I am trying to ssh a bastion using pycharm PyCharm 2018.1 on a Windows 7 machine using putty.
I found some documentation to ssh a server and this work without any issues:
https://www.jetbrains.com/help/pycharm/tutorial-using-the-product-built-in-ssh-terminal-and-remote-ssh-external-tools.html
For the bastion server, it seems that pycharm doesn't allow such conection (in the config I only see login and server name as parameters). I tried to put in the putty configuration to the bastion server a tunnel to a localhost. On my window machine I see the port of my localhost.
The issue is that I don't manage to connect pycharm to the localhost. It expect a login and a pwd while I just have the localhost name.
I see in a post from last year that "if you are using a bastion host (also referred to as a jump host), you’ll be very happy to know that PyCharm 2017.3 supports SSH config files. Even on Windows."
https://blog.jetbrains.com/pycharm/2017/10/pycharm-2017-3-eap-5/
Any idea how to have it working either with the localhoast of using OpenSSH and SSH config file ?
The issue was the localhost.Using plink directly is working with no problem using same commands than regular ssh: plink.exe -L 9009:server:22 user#bastion. With Putty it doesn't work (first the IP was 0.0.0.0:port instead of 127.0.0.1:port even with the right port pycharm failed to connect with it work when I use plink directly).
This thread was helping: https://serverfault.com/questions/387772/ssh-reverse-port-forwarding-with-putty-how-to-specify-bind-address
Related
Need to reach phpMyAdmin on an EC2 instance behind a bastion/jumpserver from local laptop.
Looking to reduce these steps into using .shh/config. The question seeks to solve the right configurations.
When connecting to EC2 without public bastion server to jump through, this is the normal way documented which does not work in my case because our deployment uses a public facing bastion:
https://docs.bitnami.com/aws/faq/get-started/access-phpmyadmin/
When you need to jump through a public facing bastion e.g.:
Local/Laptop ------> bastion/jumpserver -----> ec2
This above reference link does not follow the same workflow and documentation is sparse.
Setting up inbound/outbound rules for this capability is also sparse.
The preference is to use .ssh/config which is setup like this:
Host bastionHostTunnel
Hostname <publicBastionIp>
User <bastionusername>
ForwardAgent yes
IdentityFile <local path to .pem file>
Host ec2Host
Hostname <privateEC2IP>
User <ec2 username>
ForwardAgent yes
IdentityFile <local path to .pem file>
# -A Enable forwarding of the Authentication agent connection
# -W used on older machines instead of -J to bounce through
# %h the remote hostname
# On Windows 10(only?) seems must call ssh.exe instead of only ssh
ProxyCommand ssh.exe -A -W %h:22 bastionHostTunnel
I obviously left out vars in <> above - but I have them and have verified similar configuration is working for enabling SFTP as above with FileZilla.
Then in shell call this to bind port localhost:8888 (http://127.0.0.1:8888):
ssh ec2Host -D 8888
Then ought to be able to open browser and go to the following to access phpMyAdmin:
http://127.0.0.1:8888/phpmyadmin
Current issue is that this process is hanging and possibly refusing the connection. This points to either bad configuration above or incorrect inbound/outbound rules for either/both bastion and ec2 instance.
Has anyone here had similar issue and was able to solve and could share further, much appreciated. Plus any extra clues as far as debugging the overall process would help in the answer.
I'm most curious if it works if you specific everything on the command line...once you determine that works, you can start refactoring to put some aspects in to .ssh/config. It's usually easier for me to find errors with my configuration if everything is on the command line, plus I don't know that I see the correct forwarding options all listed there.
Unless I'm very mistaken, you don't need any reference to the ec2 host in your SSH config file because you're using the jump machine to redirect localhost traffic there, you wouldn't directly be able to reach the ec2 host machine from your local machine using an SSH tunnel.
