How to install PHP modules on AWS EC2 without SSH knowledge? - amazon-web-services

Is there any way to install PHP modules on AWS without much SSH knowledge? I need to install PHP mcrypt, but I'm pretty new with SSH. I use putty for simple stuff like transferring files from server or compressing stuff, so the instructions on http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AccessingInstancesLinux.html are pretty complex for me. Or if anyone has nan easy step by step to follow for putty?

To login to remote machine, you need to do SSH (Secure SHell for remote machine login)
To achieve you need to have SSH client your local machine and SSH server running to remote machine.
I believe in your topology, your machine is your ssh client and AWS server is SSH server
(Your machine/laptop) -> you may need to install any SSH client like putty, SecureCRT etc
If you are using linux machine then you may already have openssh already installed.
You can try by running command : ssh -h or ssh -V
AWS server: it is already running SSH server so you don't have to do anything.
Now, you may need to run a command to on your ssh client to connect to ssh server
ssh -i [user identity file path] username#ip/host
where -i : user publickey/fingerprint file location path.
(Generally instead of normal password based authentication, it is used to do publickey based user authentication which is more secure than password)
During SSH connection, there are two authentication happens,
1) Server/host authentication -> It happens first.
This for client to verify whether the ssh server it is going to connect is valid or trusted host or not. SSH client generally does this by verify the server/host fingerprint (publickey or identity file) supplied by SSH server during SSH connection with stored/saved list fingerprint file on local system. If SSH client doens't find fingerprint sent by SSH server then it will prompt to user whether to trust and add this fingerprint in trusted list or not.
i.e
The authenticity of host 'ec2-198-51-100-1.compute-1.amazonaws.com (10.254.142.33)'
can't be established.
RSA key fingerprint is 1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f.
Are you sure you want to continue connecting (yes/no)?
2) user/client authentication: -> Once server is authenticated in step 1, user authentication starts.
This is your client/user account authentication on SSH server. It is used to verify that whether user is allowed or not for login into the device. During SSH connection, SSH client software sends this info to SSH server and SSH server verify this. You must have this file present with you.
I hope once you follow above steps successfully, you would able to login to AWS server and then you can go ahead with your remaining task like install PHP, run some command etc.

Related

Cannot connect to code-server in GCP - Permission denied (publickey)

I am attempting to install and access vscode in an instance of Compute Engine of GCP using the instructions on Coder.1
I have also been going through their instructions on exposing code-server using SSH2, however, when I try and run the command ssh -N -L 8080:127.0.0.1:8080 [user]#<instance-ip> swapping out [user] and ip address, I get the following:
The authenticity of host 'ip address (ip address)' can't be established.
ECDSA key fingerprint is SHA256:"hash".
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ipaddress' (ECDSA) to the list of known hosts.
[user]#<instance-ip>: Permission denied (publickey).
Code server should be running as when trying to execute I get:
info code-server 4.9.1
info Using user-data-dir ~/.local/share/code-server
error listen EADDRINUSE: address already in use 127.0.0.1:8080
Attempting to login using http:\\127.0.0.1:80 on Firefox making sure Don’t enable HTTPS-Only Mode is on, page cannot be found.
Admittedly, I have little experience with Linux and SSH.
Any way I can troubleshoot this?
Permission denied: states that you are not authorized to use SSH to access the remote server. You should make sure that the private key for your SSH keychain has been added to your SSH keychain and that the SSH public key for your user account has been uploaded to the server in order to resolve this issue. When running the ssh command, you can also try specifying the path to your private key file by using the -i flag. For instance:
ssh -i /path/to/private_key [user]#<instance-ip>
ssh -i /path/to/private_key -N -L 8080:127.0.0.1:8080 [user]#instance-ip>
If the private key file is protected by a passphrase, you will also need to provide the correct passphrase and the -p flag.
Attaching a troubleshooting doc for reference.

ssh AWS ec2 bastion permission denied

When I try to connect to an EC2 in a private network through a bastion server I get this message:
<username>#<ec2-server>: Permission denied (publickey)
However, I can ssh to bastion from my local machine, and I can ssh to the EC2 from the bastion server,
Here is the .ssh/config I'm using:
Host <ec2-servers>*
IdentityFile ~/.ssh/id_rsa
User <username>
Here is the command I use to ssh:
ssh -J <bastion-server> <ec2-server>
Note: Permissions are good (700 for ~/.ssh/ and 600 for ~/.ssh/*)
Thanks in advance for your help!
There is likely no user on the remote system called 'username'. Make sure both systems have the same username and public key.
can you try the following configuration as the username you mentioned as same for both jump host and actual instance you are trying to connect to?
Host 10.2.2.* #ec2 servers cidr range
ProxyJump jumpuser#proxy.example.com
I think specifying the IdentityFile ~/.ssh/id_rsa might not be needed as that seems like the default key on your system you are using.
Make sure jumpuser exists with appropriate permissions.
Just fo debugging purposes , run this manually with debug options
ssh -vvv -J username#host1:port username#host2:port
will give plenty of information and you might be able to see where the problem is.
If you are using ssh-agent it remove all the identities and trying might also help.
ssh-add -D
How to Access a Remote Server Using a Jump Host
How to Set Up an SSH Jump Server
Just note that RSA keys are being depreciated, and later versions of operating systems disable their use on the CLIENT. That is, where you ssh from. To re-enable it on the client, in your ~/.ssh/config file, enter the following line:
PubkeyAcceptedKeyTypes +ssh-rsa
Note: there are security implications of doing this, so read up on the security issues of rsa if you are concerned. For instance, the following article:
https://www.thesslstore.com/blog/is-it-still-safe-to-use-rsa-encryption/
says:
....RSA encryption provides less than 99.8% security.
That sounds negligible, it’s about two in every 1,000.
But does that mean RSA is cracked? Not quite, just vulnerable..
Fixed it by adding local ssh public key in the authorized_keys of the remote ec2 instance.

