I'm trying to connect my local node here:
https://polkadot.js.org/apps/
I go to the top left coner and choosing "local node "
However I do not understand where to enter ip and port for my node.
How to do that?
Enable ssh tunneling to the server.
The first step is to enable ssh tunnel from the local host to the remote server where your parastate node has been hosted . The below command enable ssh tunnel to remote host xx.xx.xx.xx on port 9944 which is needed for polakdot.js.org endpoint:
ssh -N -L 9944:127.0.0.1:9944 -i C:\Users\sshkey\privatekey.ppk root#xx.xx.xx.xx
In case you are not using ssh key and would like to connect using traditional method by supplying password, use the below option
ssh -N -L 9944:127.0.0.1:9944 root#xx.xx.xx.xx
The below command enable ssh tunnel to remote host xx.xx.xx.xx on port 9944 which is needed for polakdot.js.org endpoint
ssh -N -L 9944:127.0.0.1:9944 -i C:\Users\sshkey\privatekey.ppk root#xx.xx.xx.xx
In case you are not using ssh key and would like to connect using traditional method by supplying password , use the below option
ssh -N -L 9944:127.0.0.1:9944 root#xx.xx.xx.xx
Enter the password when prompted/
You will just have empty hanging window . Don’t panic you are all good.
Related
According this AWS doc: Scenario 2: VPC with Public and Private Subnets (NAT) I have my own VPC with two subnets: private and public. In public subnet I have deployed an Ubuntu 16.04 Instance with assigned EIP. It also has next security group inbound rules:
Type Protocol Port Range Source Description
SSH TCP 22 xx.xx.xx.xx/32 Home IP
and outbound accordingly:
Type Protocol Port Range Source Description
SSH TCP 22 sg-xxprivatexx Security group ID for instance in private subnet
Looks nice, I can ssh it externally from my home. No problem.
In private subnet I have deployed another one Ubuntu 16.04 machine with next security group (inbound rules):
Type Protocol Port Range Source Description
HTTP TCP 80 sg-xxpublicxxx Security Group ID for bastion instance in public subnet
SSH TCP 22 sg-xxpublicxxx -
and no outbound rules (actually it has 80, 443 outbound ports opened, but its not an interesting part as I guess). And I still can reach this virtual machine using ssh from my bastion.
Right now I just want to make only one simple thing - run ssh port forwarding so I can run localhost:8080 on my home PC browser and see the webpage I published on my private instance. If I understand it correctly from here and here (and from here as well) I have to run something like:
ssh -N -v -L 8080:10.0.1.112:80 ubuntu#3.121.46.99
Which as I guess basically means: just forward a traffic from private subnet instance with IP 10.0.1.112:80 to my localhost:8080 through my bastion VM with username ubuntu hosted on EIP 3.121.46.99.
Debug ends with lines:
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:ZyVHgnF8z5vE5gfNr1S2JDfjhdydZVTNevPRgJZ+sRA /home/matterai/.ssh/key.pem
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/matterai/.ssh/id_rsa
debug1: Trying private key: /home/matterai/.ssh/id_dsa
debug1: Trying private key: /home/matterai/.ssh/id_ecdsa
debug1: Trying private key: /home/matterai/.ssh/id_ed25519
debug1: No more authentication methods to try.
matterai#3.121.46.99: Permission denied (publickey).
I am playing around it few days and I still can't get what am I doing wrong. Its so strange: I can ssh -A (to allow forwarding) to my bastion, I can ssh to my private instance from bastion. But I cant establish SSH tunnel to see my webpage (in the future it will be mongodb) without an error. Need some advice or point to the right direction, please! Thank you.
UPD#1
Ok then. If I make manual forwarding using my local machine and my bastion, I get an expected result. Basically it means run this command on bastion:
ubuntu#bastion: ssh -v -N -L 5000:localhost:8000 ubuntu#10.0.1.68
After that runs command on local/home machine:
matterai#homepc: ssh -v -N -L 5000:localhost:5000 ubuntu#3.121.46.99
When I make a request to localhost:5000 on my local machine, I can see the result page. May I and how if it's possible to combine this two commands? (spoiler: yes, it's possible: see the answer!)
Ok, it's easy. Hope my answer will help somebody.
You need to use ssh -J option to connect through your bastion virtual machine:
-J [user#]host[:port]
Connect to the target host by first making a ssh connection to
the jump host and then establishing a TCP forwarding to the ulti‐
mate destination from there. Multiple jump hops may be specified
separated by comma characters. This is a shortcut to specify a
ProxyJump configuration directive.
Then you need to forward traffic from your destination virtual machine port (:8000) where the app (or database) started to your localhost port (:5001) using ssh -L:
-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket
Specifies that connections to the given TCP port or Unix socket
on the local (client) host are to be forwarded to the given host
and port, or Unix socket, on the remote side. This works by
allocating a socket to listen to either a TCP port on the local
side, optionally bound to the specified bind_address, or to a
Unix socket. Whenever a connection is made to the local port or
socket, the connection is forwarded over the secure channel, and
a connection is made to either host port hostport, or the Unix
socket remote_socket, from the remote machine.
Port forwardings can also be specified in the configuration file.
Only the superuser can forward privileged ports. IPv6 addresses
can be specified by enclosing the address in square brackets.
By default, the local port is bound in accordance with the
GatewayPorts setting. However, an explicit bind_address may be
used to bind the connection to a specific address. The
bind_address of “localhost” indicates that the listening port be
bound for local use only, while an empty address or ‘*’ indicates
that the port should be available from all interfaces.
