I have a google VM instance that has no external IP address assigned. I intend to establish SSH connection through PyCharm installed on my local machine (running macOS).
This can be done in terminal through gcloud IAP tunnel:
gcloud compute ssh <instance_name> --tunnel-through-iap
The entry added to ~./ssh/config for the instance is as following:
Host compute.<instance_id>
HostName compute.<instance_id>
IdentityFile /Users/<user_name>/.ssh/google_compute_engine
CheckHostIP no
HostKeyAlias compute.<instance_id>
IdentitiesOnly yes
StrictHostKeyChecking yes
UserKnownHostsFile /Users/<user_name>/.ssh/google_compute_known_hosts
ProxyCommand /Users/<user_name>/miniconda3/bin/python3 -S /Users/<user_name>/google-cloud-sdk/lib/gcloud.py beta compute start-iap-tunnel <instance_name> %p --listen-on-stdin --project=<project_name> --zone=us-central1-a --verbosity=warning
ProxyUseFdpass no
User <user_name>
With VS Code's Remote-SSH plugin, this setting can be used directly to establish SSH connection with no problem (example).
However, I have difficulty setting up the connection via PyCharm. The SSH Configurations tab takes:
- Host: compute.<instance_id>
- User name: compute.<instance_id>
- Port: 22
- Authentication type: key pair
- Private key file: path to ~/.ssh/google_compute_engine
and throws an exception for Host not being in the correct format.
If I try the internal IP address of the VM instance as host, the connection times out.
Is there a plugin similar to Remote-SSH in VS Code for PyCharm that can work properly with an IAP-tunnel? Or any other way this can be set up without exposing or assigning an External IP to the VM instance?
I know it's been a while, but I was just working on the same thing. I used the same config entry in ~./ssh/config, but PyCharm is doing some checks to make sure that top level Host value is valid (even though it isn't being used). I replaced that with something that would pass their validation checks, but I know I'd never actually use (to avoid potential conflicts).
For example, you can update to this:
Host mahmoud.local
HostName compute.<instance_id>
IdentityFile /Users/<user_name>/.ssh/google_compute_engine
CheckHostIP no
HostKeyAlias compute.<instance_id>
IdentitiesOnly yes
StrictHostKeyChecking yes
UserKnownHostsFile /Users/<user_name>/.ssh/google_compute_known_hosts
ProxyCommand /Users/<user_name>/miniconda3/bin/python3 -S /Users/<user_name>/google-cloud-sdk/lib/gcloud.py beta compute start-iap-tunnel <instance_name> %p --listen-on-stdin --project=<project_name> --zone=us-central1-a --verbosity=warning
ProxyUseFdpass no
User <user_name>
Then when you configure the SSH connection in PyCharm, you will want to use Host = mahmoud.local
Yes, also got it to work with the ~/.ssh/config host. At first I got a fingerprint error, but I turned off StrictHostkeyChecking and that solved it:
Host lukas-notebook-gpu
HostName compute.1234
IdentityFile /Users/lbatteau/.ssh/google_compute_engine
CheckHostIP no
HostKeyAlias compute.1234
IdentitiesOnly yes
StrictHostKeyChecking no
HashKnownHosts no
UserKnownHostsFile /Users/lbatteau/.ssh/google_compute_known_hosts
ProxyCommand /Users/lbatteau/.config/gcloud/virtenv/bin/python3 /Users/lbatteau/google-cloud-sdk/lib/gcloud.py compute start-iap-tunnel lukas-notebook-gpu %p --listen-on-stdin --project=myproject --zone=europe-west4-a --verbosity=warning
ProxyUseFdpass no
Related
I used to have an ssh reverse port forwarding from my local computer to a remote EC2 AWS server on port 9999. (9999 for both machines.)
It used to work, but I created a new instance, and now it doesn't anymore. (Half working.) I'm not sure what I did to make it work back then... (Or something was changed.)