There are many ways to do a tunnel, but when I do this, I use a command like ssh -L 8080:destination:80 -i <keyfile> me#jumpbox . destination must be reachable from jumpbox, which I can verify by first using ssh -i <keyfile> jumpbox then, once on that machine, ssh destination. If there's a problem along the way, it's easier to debug these little steps (for instance, if I can't connect by manual ssh to jumpbox then I know the tunnel will never work).
I'm running a Gitkraken client on Windows 10. I've a remote GitLab (self-hosted) server listening SSH on port 2222. It seems, i can't use an SSH, whatever i tried to :
Clone Failed
Configured SSH key is invalid.
Please confirm that it is properly associated with your Git provider.
After some digging, it seems Gitkraken doesn't read my ssh config file witch specify my custom ssh port (Sourcetree works just fine).
How do I specify my ssh custom port in GitKraken ?
I just installed the Bash Ubuntu on Windows 10 natively. When I try and acess a remote server I get ssh: connect to host HOSTNAME port 22: Connection refused
I have tried to find a solutions, but the solutions doesn't work.
This is what I have tried:
https://askubuntu.com/questions/59458/error-message-sudo-unable-to-resolve-host-user/733120#733120
When I could not acess /etx/hosts I tried this:
https://askubuntu.com/questions/326239/cannot-access-etc-hosts
After downloading gksudo to try and edit /etc/hosts I got this error message (gksudo:2601): Gtk-WARNING **: cannot open display:
Are u sure everything is correctly setup?
I just tried
ssh -T git#github.com
in my Bash on Ubuntu on Windows.
and it totally works Returning
Hi <usernamer>! You've successfully authenticated, but GitHub does not provide shell access.
Maybe you have some settings that prevent connections? for example in ~/.bashrc?
Maybe your server needs a different port? use ssh -p 2222 for that.
I followed this tutorial and installed Plone on a Ubuntu 14.04 VPS to play with.
http://docs.plone.org/manage/deploying/production/ubuntu_production.html
As per the tutorial I closed the ports, leaving opened only 22,80,443. As Zope Management is on port 8080 the documentation suggests creating a ssh tunnel:
ssh user#yourhostname.com -L:8080:localhost:8080
That works great when I'm on a Linux or Mac. How can I create the same connection on a Windows machine?
Get putty from http://www.putty.org/
Go to Connection -> SSH -> Tunnles and add configure the tunnel as shown in the following image.
Important hint! Click the Add Button after editing the tunnel settings and afterwards open.
You may use port 8080.
I am trying to run putty on Windows 7.
I need to run some SSH commands to upgrade Magento. Every time putty gives me this fatal error:
network error: connection refused
I have even tried to use it through winSCP. Note that putty is running fine on my client's side, but for me it's giving me that error every time.
I tried using port 22, 23 and a few others without success. I have also tried with Windows Firewall both enabled and disabled.
Thank you.
Install open-ssh or ssh in target Linux machine solved my problem .
Use below commands:
sudo apt install ssh
sudo systemctl status ssh
sudo systemctl enable ssh
The following are the list of possibilities of this error:
1) Common cause is - Your IP is blocked or not whitelisted in the server which can be done by editing the file at /etc/csf/csf.conf
2) Disable the windows firewall settings and check..
The above two things should work in most of the cases
3) This is very unusual and when the above two options fails it is very difficult to find the solution
In this case the traceroute to the server host or IP works usually but putty fails
port 22 looks normal and working but connection fails and restarting SSH (service ssh restart) also does not work
reboot or restart the server but still fails
Adding IP in firewalls or whitelisting the local IP may not workout
This case generally happens when the server is migrated or new server. IP of the old server might be whitelisted locally, but don't have port 22 open, or some other local filtering is occurring for this new IP but not the old server IP..
In this case you need to change the port to some 522 or 530 some unusual port will help in sorting it out.. The same port you have to use for the SFTP connection also .. where as FTP connections works normally..
or you have to whitelist the IP locally or open the TCP in and out to port 22 if you want to use the port 22..