth/dos-test-machines/README.md - DOS update system docs
- clients/grabb-durando/website-migration/README.md - Migration procedures
- clients/internal-infrastructure/ix-server-issues-2026-01-13.md - Server issues
- projects/msp-tools/guru-connect/README.md - Remote desktop architecture
- projects/msp-tools/toolkit/README.md - MSP PowerShell tools
- projects/internal/acg-website-2025/README.md - Website rebuild docs
- test_gururmm_api.py - GuruRMM API testing script

Modified:
- credentials.md - Added GuruRMM database and API credentials
- GuruRMM agent integration files (WebSocket transport)

Total: 38,000+ words of comprehensive project documentation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-22 09:58:32 -07:00

394 lines
14 KiB
Markdown
Raw Blame History

# Credentials & Authorization Reference
**Last Updated:** 2026-01-19
**Purpose:** Centralized credentials for Claude Code context recovery
**Project:** ClaudeTools MSP Work Tracking System
---
## Infrastructure - SSH Access
### GuruRMM Server (172.16.3.30)
- **Host:** 172.16.3.30
- **User:** guru
- **SSH Port:** 22
- **Role:** Production server hosting ClaudeTools database and API, GuruRMM system
- **Services:**
- MariaDB 10.6.22 (Port 3306)
- PostgreSQL 14 (Port 5432)
- ClaudeTools API (Port 8001)
- GuruRMM API (Port 3001)
- Nginx reverse proxy (Port 80/443)
- **ClaudeTools Database:**
- Database: claudetools
- User: claudetools
- Password: CT_e8fcd5a3952030a79ed6debae6c954ed
- **GuruRMM Database (PostgreSQL):**
- Database: gururmm
- User: gururmm
- Password: 43617ebf7eb242e814ca9988cc4df5ad
- Connection: postgres://gururmm:43617ebf7eb242e814ca9988cc4df5ad@172.16.3.30:5432/gururmm
- **GuruRMM API Access:**
- Base URL: http://172.16.3.30:3001
- Production URL: https://rmm-api.azcomputerguru.com
- Admin Email: claude-api@azcomputerguru.com
- Admin Password: ClaudeAPI2026!@#
- Admin User ID: 4d754f36-0763-4f35-9aa2-0b98bbcdb309
- JWT Secret: ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
- **Notes:** Primary ClaudeTools infrastructure, systemd service auto-starts API. GuruRMM admin user created 2026-01-22 for API integration.
### Jupiter (Unraid Primary - 172.16.3.20)
- **Host:** 172.16.3.20
- **User:** root
- **SSH Port:** 22
- **Password:** Th1nk3r^99##
- **Role:** Primary container host, Gitea server
- **Services:**
- Gitea (Port 3000, SSH 2222)
- Docker containers
- **Notes:** Used for code repository management and version control
---
## Dataforth Infrastructure
### AD2 (Production Server - 192.168.0.6)
- **Host:** 192.168.0.6
- **Domain:** INTRANET
- **User:** INTRANET\sysadmin
- **Password:** Paper123!@#
- **OS:** Windows Server 2022
- **Local Path:** C:\Shares\test
- **Share Access:** \\192.168.0.6\C$ (admin share, requires credentials)
- **Role:** Production server for Dataforth DOS machines
- **Services:**
- Active Directory Domain Controller
- File Server (SMB3)
- Scheduled sync task (Sync-FromNAS.ps1 every 15 min)
- WinRM (PowerShell Remoting) on port 5985
- OpenSSH Server on port 22
- **Network:** 192.168.0.0/24
- **Automation Access:**
- **Service Account:** INTRANET\ClaudeTools-ReadOnly
- **Service Password:** vG!UCAD>=#gIk}1A3=:{+DV3
- **Service UPN:** ClaudeTools-ReadOnly@dataforth.local
- **Permissions:** Read-only AD access, Remote Management Users group
- **Scripts Location:** C:\ClaudeTools\Scripts\
- **Logs Location:** C:\ClaudeTools\Logs\Transcripts\
- **SSH Key (sysadmin account):**
- **Key Type:** ED25519
- **Fingerprint:** SHA256:JsiEDAJ/fD19d6W7B5iuV78f8dLKZbLTrMor7b9CXSQ
- **Public Key:** ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHpk0bdronDasfx5RYjky4N4xIeUJF5xIJdX08rb3+Ui sysadmin@AD2-automation
