I am using remote - ssh on vscode to access a remote caen server. On WSL, I can use ssh multiplexing with the following config file:
Host *
ControlMaster auto
ControlPersist yes
ControlPath ~/.ssh/socket-%C
ServerAliveInterval 60
ServerAliveCountMax 5
However, vscode doesn't seem to let me use a file on my WSL directory for my SSH host (or am I able to do this?). On windows, when I try to use this for ssh multiplexing on a windows ssh config file, remote - ssh on vscode says it can no longer establish a connection with caen. It works without the extra control and server lines.
Host caen
HostName myhostname
User myusename
ControlMaster auto
ControlPersist yes
ControlPath C:\Users\mycomputerusername.ssh\socketfile
ServerAliveInterval 60
ServerAliveCountMax 5
Does anyone have an idea of what I am doing wrong?
I tried different controlpath filenames, accessing my wsl ssh config file with the remote - ssh on vscode, and a few other things. None worked.
Related
I am new to pgAdmin and to SSH tunnels. I am trying to establish a connection to a postgres DB with SSH tunnel. I am on Windows 10. I am given the following instructions (I changed all the names and ports in the below)
Add the following to your SSH config (~/.ssh/config):
Host prod
Hostname myorg.org.uk
User sshusername
IdentityFile idef.pem
LocalForward 9999 localforward.amazonaws.com:8888
Now you can tunnel your way through to PostgreSQL:
ssh -N prod
And now psql et al can connect (You must open a new Terminal window while the SSH tunnel is running):
psql -h localhost -p 9999 -U connectionusername -d dproduction
I am also given the dproduction database password for the database I am trying to connect to: dproduction_pwd
I don't understand where everything goes in pgAdmin. I did the following:
Create-Server:
Name = test
Connection:
Host Name/Address: localhost
Prot: 9999
Maintenance database: postgres
username: connectionusername
SSH Tunnel:
Tunnel host: myorg.org.uk
Tunnel post: 9999
username: sshusername
Identity file: C:\idef.pem
Password: dproduction_pwd
I must be doing something wrong, as I don't use LocalForward from the ssh config above, where does this go? putting it in Tunnel host does not work.
I managed to use SSH tunnel to access my database with Windows 10 SSH and PGAdmin SSH Tunnel. It did take a while. pgAdmin's document isn't very clear on this. Here's the difference I found:
When setting SSH tunnel with Windows 10 SSH, you need to forward a local port (9999 in your case) to the remote port (8888).
In pgAdmin, that local port is no longer needed. My guess is since it already knows you want to access which service through which tunnel, it takes care of the local port in the background. That tunnel port, in the most common cases, should be the SSH port 22.
My suggested changes to your current setting would be:
in SSH Tunnel tab, set Tunnel port to 22
in Connection tab, set Port to 8888
This should work.
Need to reach phpMyAdmin on an EC2 instance behind a bastion/jumpserver from local laptop.
Looking to reduce these steps into using .shh/config. The question seeks to solve the right configurations.
When connecting to EC2 without public bastion server to jump through, this is the normal way documented which does not work in my case because our deployment uses a public facing bastion:
https://docs.bitnami.com/aws/faq/get-started/access-phpmyadmin/
When you need to jump through a public facing bastion e.g.:
Local/Laptop ------> bastion/jumpserver -----> ec2
This above reference link does not follow the same workflow and documentation is sparse.
Setting up inbound/outbound rules for this capability is also sparse.
The preference is to use .ssh/config which is setup like this:
Host bastionHostTunnel
Hostname <publicBastionIp>
User <bastionusername>
ForwardAgent yes
IdentityFile <local path to .pem file>
Host ec2Host
Hostname <privateEC2IP>
User <ec2 username>
ForwardAgent yes
IdentityFile <local path to .pem file>
# -A Enable forwarding of the Authentication agent connection
# -W used on older machines instead of -J to bounce through
# %h the remote hostname
# On Windows 10(only?) seems must call ssh.exe instead of only ssh
ProxyCommand ssh.exe -A -W %h:22 bastionHostTunnel
I obviously left out vars in <> above - but I have them and have verified similar configuration is working for enabling SFTP as above with FileZilla.
Then in shell call this to bind port localhost:8888 (http://127.0.0.1:8888):
ssh ec2Host -D 8888
Then ought to be able to open browser and go to the following to access phpMyAdmin:
http://127.0.0.1:8888/phpmyadmin
Current issue is that this process is hanging and possibly refusing the connection. This points to either bad configuration above or incorrect inbound/outbound rules for either/both bastion and ec2 instance.
Has anyone here had similar issue and was able to solve and could share further, much appreciated. Plus any extra clues as far as debugging the overall process would help in the answer.
I'm most curious if it works if you specific everything on the command line...once you determine that works, you can start refactoring to put some aspects in to .ssh/config. It's usually easier for me to find errors with my configuration if everything is on the command line, plus I don't know that I see the correct forwarding options all listed there.
Unless I'm very mistaken, you don't need any reference to the ec2 host in your SSH config file because you're using the jump machine to redirect localhost traffic there, you wouldn't directly be able to reach the ec2 host machine from your local machine using an SSH tunnel.
