I ssh to GCP Centos vm instance by port 22 but I run firewall-cmd script to block all incoming port except 80. Now I cannot ssh to connect my vm instance due to port 22 is blocked. Is there any solution to allow ssh again because I can not do anything. Please help.
Sincerely
Bom
You can solve this by creating a startup-script with the firewall-cmd commands you need to have the port 22 opened and then apply it to your instance.
Related
No ingress firewall rule allowing SSH found.
If the project uses the default ingress firewall rule for SSH, connections to all VMs are allowed on TCP port 22. If the VPC network that the VM’s ## Heading ##network interface is in has a custom firewall rule, make sure that the custom firewall rule allows ingress traffic on the VM’s SSH TCP port (usually, this is TCP port 22).
To investigate further, enable the VM's serial console. Then connect through the VM’s serial port, check the SSH server's listen port, and then compare the listen port number with the VM's firewall rules. The port numbers must match.
How to remove the network error, while initiating VM via SSH
This error can occur for several reasons. The following are some of the most common causes of the errors :
The VM is booting up and sshd is not running yet.
The firewall rule allowing SSH is missing or misconfigured.
sshd is running on a custom port.
Your custom SSH firewall rule doesn't allow traffic from Google
services.
The SSH connection failed after you upgraded the VM's kernel.
The sshd daemon isn't running or isn't configured properly.
The VM isn't booting and you can't connect using SSH or the serial
console.
The VM is booting in maintenance mode.
Please check for the above mentioned errors in serial port and refer to this documentation to resolve the issue.
You can also try these steps :
Stop the VM instance.
Click 'Edit' to edit the instance.
Under ‘Metadata' section, add 'startup-script' key, with value:
#! /bin/bash
sudo ufw allow 22
Click 'Save'
Start the instance again, and SSH into it
Running an AWS EC2 instance with Ubuntu 22.04. I am also running a jupyter server for python development there and connecting to that from my local Ubuntu laptop with ssh tunneling.
#!/usr/bin/env bash
# encoding:utf-8
SERVER=98.209.63.973 # My EC2 instance
# Tunnel the jupyter service
nohup ssh -N -L localhost:8081:localhost:8888 $SERVER & # 8081:Local port 8888:remote port
However, I never opened port 8888 of the ec2 instance by a security group rule. How come the port forwarding is working in that case? Should not it be blocked?
When using ssh -L, ssh will listen to local port 8081 and will send that traffic across the SSH connection (port 22) to the destination computer. The ssh daemon that receives the traffic will then forward the traffic to localhost:8888.
There is no need to permit port 8888 in the EC2 instance security group because it is receiving this traffic via port 22.
An SSH connection does more than just sending the keystrokes you type. It is a full protocol that can pass traffic across multiple logical channels.
I have a database on a remote Google Cloud (GCP) machine. On GCP, I edited the firewall rules to allow access from my desktop and from an AWS EC2 instance. However, the following happens:
From desktop:
netcat -zv 35.198.56.213 27017
Connection to 35.198.56.213 27017 port [tcp/*] succeeded!
From EC2:
netcat -zv 35.198.56.213 27017
netcat: connect to 35.198.56.213 port 27017 (tcp) failed: Connection timed out
I don't understand why I can connect from my desktop but not from the EC2. Both IPs are allowed (using the instance public address). The outbound rules for the EC2 instance are allowing all traffic.
Any tips?
Edit: I am trying to connect to a mongo instance that is running on port 27017. The bindIp on /etc/mongod.conf is correctly set to 0.0.0.0.
I need to telnet to my ec2 instance on port 2222. I have included it in the security groups with source as Anywhere and Custom TCP Rule. It is a 64 bit Linux Machine. I am able to connect via port 22 but when I try with 2222, it shows telnet: Unable to connect to remote host: Connection refused. Also I need to skip the login/password prompt if connected successfully.
Try changing the port the Telnet server is listening on in it's configuration file.
I'm running Bitnami MEAN on an EC2 instance. I can host my app just fine on port 3000 or 8080. Currently if I don't specify a port I'm taken to the Bitnami MEAN homepage. I'd like to be able to access my app by directly from my EC2 public dns without specifying a port in the url. How can I accomplish this?
The simple way to do that is Port Forwarding by using below command:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
After logging into the AWS using putty by having private key & with username "bitnami". Type the above command & enter.
Then, you will automatically redirected to your application.
Note : I am assuming, you have already configure port 8080 to security group on AWS
You'll have to open port 80 on the server's firewall, and either run your server on port 80 or forward port 80 to port 8080. You'll need to lookup the instructions for doing that based on what version of Linux you are running, but it is probably going to be an iptables command.
You'll also need to open port 80 on the EC2 server's security group.