I am using aws sdk in order to create machines, and as soon as the machines are created, i want to check ssh connection to those machines.
the problem is - from my machines, i don't have access to EC2 machines, but there is another machine on my network, which i have access to through ssh, and this machine do have access to the EC2 machines.
Now, is there a simple way through ruby to check ssh to EC2 machine ?
I've tried the following:
proxy = Net::SSH::Proxy::HTTP.new('<proxy ip>', 22)
Net::SSH.start('<EC2 machine's IP>', '<USER>', :proxy => proxy) do |ssh|
end
Errno::ECONNRESET: Connection reset by peer
from /home/galt/.rvm/gems/ruby-1.9.3-p484/gems/net-ssh-2.7.0/lib/net/ssh/proxy/http.rb:76:in `gets'
from /home/galt/.rvm/gems/ruby-1.9.3-p484/gems/net-ssh-2.7.0/lib/net/ssh/proxy/http.rb:76:in `parse_response'
from /home/galt/.rvm/gems/ruby-1.9.3-p484/gems/net-ssh-2.7.0/lib/net/ssh/proxy/http.rb:62:in `open'
from /home/galt/.rvm/gems/ruby-1.9.3-p484/gems/net-ssh-2.7.0/lib/net/ssh/transport/session.rb:67:in `block in initialize'
from /home/galt/.rvm/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/timeout.rb:55:in `timeout'
from /home/galt/.rvm/rubies/ruby-1.9.3-p484/lib/ruby/1.9.1/timeout.rb:100:in `timeout'
from /home/galt/.rvm/gems/ruby-1.9.3-p484/gems/net-ssh-2.7.0/lib/net/ssh/transport/session.rb:67:in `initialize'
from /home/galt/.rvm/gems/ruby-1.9.3-p484/gems/net-ssh-2.7.0/lib/net/ssh.rb:200:in `new'
from /home/galt/.rvm/gems/ruby-1.9.3-p484/gems/net-ssh-2.7.0/lib/net/ssh.rb:200:in `start'
from (irb):12
from /home/galt/.rvm/rubies/ruby-1.9.3-p484/bin/irb:12:in `<main>'
thanks !
The Net::SSH::Proxy::HTTP class is meant to point to a HTTP proxy for your ssh connections. So, you will need to set up a HTTP proxy on that machine to be able to proxy your connections through it.
If you can't do that, I suggest you use SSH reverse tunnels. We will achieve this by opening the port 8080 on the local machine, forward the traffic sent there to Server using the SSH tunnel and make Server forward it to the EC2 instance on port 22. The net-ssh ruby gem already provide commands to help us with that, but we will need to run 2 sessions in parallel, using threads:
proxy_thread = Thread.new do
Net::SSH.start('<proxy ip>', '<user>') do |ssh|
ssh.forward.remote(8080, "<AWS ip>", 22)
ssh.loop { true }
end
end
proxy_thread.start
Net::SSH.start('localhost', '<localhost user>', port: 8080) do |ssh|
#done
end
proxy_thread.kill
Related
I'm using net-sftp which relies on the net-ssh gem.
I'm trying to connect to a remote log service via SFTP, and it requires IP whitelisting. All my current servers have dynamic IPs.
I'm trying to set up a static, secure, proxy server in Google Cloud. I don't really understand all the differences between all the types of proxying, but net-ssh appears to support...
socks4
socks5
'jump' proxy
I looked into setting up a socks5 proxy with Dante but it appears a bit overkill just to relay the SFTP connection through it, not to mention I think it sends passwords in plain text.
How would I go about proxying net-sftp through some server in the easiest way?
The easiest way would be to setup a Jump-host server that can reach the target servers and then connecting to the target server by letting the Jump-host server proxy your connection through.
SSH makes it trivially easy:
ssh -J user#jump-host myuser#target-host
In your .ssh/config you can do the following:
### First jump-host. Directly reachable
Host jump-host
HostName jum-phost.example.org
### Host to jump to via jump-host.example.org
Host target-host
HostName target-host.example.org
ProxyJump jump-host
This will allow you to use net-ssh as usual. If you dont want to change the config file then you will have to use 'net/ssh/proxy/jump':
require 'net/ssh/proxy/jump'
proxy = Net::SSH::Proxy::Jump.new('user#proxy')
Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
...
end
See this article for more info on Jump Hosts.
I can't seem to get this to work. I try to run bundle exec rake db:migrate after running bundle exec rake db:create and it gives me this error:
rake aborted!
PG::ConnectionBad: fe_sendauth: no password supplied
/home/david/DBC/survey-gorilla-challenge/Rakefile:106:in block (2 levels) in <top (required)>'
Tasks: TOP => db:migrate
(See full trace by running task with --trace)
I've tried looking around, but it all seems like a solution for rails, whereas I'm using this with Sinatra and activerecord. I'm not sure if that makes any difference. I even tried changing my pg_hba.conf, which looks like this currently:
IPv4 local connections:
host all all 127.0.0.1/32 md5
IPv6 local connections:
host all all ::1/128 md5
I'm not sure how to get this working. Any help is appreciated.
I solved it. I changed my pg_hba.conf to
TYPE DATABASE USER ADDRESS METHOD
"local" is for Unix domain socket connections only
host all all 127.0.0.1/32 trust
IPv4 local connections:
host all PC 127.0.0.1/32 trust
IPv6 local connections:
host all all ::1/128 trust
and then restarted postgres with sudo nano /etc/postgresql/9.3/main/pg_hba.conf. This gets the migration going.