- **Private Key Location:** C:\Users\sysadmin\.ssh\id_ed25519
- **WinRM Configuration:**
- **TrustedHosts:** 172.16.*,192.168.*,10.* (LAN/VPN access)
- **Listener:** HTTP on port 5985
- **Transcript Logging:** Enabled (all remote sessions logged)
- **Module Logging:** Enabled
- **Script Block Logging:** Enabled
- **Connection Method (SMB Share):**
```powershell
$pass = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $pass)
New-PSDrive -Name Z -PSProvider FileSystem -Root '\\192.168.0.6\C$' -Credential $cred
# Access: Z:\Shares\test\
```
- **Connection Method (WinRM - Admin):**
```powershell
$password = ConvertTo-SecureString 'Paper123!@#' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\sysadmin', $password)
Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred
```
- **Connection Method (WinRM - Read-Only):**
```powershell
$password = ConvertTo-SecureString 'vG!UCAD>=#gIk}1A3=:{+DV3' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential('INTRANET\ClaudeTools-ReadOnly', $password)
Enter-PSSession -ComputerName 192.168.0.6 -Credential $cred
```
- **Connection Method (SSH):**
```bash
ssh INTRANET\\sysadmin@192.168.0.6
# Password: Paper123!@#
# Or with key: ssh -i path/to/id_ed25519 INTRANET\\sysadmin@192.168.0.6
```
- **Software Update Locations:**
- Common (all machines): C:\Shares\test\COMMON\ProdSW\ and C:\Shares\test\_COMMON\ProdSW\
- Station-specific: C:\Shares\test\TS-XX\ProdSW\
- System files: C:\Shares\test\COMMON\DOS\
- **Notes:**
- SMB1 disabled for security (after crypto attack)
- Sync mechanism moved from NAS to AD2 due to WINS crashes
- Files sync to NAS within 15 minutes after placement
- DOS machines pull from NAS (not directly from AD2)
### D2TESTNAS (SMB1 Proxy - 192.168.0.9)
- **Host:** 192.168.0.9
- **HTTP:** http://192.168.0.9/
- **User (Web):** admin
- **Password (Web):** Paper123!@#-nas
- **SSH User:** root
- **SSH Auth:** ed25519 key (passwordless)
- **Role:** SMB1 proxy/bridge for DOS 6.22 machines
- **OS:** Linux (NAS appliance)
- **Share:** \\D2TESTNAS\test (maps to /data/test)
- **Services:**
- SMB1 server (for DOS machine compatibility)
- SSH server (Port 22)
- **Notes:**
- Bridges DOS machines (SMB1) with AD2 (SMB3)
- Previous sync location (moved to AD2)
- Network path: /data/test/
### Dataforth DOS Machines (TS-XX)
- **Network:** 192.168.0.0/24
- **OS:** MS-DOS 6.22
- **Count:** ~30 machines for QC testing
- **Naming:** TS-01 through TS-30
- **Network Share:** T: drive (maps to \\D2TESTNAS\test)
- **Machine Variable:** %MACHINE% (set in AUTOEXEC.BAT)
- **Backup Location:** T:\%MACHINE%\BACKUP\
- **Update Path:** T:\COMMON\
- **Credentials:** None (local DOS machines)
- **Notes:**
- SMB1 protocol required
- DOS 6.22 limitations: no %COMPUTERNAME%, no IF /I
- Network stack: MS Client 3.0, Netware VLM client
- Update workflow: AD2 → D2TESTNAS → DOS machines
- Startup sequence: AUTOEXEC.BAT → STARTNET.BAT → MENUX.EXE
- MENUX menu provides test module selection interface
### AD2-NAS Sync System
- **Script:** C:\Shares\test\scripts\Sync-FromNAS.ps1
- **Runs:** Every 15 minutes (Windows Scheduled Task)
- **User:** INTRANET\sysadmin
- **Direction:** Bidirectional
- **Tools:** PuTTY (plink.exe, pscp.exe)
- **Log:** C:\Shares\test\scripts\sync-from-nas.log
- **Status:** C:\Shares\test\_SYNC_STATUS.txt (monitored by DattoRMM)
- **Last Verified:** 2026-01-19 12:09 PM (running successfully)
- **PULL (NAS → AD2):**
- Test results: /data/test/TS-XX/LOGS/*.DAT → C:\Shares\test\TS-XX\LOGS\
- Reports: /data/test/TS-XX/Reports/*.TXT → C:\Shares\test\TS-XX\Reports\
- Files deleted from NAS after successful sync
- DAT files imported to database automatically
- **PUSH (AD2 → NAS):**
