Merge pull request #3965 from silversword411/master

Docs - fixing debugging, adding token notes
This commit is contained in:
Ylian Saint-Hilaire 2022-05-12 10:59:26 -07:00 committed by GitHub
commit fafaff9e8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 168 additions and 7 deletions

View File

@ -1,4 +1,10 @@
Youtube video about websockets: https://youtu.be/3vI4URd3VzU
## Websockets Video
<div class="video-wrapper">
<iframe width="320" height="180" src="https://www.youtube.com/embed/3vI4URd3VzU" frameborder="0" allowfullscreen></iframe>
</div>
## Enabling trace in your browser Dev Tools
`Trace=1` as a parameter in chrome dev tools for debugging
@ -26,7 +32,7 @@ If you want to change node to meshcentral in journalctl, add this to /etc/system
SyslogIdentifier=meshcentral
```
## Logging it all
## Server: Logging it all
To log everything that's possible, prepare the log directory.
@ -89,6 +95,8 @@ obj.fs.writeSync(obj.xxLogFile, new Date().toLocaleTimeString() + ' - ' + source
`log.txt` will now log everything in the Trace tab, but not formatted as nice.
## Restricting server to specific IP(s)
When doing debugging on my development server, I use this line in the settings section to block all agent connections except the agent I want:
```
@ -97,9 +105,10 @@ When doing debugging on my development server, I use this line in the settings s
Of course, this is just for debugging.
## Finding system ID types
<https://serverurl/meshagents>
<https://serverurl/meshagents> aka trying figure out what this is
![ID](images/determine-id.png)
## General server statistics related

Binary file not shown.

After

Width:  |  Height:  |  Size: 19 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 203 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 166 KiB

View File

@ -0,0 +1,15 @@
# 14.1 Tokens
## User Tokens
![User Tokens 1](images/user_tokens1.png)
![User Tokens 2](images/user_tokens2.png)
## Software Integration Tokens
Currently, the login tokens in the user manual section 14.1 can't be tracked, deleted or revoked. They are generated with:
```bash
node meshcentral --loginTokenKey
```

View File

@ -5,5 +5,5 @@
## Video Walkthru
<div class="video-wrapper">
<iframe width="320" height="180" src="https://www.youtube.com/embed/xfN3YbY6t7E" frameborder="0" allowfullscreen></iframe>
<iframe width="320" height="180" src="https://www.youtube.com/embed/AzdKyzqmpIs" frameborder="0" allowfullscreen></iframe>
</div>

Binary file not shown.

After

Width:  |  Height:  |  Size: 212 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 453 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 274 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 196 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 220 KiB