I followed this http://www.datastax.com/documentation/cassandra/2.0/cassandra/install/installAMI.html and then I try to use this ruby gem (https://github.com/iconara/cql-rb) to connect to my EC2 instance but i get the following error:
irb(main):013:0> Cql::Client.connect(host: 'PUBLIC_DNS', port: 9160)
Cql::Io::ConnectionError: end of file reached from
/Users/damien/.rbenv/versions/1.9.3-p392/lib/ruby/gems/1.9.1/gems/cql-rb-2.0.0.pre0/lib/cql/client/synchronous_client.rb:32:in
connect' from
/Users/damien/.rbenv/versions/1.9.3-p392/lib/ruby/gems/1.9.1/gems/cql-rb-2.0.0.pre0/lib/cql/client.rb:118:in
connect' from (irb):13 from
/Users/damien/.rbenv/versions/1.9.3-p392/bin/irb:12:in `'
If I SSH to the box and use cqlsh to connect to localhost it works fine.
Any idea?
You should use the native_transport_port which defaults to 9042, not the rpc_port which defaults to 9160. However, both ports are configurable inside of cassandra.yaml after a Cassandra server restart.
I am running open source chef server on ubuntu ec2 instance. I am trying to upload the cookbook from my workstation using knife to chef-server, I am getting following error
/home/jeevan/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/net/http.rb:878:in `initialize': getaddrinfo: Name or service not known (SocketError)
from /home/jeevan/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/net/http.rb:878:in `open'
from /home/jeevan/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/net/http.rb:878:in `block in connect'
from /home/jeevan/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/timeout.rb:66:in `timeout'
from /home/jeevan/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/net/http.rb:877:in `connect'
from /home/jeevan/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/net/http.rb:862:in `do_start'
from /home/jeevan/.rvm/rubies/ruby-2.0.0-p195/lib/ruby/2.0.0/net/http.rb:851:in `start'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/rest-client-1.6.7/lib/restclient/request.rb:172:in `transmit'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/rest-client-1.6.7/lib/restclient/request.rb:64:in `execute'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/rest-client-1.6.7/lib/restclient/request.rb:33:in `execute'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/rest-client-1.6.7/lib/restclient/resource.rb:76:in `put'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/chef-11.6.0/lib/chef/cookbook_uploader.rb:151:in `block in uploader_function_for'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/chef-11.6.0/lib/chef/cookbook_uploader.rb:25:in `call'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/chef-11.6.0/lib/chef/cookbook_uploader.rb:25:in `block (3 levels) in setup_worker_threads'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/chef-11.6.0/lib/chef/cookbook_uploader.rb:24:in `loop'
from /home/jeevan/.rvm/gems/ruby-2.0.0-p195/gems/chef-11.6.0/lib/chef/cookbook_uploader.rb:24:in `block (2 levels) in setup_worker_threads'
when I ran the same command in the verbose mode I figured out knife or workstation or chef-client installed on my laptop is trying to connect to the private ip of the ubuntu ec2 instance.
How do I prevent the knife to stop connecting to private ip of the ubuntu ec2 instance and connect to the sub-domain/domain or elastic ip of the server.
Kindly help me out
check how you configured chef_server_url in your chef configuration file.
You may want to configure the fqdn to your server instead of just the hostname.
for example if your machine is called myhserver.mycompany.com then if you configured (in your knife.rb)
chef_server_url 'myserver:8080'
then your server may be resolved to the private ip, and if you configred
chef_server_url 'myserver.mycompany.com:8080'
Then it may be resolved to your public IP. it depends how your DNS is configured.
Note: you can also consider configuring chef_server_url to point to your IP (instead of hostnames/fqdn).
I have a situation somewhat similar to "How to create a ssh tunnel in ruby and then connect to mysql server on the remote host."
From my local machine, I want to run a query against a production MySQL database host.
My local machine cannot directly connect to the database host. However, if I SSH to a gateway machine, I can run the MySQL client and connect to the database host.
I'm trying to figure out how to programmatically to run a query from my machine that is forwarded to the gateway machine, which forwards it to the database server, and have results returned. Basically I want to have LOCAL => GATEWAY => DB_HOST forwarding.
I have a hacky solution that runs ssh.exec and MySQL on the command line, shown below, but, I'm trying to find a way that does port forwarding twice.
I tried, but haven't been successful so far.
require 'rubygems'
require 'mysql2'
require 'net/ssh/gateway'
gateway = Net::SSH::Gateway.new(
$gateway_host, $gateway_user,:password => $gateway_pass)
# This works
ssh = gateway.ssh($db_host, $db_login_user)
data = ssh.exec!("mysql -u#{$db_user} -p#{$db_pass} #{$db_name} -e '#{$sql_query}'")
puts "#{data.class} is the class type"
puts data
# Want to do something like this with port forwarding
# client = Mysql2::Client.new(:host => $db_host,
# :username => $db_user,
# :password => $db_pass,
# :database => $db_name,
# :port => port)
# results = client.query($sql_query)
puts "end stuff"
ssh.close
Any suggestions?
Your diagram lays it out fairly well, you would need a tunnel from the Gateway to the Db_Host; and a second tunnel from your local machine to the gateway. The two tunnels would effectively connect your local machine to the db_host by way of the gateway.
Here's a reference specific to tunneling MySQL over SSH