I've lost both password and public key connection to my EC2 instance. But through browser ssh connection i can connect to my instance.
I want to modify the ssh_config to allow public key configuration. But while saving a file with ctrl+o on nano editor it's not working. Is there's a different keyboard bindings ?
Is there a list of shortcuts available ?
Shortcuts on linux machines:
Save "esc+esc+o"
Exit "esc+esc+x"
And the other way to reconfigure ssh configuration was using a rescue instance:
Mounting volume on rescue instance.
Reconfiguring sshd_config file.
Remounting volume on original ec2 instance
Reference
Related
I've followed the AWS DocumentDB docs for connecting outside VPC:
I created an EC2 instance in the same security group and VPC as the DocDB cluster
In the security group I opened 22 port access for my IP, and also opened port 27017 for communication inside the security so EC2 instance can SSH tunnel to the DocDB
I ran ssh -f -i "ssh-tunneling-access.pem" -L 27017:{doc-db-cluster}:27017 {ec2-instance-user}#{ec2-instance-dns} -N to open the SSH tunnel
In another terminal I tried to connect using Mongo shell with mongosh "mongodb://{credentials}!#localhost:27017/?tls=true&tlsAllowInvalidHostnames=true&tlsCAFile=rds-combined-ca-bundle.pem"
I got an error "MongoServerSelectionError: read ECONNRESET"
I'm running on Windows 11, and my terminal is Powershell Core.
Any ideas what did I miss and/or how to troubleshoot it?
First of all, make sure you can connect to DocumentDB from the EC2 instance. The security group attached to the DocumentDB cluster has to allow port 27017 with source the EC2 instance (or the security group of the EC2).
Second, is not clear from where you're initiating the tunnel. Did you execute step 3. on the Windows 11 machine? Have you installed OpenSSH on Windows?
How about using a GUI client, like Robo 3t, which has SSH tunneling support? Instructions on how to connect can be found here.
I have a scenario as following,
I have one EC2 instance in private subnet and one EC2 instance in public subnet.
How can I connect to private subnet EC2 instance through public subnet EC2 instance which is also called Bastion host (Jump box) from my Windows OS client machine.??
You need to connect to the Bastion host, and use that connection to open a tunnel from your machine to the target machine in the private subnet. That allows you open a second connection to the target machine, using the tunnel.
Here is a guide on how to do this using Putty: AWS Setup Bastion Host SSH Tunnel (they are also opening a second tunnel to a Windows server, you can ignore that part).
The easiest way is in the bastion(public instance), make the copy of the .pem file that you assigned to the private instance when you launched it.
example.pem
Then, you need to make it only readable by you(otherwise you cannot make a connection).
chmod 400 example.pem
Finally, run this command below to connect to the private instance from the bastion. (Use the private ip of the private instance after # in the command below)
ssh -i "example.pem" ubuntu#10.0.2.254
That's it!!
Supplementally saying, the name of .pem file doesn't need to be the same as the one you assigned to the private instance. But the content which is RSA PRIVATE KEY must be the same as the one you assigned to the private instance.
Need to reach phpMyAdmin on an EC2 instance behind a bastion/jumpserver from local laptop.
Looking to reduce these steps into using .shh/config. The question seeks to solve the right configurations.
When connecting to EC2 without public bastion server to jump through, this is the normal way documented which does not work in my case because our deployment uses a public facing bastion:
https://docs.bitnami.com/aws/faq/get-started/access-phpmyadmin/
When you need to jump through a public facing bastion e.g.:
Local/Laptop ------> bastion/jumpserver -----> ec2
This above reference link does not follow the same workflow and documentation is sparse.
Setting up inbound/outbound rules for this capability is also sparse.
The preference is to use .ssh/config which is setup like this:
Host bastionHostTunnel
Hostname <publicBastionIp>
User <bastionusername>
ForwardAgent yes
IdentityFile <local path to .pem file>
Host ec2Host
Hostname <privateEC2IP>
User <ec2 username>
ForwardAgent yes
IdentityFile <local path to .pem file>
# -A Enable forwarding of the Authentication agent connection
# -W used on older machines instead of -J to bounce through
# %h the remote hostname
# On Windows 10(only?) seems must call ssh.exe instead of only ssh
ProxyCommand ssh.exe -A -W %h:22 bastionHostTunnel
I obviously left out vars in <> above - but I have them and have verified similar configuration is working for enabling SFTP as above with FileZilla.
Then in shell call this to bind port localhost:8888 (http://127.0.0.1:8888):
ssh ec2Host -D 8888
Then ought to be able to open browser and go to the following to access phpMyAdmin:
http://127.0.0.1:8888/phpmyadmin
Current issue is that this process is hanging and possibly refusing the connection. This points to either bad configuration above or incorrect inbound/outbound rules for either/both bastion and ec2 instance.
Has anyone here had similar issue and was able to solve and could share further, much appreciated. Plus any extra clues as far as debugging the overall process would help in the answer.
I'm most curious if it works if you specific everything on the command line...once you determine that works, you can start refactoring to put some aspects in to .ssh/config. It's usually easier for me to find errors with my configuration if everything is on the command line, plus I don't know that I see the correct forwarding options all listed there.
Unless I'm very mistaken, you don't need any reference to the ec2 host in your SSH config file because you're using the jump machine to redirect localhost traffic there, you wouldn't directly be able to reach the ec2 host machine from your local machine using an SSH tunnel.
There are many ways to do a tunnel, but when I do this, I use a command like ssh -L 8080:destination:80 -i <keyfile> me#jumpbox . destination must be reachable from jumpbox, which I can verify by first using ssh -i <keyfile> jumpbox then, once on that machine, ssh destination. If there's a problem along the way, it's easier to debug these little steps (for instance, if I can't connect by manual ssh to jumpbox then I know the tunnel will never work).
I'm able to access google coral via putty using same network. But is it possible to access google coral using different network (like VNC server)
Regards
Rahul
If you would like to access the google coral through remote ssh e.g. putty or another ssh service you can change the ssh permissions:
sudo nano /etc/ssh/sshd_config
and set:
ChallengeResponseAuthentication yes
PasswordAuthentication yes
save the file and restart the ssh service:
sudo systemctl restart ssh
Remote ssh should work now. To get the vnc server working the coral would need a GUI which it does not have.
I've solved the problem. Checked with google support officially you can't connect google coral with different network. But incase if you want to connect within same network this is how you will connect.
generate key using puttygen.
once key is generated store public/private key (.ppk).
copy public key and paste in authorized_key location.
once public key is pasted get the broadcast ip address by hitting below command
mdt shell
ip addr | grep wlan0
Load ppk file in putty/winscp and pass the ip address which we got after running above command.
Google coral is now successfully connected with putty/winscp
I have a jenkins box, I have ssh in to it and from there I want to access one of the Ec2 instance in AWS, I tried ssh -i "mykeyname.pem" ec2-user#DNSname but It throws me an error "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)".
I have the PEM file of the EC2 instance I want to connect. But is there any way I can ssh in to the instance..?
There are two possible reasons.
Default user name is not "ec2-user"
Please check your using image "jenkins box".
If it doesn't use "ec2-user", change user name for ssh commands
Your key-pair is incorrect
Once you created EC2 instance with correct key-pair, you could access EC2 instance with such commands
Please check your using key-pair name
FYI
Connecting to Your Linux Instance Using SSH