Having trouble connecting to remote server via ssh tunneling.
I'm not that experienced with ssh or portforwarding. I'm trying to forward traffic from an application on a remote lab server to a port on my laptop so I can monitor the traffic. I can log into the server without a problem using:
ssh -i ~/.ssh/mykey.pem username#server.com
However, when I try to create a tunnel (which I am routing through a proxy server via SwitchyOmega):
ssh -L 3128:localhost:8888 -N -i ~/.ssh/mykey.pem username#server.com
I still can't access the page.
My OS is El Capitan and I'm using Chrome, but the remote server is running ubuntu. I appreciate any advice or suggested reading!
EDIT: Initially thought the server was on AWS with a fixed IP, but it turns out its a physical lab server.
You need to create the fowarding accessible by others, therefore do not bind localhost, but the external IP or *. Also you need to specify the -g switch, if you are connecting to the forwarded port remotely:
ssh -g -L *:3128:localhost:8888 -N -i ~/.ssh/mykey.pem username#server.com
In a new terminal window on your local machine, SSH into the remote machine using the following options to setup port forwarding.
ssh -N -L 3128:localhost:8888 user#remote_server
-N options tells SSH that no commands will be run and it’s useful for port forwarding, and -L lists the port forwarding configuration that we setup.
To close the SSH tunnel simply do ctrl-c.
Related
I'm struggling trying to open an ssh tunnel to access an RDS MySql instance through an EC2 bastion host. Using desktop clients (Navicat, MysqlWorkBench) with ssh tunnel set everything works as expected but when I run ssh -i keys.pem user#ec2-instance -L 3307:rds-mysql-instance:3306 -N in my terminal the command hangs indefinitely.
I can access my EC2 instance using ssh -i keys.pem user#ec2-instance and from my EC2 instance I can access the RDS database
Am I missing something in the configuration?
I also tried to open all ports on my Security Group just to be sure that it wasn't a port related issue.
Any help/idea?
Based on the comments.
To identify the issue, more verbose output from ssh can be requested using -v, -vv or even -vvv flags. Thus, the command for debugging can be:
ssh -i keys.pem user#ec2-instance -L 3307:rds-mysql-instance:3306 -N -vv
The detailed output allowed to identify the issue with the connection and fix it.
Background
Three subnets exist in an AZ in AWS. Two of them are private and one is public.
The Public Subnet has a Jumpbox which can be connected to from my local machine via ssh using a pem file (Sample - ssh -i my-key-file.pem ec2-user#host1
The First private subnet has an EC2 Instance that acts as a Application Server. It can only be reached from the Jumbox via ssh. The same pem file is used here. (Sample - ssh -i my-key-file.pem ec2-user#host2). This command is executed on host1.
The second private subnet hosts an Oracle Instance using AWS RDS Service. It is running on port 1521. The DB Can only be accessed from the App Server/host2.
How I am working currently
host2 has sqlplus client installed.
First,I connect to host1, then to host2, and then execute sqlplus to execute Queries at the Command line (No GUI).
I am planning to use GUI tools like SQL Developer to connect right from my local machine. I thought using Port forwarding/SSH Tunneling It can be achieved.
I tried using different options, but with no success. The following links are useful:
https://superuser.com/questions/96489/an-ssh-tunnel-via-multiple-hops
https://rufflewind.com/2014-03-02/ssh-port-forwarding
My Approach to SSH Tunneling
ssh -N -L 9999:127.0.0.1:1234 ec2-user#host1 -i my-key-file.pem -v -v -v
This is executed on my local machine.
It does not do much as I can already connect to host1 using ssh. I did not know how to forward many levels. Using this host as my first hop. After this, ssh listens on port 9999 which is Local to my machine. It forwards any traffic to host1 to Port 1234. My assumption is that, If I use sqlplus on my local machine connecting to localhost:9999, the traffic will arrive at host1:1234
I used 127.0.0.1 because the target of SSH tunneling is with respect to the SSH Server, which is host1. Basically, Both Target, SSH Server are on the same host.
ssh -N -L 1234:db-host:1521 ec2-user#host2 -i my-key-file.pem -v -v- v
This is executed on host1
After this, ssh forwards any incoming traffic on port 1234 to target host (DB Host)/1521 using host2 as the Tunnel.
Again, my assumption is that, ssh is listening on port 1234 on host1. Any traffic arriving from anywhere will be delivered to DB Host using host2 as the tunnel.
