I try to connect to IoT Controllers via VPN.
The Controllers are already set up. I only need to establish a VPN to have remote access.
For that i installed OpenVPN in a AWS EC2 Instance.
To build the Connection between OpenVPN and the Clients, i need to create certificates & keys for the server and the clients.
The documentation says that i need to extract the easy-rsa 2 script bundle (ziped files) into the home directory of the OpenVPN: https://openvpn.net/community-resources/setting-up-your-own-certificate-authority-ca/
My question: How can i unzip a file from my local machine into the home directory of a cloud hosted VPN?
UPDATE
Currently i try via scp to transfer the zip to the openvpn instance.
scp -i ~\OpenVPNKeys.pem easy-rsa-old-master.zip openvpnas#34.249.227.33:/home/
But i get the following error:
scp: /home/easy-rsa-old-master.zip: Permission denied
When i try:
scp -i ~\OpenVPNKeys.pem easy-rsa-old-master.zip openvpnas#34.249.227.33
without specifying the directory it works. I get the message:
1 Datei(en) kopiert
But then i have no clue where the file is saved. Does anayone know where files will be saved automatically?
I have a requirement where some clients will be sending files using SFTP Client. these files need to be processed by an application that is hosted in a EC2 Windows VM.
This application code can not be changed to pick files from a S3 location. It can only pick files from a windows folder path (this path can be changed from a Config file).
For this requirement we have hosted a AWS transfer family SFTP endpoint with S3 Storage bucket.
Now the customers are pushing files via SFTP Client and those files are arriving in the S3 Bucket properly.
Now the question is, how can we make those files accessible from the Windows EC2 VM ?
Currently AWS Transfer Family SFTP server can be configured only with S3 and EFS.
EFS can not be mounted in a Windows EC2 VM (At least there are no straightforward way to do this).
So what could be my option? Is there a way to connect S3 with a Windows VM so that the S3 content can be directly accessible from the Windows EC2 VM as a Mapped drive ? Or is there a way to make a local windows folder that always remains in sync with the S3 location ?
I am having trouble connecting to a EC2 instance from a dockerized puckel/Airflow service. I don't know where to save the pem file for the SSH connection to grab. How can I make the pem file avaialable for the containers?
Thanks.
As with any other file - you could copy the pem file to the container while building the docker image, or later by mounting a folder from the host.
For example: You could bind the host folder /home/myuser/keys to /root/keys. Then the contents of your host's folder will be accessible inside the docker container in /root/keys.
Bind Mounts in Docker
We have an EFS server in our AWS account currently mounted on all our dev systems(RHEL 8.1) in the same VPC and it is working fine. Recently we received a request to mount this EFS server from a on premise server running on HP-unix. On-prem network and aws are connected via Direct connect. I have tried all usual setting changes like allowing on-prem IP range in EFS SG, allowing UDP-2049 in EFS SG etc. Nothing works.
Below is a sample error from HP-ux system:
#mount -F nfs3 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport X.X.X.X:/ /
mount: cannot access nfs3-specific mount command
While reading AWS documentation on EFS, I came across this statement: "Your on-premises server must have a Linux-based operating system. We recommend Linux kernel version 4.0 or later." (https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html)
Is there a way to mount EFS on a HP-UX on-prem server connected via Direct connect to AWS?
I am using mac terminal and I want to connect my machine with server instance EC2 in aws with SSH. Since I am using Mac OS X is not necessary to use PUTTY. The problem is that when I download the key it is with extension .ppk but when i need to run it on terminal i need to use a command in which i have to use .pem extension . I tried to run it in that way and it said to me permission denied. Can someone help me what to do in this case? Do i have to change the permission or to convert my key from .ppk to .ppm?
You need to know the .pem file folder you download, and then follow steps below:
download the keypair(.pem file)
cd to keypair(.pem file) location (Note that you can use absolute path name for key pair instead)
chmod 400 [your_key_name].pem (Note that to make SSH work, your key must not be publicly viewable. Use this command if needed.)
ssh -i "[your_key_name].pem" ec2-user#[your ec2 dns name]
You will have to convert your "ppk" file to "pem" file follow this steps.
http://www.ramsmusings.com/2014/02/20/converting-a-putty-ppk-file-to-a-pem-file-for-accessing-aws-ec2-instances/
After you convert connect to the instance using the SSH command and converted "pem" file.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html
Quick answer
Instead of working directly with SSH keys I would consider working with AWS ec2-instance-connect.
It saves you the the management of the SSH keys and is much safer then sharing SSH keys for each EC2 machine between team members.
After authentication with the aws credentials (by referring to a profile in .aws/config file or using environment variables ) you can connect to the instance very easily by providing the instance ID:
./bin/mssh <instance-ID>
Installation of this tool can be done via pip or directly from the github repo.
Additional information
Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH).
With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principles to control SSH access to your instances, removing the need to share and manage SSH keys.
When you connect to an instance using EC2 Instance Connect, the Instance Connect API pushes a one-time-use SSH public key to the instance metadata where it remains for 60 seconds. An IAM policy attached to your IAM user authorizes your IAM user to push the public key to the instance metadata.
The SSH daemon uses AuthorizedKeysCommand and AuthorizedKeysCommandUser, which are configured when Instance Connect is installed, to look up the public key from the instance metadata for authentication, and connects you to the instance.
You can use Instance Connect to connect to your Linux instances using a
browser-based client,
the Amazon EC2 Instance Connect CLI,
or the SSH client of your choice.
(*) Amazon Linux 2 2.0.20190618 or later and Ubuntu 20.04 or later comes preconfigured with EC2 Instance Connect.
For other supported Linux distributions, you must set up Instance Connect for every instance that will support using Instance Connect. This is a one-time requirement for each instance.
Links:
Connect using EC2 Instance Connect
Securing your bastion hosts with Amazon EC2 Instance Connect