azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f9c3a5d3a9073d232bc6693eceea62dc12c6ca19
claudetools/fix-known-hosts-path.ps1
Mike Swanson 6b232c6102 docs: Session log update - VPN setup and DOS deployment completion 
Updated comprehensive session log documenting:

## DOS System Completion (Part 1)

**Major Milestones:**
- Located and documented AD2 sync mechanism (Sync-FromNAS.ps1)
- Deployed 6 DOS batch files to production (AD2)
- Created DEPLOY.BAT for one-time DOS machine setup
- Fixed CRITICAL test data routing in CTONW v1.2
- Added root-level file sync (UPDATE.BAT, DEPLOY.BAT to T:\)

**CTONW v1.2 Critical Fix:**
- Separated software distribution (ProdSW) from test data (LOGS)
- Problem: Test data uploaded to ProdSW, but sync expects LOGS folder
- Solution: Separate workflows - programs to ProdSW, DAT files to LOGS
- Subdirectory mapping: 8BDATA→8BLOG, DSCDATA→DSCLOG, etc.
- Result: Database import now functional

## VPN System Completion (Part 2)

**Peaceful Spirit VPN Setup:**
- Created Setup-PeacefulSpiritVPN.ps1 (ready-to-run with credentials)
- Created Create-PeacefulSpiritVPN.ps1 (interactive with parameters)
- Created VPN_QUICK_SETUP.md (comprehensive 350+ line guide)

**Configuration:**
- Server: 98.190.129.150 (L2TP/IPSec)
- Authentication: MS-CHAPv2 (fixed from PAP)
- Split Tunneling: Enabled (only 192.168.0.0/24 uses VPN)
- Network: UniFi router at CC location
- DNS: 192.168.0.2, Gateway: 192.168.0.10

**Authentication Fix:**
- Error: PAP doesn't support Required encryption with L2TP/IPSec
- Solution: Changed to MS-CHAPv2 authentication
- Updated all scripts and documentation

## Credentials Documented (UNREDACTED)

**Complete credentials for:**
- Peaceful Spirit VPN (PSK, username, password, network config)
- AD2 (192.168.0.6) - C$ admin share connection method
- D2TESTNAS (192.168.0.9) - SMB1 proxy
- Jupiter (172.16.3.20) - Gitea server
- GuruRMM (172.16.3.30) - Database and API
- Gitea SSH key (needs to be added to server)

## Documentation Updates

**Files Modified:**
- session-logs/2026-01-19-session.md: Complete rewrite with both DOS and VPN work
- credentials.md: Added VPN section with network topology
- VPN_QUICK_SETUP.md: Added split tunneling section, updated examples

**Session Statistics:**
- Duration: ~5 hours (DOS + VPN work)
- Files Created: 8 files
- Files Modified: 5 files
- Lines of Code: ~1,200 lines
- Credentials Documented: 10 systems/services
- Issues Resolved: 6 issues (4 DOS, 2 VPN)

## Technical Details Documented

**DOS 6.22 Limitations:**
- Never use: %COMPUTERNAME%, IF /I, %ERRORLEVEL%, FOR /F, &&, ||
- Always use: IF ERRORLEVEL n, GOTO labels, simple FOR loops

**VPN Authentication:**
- L2TP/IPSec with PSK requires MS-CHAPv2, not PAP
- Required encryption only works with MS-CHAPv2 or EAP

**Split Tunneling:**
- Only traffic to 192.168.0.0/24 routes through VPN
- All other traffic uses local internet connection
- Configured via Add-VpnConnectionRoute

**CTONW Data Routing:**
- ProdSW: Software distribution (bidirectional)
- LOGS: Test data for database import (unidirectional upload)
- Separation critical for database import workflow

## Sync Workflow Documented

**AD2 → NAS (Software): PUSH**
- Admin deposits in C:\Shares\test\COMMON\ProdSW\
- Sync-FromNAS.ps1 runs every 15 minutes
- PSCP copies to /data/test/COMMON/ProdSW/
- DOS machines download via NWTOC from T:\COMMON\ProdSW\

**NAS → AD2 (Test Data): PULL**
- DOS machines write to T:\TS-XX\LOGS\
- Sync pulls to C:\Shares\test\TS-XX\LOGS\
- Files deleted from NAS after copy
- DAT files auto-imported to database

**Root Files: PUSH**
- UPDATE.BAT and DEPLOY.BAT sync to /data/test/ root
- Available at T:\UPDATE.BAT and T:\DEPLOY.BAT

## Pending Tasks

**Immediate:**
- DOS and VPN work complete 

**Short-term:**
- Add SSH key to Gitea for /sync command
- Deploy VPN to client machines
- DOS pilot deployment to 2-3 machines

## Context Recovery

Session log now contains complete context for:
- AD2 connection methods (C$ admin share works)
- CTONW test data routing (v1.2 separates ProdSW/LOGS)
- VPN authentication (MS-CHAPv2, not PAP)
- Split tunneling configuration
- All credentials unredacted