There are many ways to do a tunnel, but when I do this, I use a command like ssh -L 8080:destination:80 -i <keyfile> me#jumpbox . destination must be reachable from jumpbox, which I can verify by first using ssh -i <keyfile> jumpbox then, once on that machine, ssh destination. If there's a problem along the way, it's easier to debug these little steps (for instance, if I can't connect by manual ssh to jumpbox then I know the tunnel will never work).
I am trying to ssh a bastion using pycharm PyCharm 2018.1 on a Windows 7 machine using putty.
I found some documentation to ssh a server and this work without any issues:
https://www.jetbrains.com/help/pycharm/tutorial-using-the-product-built-in-ssh-terminal-and-remote-ssh-external-tools.html
For the bastion server, it seems that pycharm doesn't allow such conection (in the config I only see login and server name as parameters). I tried to put in the putty configuration to the bastion server a tunnel to a localhost. On my window machine I see the port of my localhost.
The issue is that I don't manage to connect pycharm to the localhost. It expect a login and a pwd while I just have the localhost name.
I see in a post from last year that "if you are using a bastion host (also referred to as a jump host), you’ll be very happy to know that PyCharm 2017.3 supports SSH config files. Even on Windows."
https://blog.jetbrains.com/pycharm/2017/10/pycharm-2017-3-eap-5/
Any idea how to have it working either with the localhoast of using OpenSSH and SSH config file ?
The issue was the localhost.Using plink directly is working with no problem using same commands than regular ssh: plink.exe -L 9009:server:22 user#bastion. With Putty it doesn't work (first the IP was 0.0.0.0:port instead of 127.0.0.1:port even with the right port pycharm failed to connect with it work when I use plink directly).
This thread was helping: https://serverfault.com/questions/387772/ssh-reverse-port-forwarding-with-putty-how-to-specify-bind-address
I'd like to connect remotely to the Ubuntu bash on my Windows 10.
I've got an answer on port 22 but when it asks for username and password, it says access denied...
I've already created a user "root" and i've done a "sudo passwd root"
Windows firewall is deactivated (service stopped).
Thanks !
Stop ssh server and ssh broker services on Windows to avoid SSH port conflict
Makes below changes in /etc/ssh/sshd_config:
UsePrivilegeSeparation no
PasswordAuthentication yes
Then restart ssh server by sudo service ssh restart. If you see could not load host key error then create host key as below and restart ssh service:
sudo ssh-keygen -f /etc/ssh/ssh_host_rsa_key -b 4096 -t rsa
First, You need to Stop/Disable Windows 10 SSH Server Broker Services or Change OpenSSH Port.
After that, modify the /etc/ssh/sshd_config:
UsePrivilegeSeparation no
PubkeyAuthentication no
PasswordAuthentication yes
I started having issues after installing VirtualBox with my Bash on Ubuntu on Windows SSH connection. I stopped the VM, uninstalled, and still couldn't authenticate. The user 'Nobody' is correct, the best solution would either to disable the SSH Broker for Windows 10, or just change the port for SSH on the Linux subsystem, which I did, and works perfectly.
You must also in most cases add a inbound firewall rule to allow traffic on port 22.. the default setup only allows for inbound traffic using the windows implementation of ssh, therefore not allowing any traffic for the openssh-server. Just follow the instructions above and then add a rule for port 22 inbound in Windows Firewall and you should be set.
Since windows implementation doesn't provide chroot you need to modify the /etc/ssh/sshd_config
UsePrivilegeSeparation no
Also you will need to create a user using useradd command or so.
I am testing SSH connection for checking RSA key in git.
I am working over proxy server.
I am using window 7 and have installed msysGit-fullinstall-1.7.3.1-preview20101002.
Now in msys.exe window i have set proxy by command 'git config --global http.proxy http://host:port'
After that i have tried command 'ssh git#github.com' .
This gives me error like 'ssh: github.com: no address associated with name'
What should i do?
Setting http.proxy will not work for ssh. You need to proxy your ssh connection. See this description. To summarize:
Start git-cmd.bat and create ~/.ssh/config (notepad %home%\.ssh\config.)
ProxyCommand /bin/connect.exe -H proxy.server.name:3128 %h %p
Host github.com
User git
Port 22
Hostname github.com
IdentityFile "C:\users\username\.ssh\id_rsa"
TCPKeepAlive yes
IdentitiesOnly yes
Host ssh.github.com
User git
Port 443
Hostname ssh.github.com
IdentityFile "C:\users\username\.ssh\id_rsa"
TCPKeepAlive yes
IdentitiesOnly yes
(set the correct proxy hostname:port, and the path to id_rsa. When you use git-bash, use slashes in the path to id_rsa)
(My version of msysgit includes connect.exe, so I do not need to download and compile connect.c). A precompiled exe is also available here.
Now ssh github.com should work
Note that if you want to connect via a socks5 proxy, then change -H to -S.
ProxyCommand connect -S proxy.server.name:1080 %h %p
If you use a Linux file system, the file permission of ~/.ssh/config must be 600, but on a standard NTFS windows partition, these kind of permissions do not exist.
If your proxy requires NTLM authentication, you can use cntlm, see also this answer.
Does your proxy require a password? Then it might be that.
export http_proxy="http://<domain>\<username>:<password>#<server>:<port>"
See : How do I pull from a Git repository through an HTTP proxy? (duplicate!)