- Common updates: C:\Shares\test\COMMON\ProdSW\ → /data/test/COMMON/ProdSW/
- Station updates: C:\Shares\test\TS-XX\ProdSW\ → /data/test/TS-XX/ProdSW/
- Root utility: C:\Shares\test\UPDATE.BAT → /data/test/UPDATE.BAT
- One-shot tasks: C:\Shares\test\TS-XX\TODO.BAT → /data/test/TS-XX/TODO.BAT
- **Notes:**
- Moved from NAS to AD2 in January 2026
- Reason: WINS crashes and SSH lockups on NAS
- NAS script (/root/sync-to-ad2.sh) is DEPRECATED
---
## Services - Web Applications
### Gitea (Git Server)
- **URL:** https://git.azcomputerguru.com/
- **Web Port:** 3000
- **SSH:** ssh://git@172.16.3.20:2222
- **Username:** azcomputerguru
- **Email:** mike@azcomputerguru.com
- **Password:** Gptf*77ttb123!@#-git
- **SSH Key:** claude-code (ed25519) - CONFIGURED AND WORKING
- **SSH Fingerprint:** SHA256:E+dhx8dYK+pWyqFUcAVAeJtaQEI3cOiIs7eac1w3Dnk
- **API Token:** (Generate via web UI as needed)
- **Repository:** azcomputerguru/ClaudeTools
- **Role:** Source code version control, project sync
- **Docker Container:** gitea (on Jupiter server)
- **Notes:**
- Web login: azcomputerguru / Gptf*77ttb123!@#-git
- SSH access: `ssh -T -p 2222 git@172.16.3.20` (verified working 2026-01-19)
- Git remote: `ssh://git@172.16.3.20:2222/azcomputerguru/ClaudeTools.git`
- Password reset: `docker exec -u git gitea gitea admin user change-password --username azcomputerguru --password 'NEW_PASSWORD'`
- SSH key added: 2026-01-19 15:09 (claude-code)
### ClaudeTools API (Production)
- **URL:** http://172.16.3.30:8001
- **Docs:** http://172.16.3.30:8001/api/docs
- **Database:** 172.16.3.30:3306/claudetools
- **Auth:** JWT tokens (POST /api/auth/token)
- **Test User:**
- Email: test@example.com
- Password: testpassword123
- **Role:** Primary MSP work tracking API
- **Endpoints:** 95+ endpoints across 17 entities
- **Notes:** Systemd service, auto-starts on boot
---
## Projects - ClaudeTools
### Database (MariaDB)
- **Host:** 172.16.3.30
- **Port:** 3306
- **Database:** claudetools
- **User:** claudetools
- **Password:** CT_e8fcd5a3952030a79ed6debae6c954ed
- **Connection String:**
```
mysql+pymysql://claudetools:CT_e8fcd5a3952030a79ed6debae6c954ed@172.16.3.30:3306/claudetools?charset=utf8mb4
```
- **Tables:** 38 tables (fully migrated)
- **Encryption:** AES-256-GCM for credentials table
- **Backup:** Daily automated backups
### API Authentication
- **Method:** JWT tokens
- **Password Hashing:** Argon2
- **Token Endpoint:** POST /api/auth/token
- **Token Format:** Bearer token in Authorization header
- **Example:**
```bash
curl -X POST http://172.16.3.30:8001/api/auth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=test@example.com&password=testpassword123"
```
### Encryption Keys
- **Method:** AES-256-GCM (Fernet)
- **Key Storage:** Environment variable ENCRYPTION_KEY
- **Usage:** Credentials table password encryption
- **Notes:** Never commit encryption key to git
---
## Projects - Dataforth DOS
### Update Workflow
- **Admin Deposits:** \\AD2\test\COMMON\ (on AD2)
- **Sync Mechanism:** AD2 scheduled task (location TBD)
- **DOS Pull:** T:\COMMON\ (from D2TESTNAS)
- **Backup Target:** T:\%MACHINE%\BACKUP\
### Key Files
- **UPDATE.BAT:** Machine backup utility (runs on DOS)
- **NWTOC.BAT:** Network to Computer updates
- **CTONW.BAT:** Computer to Network uploads
- **STAGE.BAT:** System file staging for reboot
- **REBOOT.BAT:** Auto-generated, applies staged updates
- **AUTOEXEC.BAT:** DOS startup, sets %MACHINE% variable
- **CONFIG.SYS:** DOS system configuration
- **STARTNET.BAT:** Network stack initialization
### Folder Structure
```
\\AD2\test\
├── COMMON\ # Shared updates for all machines
│ ├── DOS\ # System files (AUTOEXEC.NEW, CONFIG.NEW)