I executed both commands and did not see any error. I verified which ports are listening using netstat -tulpn | grep LISTEN.
After these two, My plan was to connect to the Database using Hostname as localhost and Port number as 9999.
What's going wrong !
But when I try to connect to the DB from my local machine, getting an error from my SQL Client Got minus one from a read call. I could not understand the Debug messages from ssh logs.
I believe my understanding of how port forwarding works might not be right. Any inputs would be helpful.
Thanks for your time !
I am trying to setup a small GCE to use as a VPN gateway when I travel. My current attempt is to setup OpenVPN on Ubuntu 16.04 using the script at https://www.cyberciti.biz/faq/howto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts/. I was able to run the script and get an ovpn file at the end. On my laptop (Kubuntu 16.04) I was able to connect to the GCE machine using network manager by importing the ovpn file.
On my laptop I can see the connection is successful but I am not getting any data through the connection (ie I can't go to any websites in my browser).
What I am not sure is if I need to make changes to the Google Network Firewall based on the comments in the link:
#OpenVPN Forward by vg
-A ufw-before-forward -m state --state RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -s 10.8.0.0/24 -j ACCEPT
-A ufw-before-forward -i tun+ -j ACCEPT
-A ufw-before-forward -i tap+ -j ACCEPT
#OpenVPN END by vg
So, if something like that is needed, how do I setup the commands in the Google Network Firewall?
I do have the 1194 port pointing to my GCE instance which is why I assume I am able to see the VPN connect.
I've made a quick test in my own project, and it works fine.
In my case I don't have any firewall rule, running in the openvpn-server.
Keep in mind that you need to configure your internal ip as IP listening and set the public IP when the program asks you.
In your example they use the same IP.
Also I have set a rule Firewall rule in the Google Cloud project allowing the inbound traffic for the port 1194
I have EC2 instance that has port forwarding enabled for EMR cluster. Ganglia monitoring service is already running on EMR. I am able to browse Ganglia from EC2 instance with following using "text browser" Lynx.
lynx http://localhost:5000/ganglia
However, I want to access this service from my local machine ( Mac Yosemite ). I did some research and found that I need X11 port forwarding. So now I also have X11 port forwarding enabled.
echo $DISPLAY
gives me following on EC2 instance
localhost:14.0
I am also able to run "xclock" and it launches clock on my local machine.
I tried to ssh into EC2 instance with this syntax .
ssh -C -c blowfish -N -L:1050:myEc2Server:5000 myUser#myEc2Server
Then if I type http://127.0.0.1:1050/ganglia in google chrome I get message saying no data received.
Can anyone point out what is going wrong ? I tried verbose log from local machine to Ec2 instance and it has following message -
channel 2: open failed: connect failed: Connection refused
In short, I want to be able to see Ganglia from local machine. Any help is appreciated.
~Cheers
I tested an ssh command line from my own laptop (Mac Yosemite) and the following works
ssh -N -L:1050:localhost:5000 username#public-dns-of-ec2-instance
After this is connected, I verified using:
http://localhost:1050/ganglia.
In your command line above, you may just need to replace myEc2Server with localhost or 127.0.0.1.
Does anyone have an idea on steps of setting up an SSH tunnel for the CloudFoundry? I want to do remote debugging on cloud, but am blocked behind a firewall. So need to setup an SSH tunnel for that.
I wrote a blog post on setting up remote debugging for Java apps on Cloud Foundry. It covers using an SSH Tunnel to work around a firewall / NAT.
The answer from the article is this...
Obtain a public server.
Install SSHD. Edit /etc/ssh/sshd_config, add or set GatewayPorts to yes. Restart SSHD.
On your local machine run ssh -f -N -T -R 0.0.0.0:<public-port>:127.0.0.1:<debugger-port> <user>#<public-server-ip> (Windows users can use cygwin or possibly Putty, although the command will be different). This will instruct SSH to connect to the remote host, setup a reverse tunnel and go into the background. The reverse tunnel will listen on your public server on the port you specify (i.e. public-port) and forward traffic to the debugger port on your local machine. You can use different port numbers, but it is easiest if you just use the same port.
Start the debugger and listen on the same port (i.e. debugger-port) that you used in the SSH command.
Edit your manifest.yml file. Set JAVA_OPTS to -agentlib:jdwp=transport=dt_socket,address=<your-ip>:<your-port>.
Run cf push.
For a gentler walk through, see the post.