The authenticity of host ...can't be established when I connect to the instance.AWS EC2

AWS EC2
I tried it and don't know why it doesn't work?
Example:
ssh -i "bruce202101.pem" ec2-user#ec2-18-218-105-7.us-east-2.compute.amazonaws.com
cmd:
D:\awskey>ssh -i "bruce202101.pem" ec2-user#ec2-18-218-105-7.us-east-2.compute.amazonaws.com
The authenticity of host 'ec2-18-218-105-7.us-east-2.compute.amazonaws.com (18.218.105.7)' can't be established.
ECDSA key fingerprint is SHA256:9N7GOCZxXLqE5+NGfIykiDDSP8G+jXwLDHHmDaiBhrc.
Are you sure you want to continue connecting (yes/no)?
This is normal the first time you connect to a remote ssh host. As a part of the ssh connection there is an identity establishment mechanism. If you do not manually add the identity of the remote host to your local config prior to connection it will prompt you the first time you connect and then save it to your local config. Assuming you are connecting to the right server and it is secure it should be safe to answer yes to the question.

Connecting to Postgres using private IP

When creating my Postgres Cloud SQL instance I specified that would like to connect to it using private IP and chose my default network.
My VM sits in the same default network.
Now, I follow instructions as described here https://cloud.google.com/sql/docs/postgres/connect-compute-engine
and try executing
psql -h [CLOUD_SQL_PRIVATE_IP_ADDR] -U postgres
from my VM, but get this error:
psql: could not connect to server: Connection timed out Is the server
running on host "CLOUD_SQL_PRIVATE_IP_ADDR" and accepting TCP/IP connections on
port 5432?
Anything I am under-looking?
P.S. My Service Networking API (whatever that is) is enabled.
If you have ssh to a VM in the same network you can connect to Cloud SQL using cloud SQL proxy:
Open the ssh window (VM-instances in Computer engine and click on ssh), then download the proxy file with:
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
Execute, in the ssh shell
chmod +x cloud_sql_proxy
Create a service account with role Cloud SQL Client and create an api key. Download the json key in your local computer.
In the ssh vm shell click on the wheel and "upload", and upload the key file
5.
./cloud_sql_proxy -instances=<Instance connection name>=tcp:5432 -credential_file=<name of the json file>
where "Instance connection name" can be found in SQL-Overview -> Connect to this instance
Finally
psql "host=127.0.0.1 port=5432 sslmode=disable user=<your-user-name> dbname=<your-db-name>"
On the other hand, if you want to connect to cloud sql from your local computer and the cloud sql instance does not have a public ip you have to connect through a bastion host configuration.
https://cloud.google.com/solutions/connecting-securely
According to this document connect via private ip, you need to setup following item:
You must have enabled the Service Networking API for your project. If you are using shared VPC , you also need to enable this API for the host project.
Enabling APIs requires the servicemanagement.services.bind IAM permission.
Establishing private services access requires the Network Administrator IAM role.
After private services access is established for your network, you do not need the Network Administrator role to configure an instance to use private IP.

I lost the ability to connect with ssh from master to slaves (AWS EC2 Hadoop)

I recently lost the ability to connect my master via ssh to my slaves and secondary namenode.
I have 4 EC2 instances on which I have a hadoop cluster (one NameNode, one secondary nameNode, and 2 slaves).
I'm still able to make ssh connection with putty, but then I can't realise the ssh connection as follow : ssh ubuntu#instanceDns.
I have the following error :
Permission denied (publickey).
I'm sure i didn't change anything toward the ssh connection so I'm little bit surprised.
Here is a screen of a verbose tentative of a ssh connection.
I noticed that I don't have id_rsa, id_rsa-cert and the other anymore in my .ssh file. I guess they were here before but I don't know they could disapear like this.
WHy is this happening ?
Is there a solution to get the ssh connection between my machine available again ?
You don't have any private key (ssh would know about) to authenticate to these servers.
Locate where is the private authentication key
configure OpenSSH to use it in ~/.ssh/config
or
Convert the existing PuTTY key to OpenSSH format
configure OpenSSH to use it in ~/.ssh/config