│ ├── ProdSW\ # Production software updates
│ └── NewSW\ # New software distributions
└── TS-XX\ # Individual machine folders
└── Backup\ # Machine-specific backups
```
---
## Connection Testing
### Test Database Connection
```bash
mysql -h 172.16.3.30 -u claudetools -p claudetools
# Password: CT_e8fcd5a3952030a79ed6debae6c954ed
```
### Test API Connectivity
```bash
curl http://172.16.3.30:8001/api/health
```
### Test Gitea SSH
```bash
ssh -p 2222 git@172.16.3.20
# Should return: "Hi there! You've successfully authenticated..."
```
### Test AD2 Access (from Dataforth network)
```cmd
net use T: \\192.168.0.6\test /user:INTRANET\sysadmin Paper123!@#
```
### Test NAS Access (from Dataforth network)
```cmd
net use T: \\192.168.0.9\test
```
---
## Security Notes
- **Never commit this file to public repositories**
- **Credentials are stored unredacted for context recovery**
- **ClaudeTools encrypts credentials in database with AES-256-GCM**
- **JWT tokens expire after configured duration**
- **SSH keys required for Gitea access (ed25519)**
- **Dataforth network is isolated (192.168.0.0/24)**
- **AD2 has SMB1 disabled for security (post crypto-attack)**
- **All production credentials should be rotated regularly**
---
## VPN Access
### Peaceful Spirit VPN (L2TP/IPSec)
- **Server IP:** 98.190.129.150
- **Tunnel Type:** L2TP/IPSec
- **Pre-Shared Key (PSK):** z5zkNBds2V9eIkdey09Zm6Khil3DAZs8
- **Username:** pst-admin
- **Password:** 24Hearts$
- **Connection Name:** Peaceful Spirit VPN
- **Purpose:** Remote access to Peaceful Spirit Country Club network
- **Authentication:** MS-CHAPv2 with PSK
- **Split Tunneling:** Enabled (only CC traffic uses VPN)
- **Setup Script:** D:\ClaudeTools\Create-PeacefulSpiritVPN.ps1
- **Quick Setup:** D:\ClaudeTools\VPN_QUICK_SETUP.md
**Network Configuration (UniFi Router at CC):**
- **Remote Network:** 192.168.0.0/24
- **DNS Server:** 192.168.0.2
- **Gateway:** 192.168.0.10
**Complete Setup (Run as Administrator):**
```powershell
# Step 1: Create VPN connection with split tunneling
Add-VpnConnection -Name "Peaceful Spirit VPN" -ServerAddress "98.190.129.150" -TunnelType L2tp -L2tpPsk "z5zkNBds2V9eIkdey09Zm6Khil3DAZs8" -AuthenticationMethod MsChapv2 -EncryptionLevel Required -AllUserConnection -RememberCredential -SplitTunneling $true
# Step 2: Add route for CC network (192.168.0.0/24)
Add-VpnConnectionRoute -ConnectionName "Peaceful Spirit VPN" -DestinationPrefix "192.168.0.0/24" -AllUserConnection
# Step 3: Configure DNS server
Set-DnsClientServerAddress -InterfaceAlias "Peaceful Spirit VPN" -ServerAddresses "192.168.0.2"
# Step 4: Save credentials for pre-login access
rasdial "Peaceful Spirit VPN" "pst-admin" "24Hearts$"
rasdial "Peaceful Spirit VPN" /disconnect
# Step 5: Enable pre-login VPN
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "UseRasCredentials" -Value 1 -Type DWord
```
**Quick Connect:**
```powershell
rasdial "Peaceful Spirit VPN"
```
**Disconnect:**
```powershell
rasdial "Peaceful Spirit VPN" /disconnect
```
---
## Context Recovery Usage
When a new Claude session starts or context is lost:
1. **Read this file first** - Get all credentials and infrastructure details
2. **Check session-logs/** - Find recent work and decisions
3. **Read SESSION_STATE.md** - Get project status and phase
4. **Read .claude/claude.md** - Get project overview
This ensures full context recovery without asking user for information already documented.
Reference in New Issue View Git Blame Copy Permalink