Full ssh command will look like:
matterai#homepc: ssh -v -N -A -J ubuntu#3.121.46.99 -L 5001:localhost:8000 ubuntu#10.0.1.112
UPD: Also you can simplify a bit your command. In ~/.ssh/config you can add your jumphost (bastion) and your final destination VM IP:
Host bastion
HostName 3.121.46.99
User ubuntu
Port 22
IdentityFile ~/.ssh/secret.pem
ForwardAgent yes
Host server
HostName 10.0.1.112
User ubuntu
Port 22
IdentityFile ~/.ssh/secret.pem
ProxyJump bastion
Now, you can run command:
ssh -v -N -A -J bastion -L 80:localhost:8000 server
Looks much better. Also you can just simply connect via ssh using ssh server.
You seem to have things correctly configured, but the error is saying that it can't find a private key to use for the connection.
To test the port forwarding, start by using the ssh command that logs into your public instance.
Then, take that exact command, and simply add: -L 8080:10.0.1.112:80
If it works for 'normal' ssh, then it will work with port forwarding too.
By the way, in general you should never need to modify the outbound rules of a security group. The default settings permit all outbound traffic. This 'trusts' the apps running on the instance and allows them to communicate outwards to anywhere. You would only need to restrict such rules where you wish to enforce a high-security environment.
I'm trying to use Fabric to connect to several nodes (Ubuntu VMs), but I can not reach all nodes from VM where Fabric is installed. Instead I need to go first to one specific node called entry point and from this entry point to another VM where from that all VMs are reachable. Please see figure below. Any suggestions on how to use fabric to achieve this?
Network Architecture
With more than 1 "jump" the easiest way to achieve it is by letting Fabric read your ~/.ssh/config's ProxyCommand directives (or equivalent).
Have a look at documentation.
In your configuration file you should have something like the following:
Host entryPoint
HostName your-entrypoint-hostname-or-ipaddress
Host VM0
ProxyCommand ssh -q -W %h:%p entryPoint
Host VM1 VM2 VMN
ProxyCommand ssh -q -W %h:%p VM0
For a single jump you may consider using env.gateway instead.
A slight variation, using nc:
Host entryPoint
HostName your-entrypoint-hostname-or-ipaddress
Host VM0
ProxyCommand ssh -q entryPoint nc -q0 %h:%p
Host VM1 VM2 VMN
ProxyCommand ssh -q VM0 nc -q0 %h:%p
I am using cygwin which has ssh configured.
I am using a windows machine
Path to keypair file : C:\cygwin64\home\suhelkhan.ssh\kworld_kp1.pem
The EC2 instance is Red Hat Enterprise Linux (RHEL) 6
The EC2 is correctly mapped to the keypair
The security group associated with this EC2 instances allows for SSH
connection.
I am using the following command to connect
suhelkhan#DTDVD0003009PR ~/.ssh
$ ssh -vvv "kworld_kp1.pem" ec2-user#ec2-52-63-yyy-zz.ap-southeast-2.compute.amazonaws.com
output:
OpenSSH_7.3p1, OpenSSL 1.0.2h 3 May 2016
debug2: resolving "kworld_kp1.pem" port 22
ssh: Could not resolve hostname kworld_kp1.pem: Name or service not known
Checking with telnet gives the following:
suhelkhan#DTDVD0003009PR ~/.ssh
$ telnet 52.63.141.40
Trying 52.63.141.40...
telnet: Unable to connect to remote host: Connection refused
The Telnet cmd gives out the following:
suhelkhan#DTDVD0003009PR ~/.ssh
$ telnet HOST 22
Can't lookup hostname HOST
I just redid the whole thing (New instance with appropriate security group, Proper Key-Pair match up and new cygwin installation [http://thecoatlessprofessor.com/programming/installing-amazon-web-services-command-line-interface-aws-cli-for-windows-os-x-and-linux-2/ ]) .Also added my Public IP to the inbound tab of the security group i am using.. all works.. thanks for the all the help
two instances:
1.- Orion with 192.168.x.1, public like 130.a.b.c
2.- Keystone with 192.168.x.2. Port 8000 opened and tested from localhost
3.- instances have the same routing rule group.
I edit my security group rules adding port 8000 with a cidr 192.168.x.2/32. Now i test it with telnet from my computer:
telnet 130.a.b.c 8000
result: Connection time out.
i'm wrong? how can i connect to port 8000 from my computer to my second instance using the public Ip (configured in first instance) ? Or need a second public Ip?
There are many ways to do this: IPForwarding with iptables, haproxy, etc.
However, I thinK that the easiest way to do this would be SSH Port forwarding in your host with the public IP:
ssh -f -N -o ServerAliveInterval=30 -L 0:8000:192.168.x.2:8000 $YOUR_USER#192.168.x.1:8000
-L 0:8000:192.168.x.2:8000 means that It'll listen every network interface (0:8000) and will send every query to 192.168.x.2:8000
If you don't have a password to your user or ssh is not configured to accept passwords, you could consider either adding a new authorized key (so you can locally login) or connecting your public IP using -A so your credentials can be forwarded:
*ssh -A -i $PRIVATE_KEY_FILE $YOUR_USER#130.a.b.c
When i do ssh to master node as:
ssh hadoop#masternode -i key.pem
The connection is terminated with message :
Connection reset by peer
Is there anyway to maintain the ssh session for long time?
Try to add this to /etc/ssh/ssh_config:
ServerAliveInterval 60