I have a process running on my computer on port 9999 and I want it to listen to the port 9999 of my EC2.
On my computer, curl "127.0.0.1:9999" is working.
But I want the code curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:9999" to work, for now it doesn't, giving me the error curl: (7) Failed to connect to ec2-xx-xx-xx-xx-xx.compute.amazonaws.com port 9999 after 59 ms: Connection refused
EC2 Security group is set to open 9999 on TCP for 0.0.0.0/0.
I create the forwarded port with the command :
ssh -R 9999:localhost:9999 -i "/home/example/XXX.pem" ubuntu#ec2-xx-xx-xx-xx-xx.compute.amazonaws.com
The connection ssh is established without errors.
Inside this ssh session I can even do curl "127.0.0.1:9999" inside and IT IS WORKING. Reaching my local computer.
But the request from the web isn't... (curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:9999" doesn't work...)
The path is good, if I install apache2 on port 80 curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:80" is working. (port 80 is added the same way to the security group)
I did sudo ufw disable, same problem.
Do you have an idea what I'm missing ?
EDIT : On the ssh -R forward session on the EC2 :
ubuntu#awsserver:~$ php -S 0.0.0.0:9999 -t .
[Wed Dec 14 16:35:11 2022] Failed to listen on 0.0.0.0:9999 (reason: Address already in use)
BUT, if I open a normal ssh session, I can run php -S 0.0.0.0:9999 -t ., the code curl "ec2-xx-xx-xx-xx-xx.compute.amazonaws.com:9999" is working everywhere as expected.
So... it is telling me that the port is already used (By the ssh -R command), but is closed when I try to connect to it... I don't get it.
The answer wasn't EC2/AWS related.
It's a security feature from SSH that I had to disable : GatewayPorts yes
I've had to change hostname on a Google Cloud Compute that is running a WHM instance, but it keeps resetting every now and then and restart.
My /etc/hosts are currently as follow:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.156.0.7 cpanel.server-location-c.c.ascendant-hub-hidden.internal cpanel # Added by Google
169.254.169.254 metadata.google.internal # Added by Google
My System Information are:
Linux cpanel.xxx.com 3.10.0-1127.10.1.el7.x86_64 #1 SMP Wed Jun 3 14:28:03 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
My Old Hostname is something alike:
cpanel.xxx.com
I want my new hostname to become:
brain.xxx.com
Even when I change it from WHM using their Change Hostname feature, it keeps resetting.
Is their a cleaner method then setting a crontab?
Unfortunately, you're not able to change a custom hostname after you've created VM instance. Have a look at the documentation Creating a VM instance with a custom hostname:
You can create a VM with a custom hostname by specifying any fully
qualified DNS name.
and at the section Limitations:
You cannot change a custom hostname after you have created the VM.
To change this behavior you can try to file a feature request at Google Issue Tracker under this component.
UPDATE In addition, have a look at the documentation Storing and retrieving instance metadata section Default metadata keys:
Compute Engine defines a set of default metadata entries that provide
information about your instance or project. Default metadata is always
defined and set by the server. You can't manually edit any of these
metadata pairs.
and hostname is part of the default metadata entries and could not be changed manually.
UPDATE 2 As a possible workaround, you can use a startup script or other solutions to change the hostname every time the system restarts, otherwise it will automatically get re-synced with the metadata server on every reboot. For example, I applied this startup script via Custom metadata:
Key: startup-script
Value: #! /bin/bash
hostname changed-host-name'
then restarted VM instance and it works for me:
changed-host-name:~$ hostname
changed-host-name
These are few ways to change your hostname:
One way is to edit /etc/hostname directly - just switch file content with your new hostname.
The other way is to use hostnamectl set-hostname <your new hostname> which change /etc/hostname file for you.
But I think your problem is that Google keeps to overwrite some data not only when you reboot system but also while your VM is running. Assuming that above solutions, won't solve your issue.