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-19 14:39:56 -07:00

94 lines
4.0 KiB
PowerShell
Raw Blame History

# Fix the known_hosts path issue in Sync-FromNAS.ps1
$password = ConvertTo-SecureString "Paper123!@#" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("INTRANET\sysadmin", $password)
Write-Host "=== Fixing Known Hosts Path ===" -ForegroundColor Cyan
Write-Host ""
Invoke-Command -ComputerName 192.168.0.6 -Credential $cred -ScriptBlock {
$scriptPath = "C:\Shares\test\scripts\Sync-FromNAS.ps1"
Write-Host "[1] Creating backup" -ForegroundColor Yellow
$timestamp = Get-Date -Format "yyyyMMdd-HHmmss"
Copy-Item $scriptPath "$scriptPath.backup-$timestamp"
Write-Host "[OK] Backup created: Sync-FromNAS.ps1.backup-$timestamp" -ForegroundColor Green
Write-Host ""
Write-Host "[2] Ensuring .ssh directory exists" -ForegroundColor Yellow
$sshDir = "C:\Shares\test\scripts\.ssh"
if (-not (Test-Path $sshDir)) {
New-Item -Path $sshDir -ItemType Directory -Force | Out-Null
Write-Host "[OK] Created: $sshDir" -ForegroundColor Green
} else {
Write-Host "[OK] Directory exists: $sshDir" -ForegroundColor Green
}
Write-Host ""
Write-Host "[3] Updating SCP commands with absolute path" -ForegroundColor Yellow
$content = Get-Content $scriptPath
$updated = $false
for ($i = 0; $i -lt $content.Count; $i++) {
# Look for SCP commands with UserKnownHostsFile parameter
if ($content[$i] -match 'UserKnownHostsFile="\$SCRIPTS_DIR\\.ssh\\known_hosts"') {
# Replace with absolute path
$content[$i] = $content[$i] -replace 'UserKnownHostsFile="\$SCRIPTS_DIR\\.ssh\\known_hosts"', 'UserKnownHostsFile="C:\Shares\test\scripts\.ssh\known_hosts"'
Write-Host "[UPDATED] Line $($i+1): Changed to absolute path" -ForegroundColor Green
$updated = $true
}
}
if ($updated) {
$content | Out-File -FilePath $scriptPath -Encoding UTF8 -Force
Write-Host "[OK] Script updated with absolute path" -ForegroundColor Green
} else {
Write-Host "[INFO] No changes needed - path already absolute" -ForegroundColor Yellow
}
Write-Host ""
Write-Host "[4] Creating initial known_hosts file" -ForegroundColor Yellow
$knownHostsPath = "C:\Shares\test\scripts\.ssh\known_hosts"
# Get NAS host key if not already present
if (-not (Test-Path $knownHostsPath)) {
Write-Host "[INFO] Creating new known_hosts file" -ForegroundColor Cyan
# Create empty file - StrictHostKeyChecking=accept-new will add keys automatically
New-Item -Path $knownHostsPath -ItemType File -Force | Out-Null
Write-Host "[OK] Created: $knownHostsPath" -ForegroundColor Green
} else {
$keyCount = (Get-Content $knownHostsPath | Measure-Object -Line).Lines
Write-Host "[OK] Exists with $keyCount host key(s)" -ForegroundColor Green
}
Write-Host ""
Write-Host "[5] Testing SCP with fixed path" -ForegroundColor Yellow
Write-Host "=== Testing a single file transfer ===" -ForegroundColor Gray
# Create a test file
$testFile = "C:\Shares\test\scripts\scp-test-$(Get-Date -Format 'yyyyMMddHHmmss').txt"
"SCP Test from AD2 at $(Get-Date)" | Out-File $testFile
$result = & "C:\Program Files\OpenSSH\scp.exe" -v `
-o StrictHostKeyChecking=accept-new `
-o UserKnownHostsFile="C:\Shares\test\scripts\.ssh\known_hosts" `
-o PreferredAuthentications=password `
-o PubkeyAuthentication=no `
-o PasswordAuthentication=yes `
$testFile "admin@192.168.0.9:/volume1/test/scp-test.txt" 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "[SUCCESS] SCP test transfer completed!" -ForegroundColor Green
Write-Host "[OK] Host key added to known_hosts" -ForegroundColor Green
Remove-Item $testFile -Force
} else {
Write-Host "[ERROR] SCP test failed (exit code: $LASTEXITCODE)" -ForegroundColor Red
Write-Host "Output:" -ForegroundColor Yellow
$result | ForEach-Object { Write-Host " $_" -ForegroundColor Gray }
}
}
Write-Host ""
Write-Host "=== Fix Complete ===" -ForegroundColor Cyan
Reference in New Issue View Git Blame Copy Permalink