View File

@ -7,3 +7,136 @@
<div class="video-wrapper">
<iframe width="320" height="180" src="https://www.youtube.com/embed/BubeVRmbCRM" frameborder="0" allowfullscreen></iframe>
</div>
## Downloading
MeshCentral router is a Windows application that comes built-into the MeshCentral server or can
be downloaded at: <http://info.meshcentral.com/downloads/MeshCentral2/MeshCentralRouter.exe>
Its probably best to use the MeshCentral router that comes with your version of the MeshCentral
server as the two will likely be most compatible. A given MeshCentral Router version may not
work with any MeshCentral server versions. On MeshCentral, you can download MeshCentral
Router with this link:
![Download](images/download-link.png)
_The router link will only show up on Windows browsers._
## Login
MeshCentral router will need to login to your MeshCentral server just like any browser. You can
do this by entering the server name and account username and password. Depending on your
server and account situation, you may see some or all of the following screens.
![Login](images/login.png)
If the second factor authentication is required, MeshCentral Router does not support hardware
keys (WebAuthn), but does support the YubiKey™ OTP.
## Creating Port Maps
Once logged in, you can start adding port maps using the “Add Map…” and “Add Relay Map…”
buttons on the bottom right. You can then create a map and open the associated application
using the “Open…” button and remote to port map using the “Remove” button.
![port_maps](images/port_maps.png)
There are two different types of ports mappings. A normal port map and a relay port map. A
normal port map will route packets to the selected destination computer that is running the mesh
agent as shown here.
![port_maps](images/port_maps2.png)
A relay port map will route traffic thru the server and thru the remote agent to a target IP address
on the remote agents network as shown here.
![](images/port_maps3.png)
Note that all traffic is encrypted using TLS from MeshCentral Router to the MeshCentral server
and from the server to the MeshAgent. The server and the agent do have access the traffic so its
recommended to use port mappings to tunnel data that is also encrypted for that end-to-end
encryption is assured.
## Command Line Arguments
MeshCentral router can be run with command line arguments to make it quicker and easier to
use. The arguments range from debugging to being able to quickly login and setting up port
maps.
```bash
-debug
```
Causes MeshCentral Router to generate a “debug.log” dump file that can be useful for
debugging.
```bash
-host:<hostname>
-user:<username>
-pass:<password>
-ignorecert
```
This set of command line arguments make logging into the MeshCentral server easier. Note that
specifying the password using a command line argument may not be secure as the command
shell can record the password in the command history. The “ignorecert” argument is not
recommended as its going to cause MeshCentral Router to ignore untrusted server certificates.
This should only be used for debugging.
```bash
-map:<protocol>:<localport>:<computername>:<app>:<remoteport>
```
The “map” argument will automatically create a network map once MeshCentral Router is logged
In. The protocol must be “TCP” or “UDP, the local port can be 0 for any. The computer name is
the server-side name of the computer, if many computers have the same one, one of them will be
selected. The app can be empty for a custom application, or can be “HTTP”, “HTTPS”, “RDP”,
“PuTTY” or “WinSCP”. For the UDP protocol, no apps are currently supported so it should be left
blank. For example you can use:
```bash
-map:TCP:0:"MyComputer":HTTP:80
-map:UDP:1235:"MyComputer"::1234
```
The first example will map a random local port to port 80 of “MyComputer” and is expected for
use with HTTP traffic. The second example maps local UDP port 1235 to port 1234 on
“MyComputer”. Its best for the computer name to be in quotes.
In addition to port mapping, you can also setup relay maps where a remote computer is used as a
traffic relay like this:
```bash
-relaymap:<protocol>:<localport>:<computername>
:<app>:<remoteip>:<remoteport>
```
This will relays a local port to thru the server and thru a remote agent to a target IP address and
port. For example:
```bash
-relaymap:TCP:555:"MyComputer":HTTP:192.168.1.1:80
```
This will relay local port 555 to a 192.168.1.1:80 for HTTP traffic. A typical use of this is to be able
to remotely configure a home router from anywhere on the Internet.
```bash
-all
```
The “all” switch will bind local ports to all network interfaces so that other computers on the
network can use the port maps provided by MeshCentral Router. By default, local ports will be
bound to the loopback interface so that only local application can use the port mappings.
```bash
-tray
```
The “tray” switch will place MeshCentral Router on the Windows system tray instead of the
normal application bar.
## Conclusion
MeshCentral, MeshCentral Router and this document are all opens source and licensed using
Apache 2.0, the full license can be found at <https://www.apache.org/licenses/LICENSE-2.0>.

View File

@ -6,7 +6,10 @@ nav:
- install/index.md
- MeshCentral:
- meshcentral/index.md
- 'Index': 'meshcentral/index.md'
- 'Tokens': 'meshcentral/tokens.md'
- 'Assistant': 'meshcentral/assistant.md'
- 'Debugging': 'meshcentral/debugging.md'
- Design and Architecture:
- design/index.md
@ -27,7 +30,7 @@ site_description: "A remote monitoring and management tool"
site_author: "Ylianst"
site_url: "https://git.meshcentral.com/"
dev_addr: "0.0.0.0:8006"
dev_addr: "0.0.0.0:8010"
# Repository
repo_name: "Ylianst/MeshCentral"
@ -46,6 +49,7 @@ theme:
- navigation.tabs
- navigation.expand
- navigation.top
- navigation.instant
- toc.integrate
extra_css:
- stylesheets/extra.css