Solution:
Thankfully Google Cloud Platform allows you to have custom hostname but you have to define them when creating new virtual instance. Check out this GCP document.
I am currently successfully using Ansible to run tasks on hosts that are in a private subnet in AWS, which the below group_vars is setting up:
ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -W %h:%p -q ec2-user#bastionhost#example.com"'
This is working fine.
For Windows instances not in a private subnet the following group_vars works:
---
ansible_user: "AnsibleUser"
ansible_password: "Password"
ansible_port: 5986
ansible_connection: winrm
ansible_winrm_server_cert_validation: ignore
Now, trying to get Ansible to deploy to a Windows server behind the bastion by just using the ProxyCommand won't work - which I understand.
I believe though that there is a new protocol/module I can use called psrp.
I imagine that my group_vars for my Windows hosts needs to change to something like this:
---
ansible_user: "AnsibleUser"
ansible_password: "Password"
ansible_port: 5986
ansible_connection: psrp
ansible_psrp_cert_validation: ignore
If I run with just the above changes against instances that are publicly available (and not trying to connect via a bastion), my task seems to work fine:
Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/windows/win_shell.ps1
<10.100.11.14> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.100.11.14
PSRP: EXEC (via pipeline wrapper)
I know there must be more changes before I can try this on a windows server behind a bastion, but ran it anyway to see what errors I get to give me clues on what to do next. Here is the result when running this on an instance behind a bastion server:
Using module file /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/ansible/modules/windows/setup.ps1
<10.100.11.14> ESTABLISH PSRP CONNECTION FOR USER: Administrator ON PORT 5986 TO 10.100.11.14
The full traceback is:
.
.
.
.
ConnectTimeout: HTTPSConnectionPool(host='10.100.11.14', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x110bbfbd0>, 'Connection to 10.100.11.14 timed out. (connect timeout=30)'))
It seems like Ansible is ignoring my group_vars for the ProxyCommand - which I'm not sure if that's expected.
I'm also not sure on what the next steps are to enable Ansible to deploy to Windows servers behind a bastion.
What config am I missing?
The doc says, the ansible_ssh_common_args setting is appended to sftp, scp, and ssh commands. So it sounds normal to me that is not taking into account when using winrm or psrp ansible_connection.
As explained in the link provided by Pouyan in the comments, ansible_psrp_proxy variable will be used to provide proxy information.
ansible_connection: psrp
ansible_psrp_proxy=socks5h://localhost:1234
More info on the creation of the socks proxy can be found on: https://www.bloggingforlogging.com/2018/10/14/windows-host-through-ssh-bastion-on-ansible/
Amazon EC2 instance: Server refused our key while using amazon server as well as Ubuntu server.please help me how to resolve this issue. i am very new to AWS services..i have strucked from 2 days ..please help me get out this.
You have to edit this file in the ubuntu server
cat /etc/ssh/sshd_config
...
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
What is the error you are getting ! Try
$chmod 400 key.pem
and then try to ssh using
$ ssh -i key.pem ubuntu#IPAddress
Another mistake which people generally make is using right user. If your server is ubuntu; then user name should be ubuntu; else try user ec2-user
If you are re-using a connection configuration in putty you were using previously to connect to a different ec2 instance of a different type, make sure you change the name (located in Connection -> Data) to ubuntu
Im pulling my hair out with this one. I've managed to get a site running on Digital Ocean through Forge and also SSH into the server so I know that the SSH keys are setup correctly.
But when trying to connect via Navicat, I keep getting the error "Unable to load key". Does anyone know what this is in reference to or what the problem is.
regards
There is an answer from 2015 on Navicat forum, indicating there could be issue with ssh key support.
If you can connect via ssh, do an ssh tunnel to your server manually:
ssh -v servername -L 3306:127.0.0.1:3306 -N
Afterwards, you connect to remote mysql as it was on your localhost (you should not have one running on 3306, otherwise map to another local port)