I have some problem connecting to my amazon EC2 server over ssh over proxy.
I have my username and password for http proxy port 8080.(dont have control over proxy)
Also I have my connection string which would work without proxy
ssh -i key.pem root#xx.compute.amazonaws.com
when I am trying to connect I am getting "No route to host" error
I tried to use putty, configured proxy + authentication file, But then I getting this error
"Unable to use this key file (OpenSSH SSH-2 private key)"
Also I dont know how putty inserts my proxy config, into ssh connection string, so I could try it in terminal
I was facing the same problem and this is what I used to connect, using corkscrew. My config file looks like this
Host AWS
Hostname <Public DNS>
Port 443
#Write the appropriate username depending on your AMI, eg : ubuntu, ec2-user
User ubuntu
IdentityFile </path to key file>
ProxyCommand /usr/bin/corkscrew 10.10.78.61 3128 %h %p
then I simply use this command to connect
ssh AWS
and it works flawlessly.
Note : You must edit your sshd_config file on the server to listen to ssh connections on port 443 (in addition to 22) and restart the ssh daemon.
Are you sure you can login as root? Try logging in as ec2-user instead.
Also, if you have assigned an elastic IP to your instance, the public DNS has probably changed. Log in to the aws console, and select your instance. Scroll down to look at the public DNS again and double check you are using the correct xx.compute.amazonaws.com addr.
Related
I have two hosts, homehost, and digitalocean host.
I want to access my homehost remotely via ssh.
Homehost is behind a firewall with a dynamic IP.
I am using reverse proxy, to initiate a connection from homehost to digitalocean host.
By Running this on the homehost:
ssh -R *:1234:localhost:22 -i "~/path/to/privatekeyfile" root#digitalocean_host
This way, I can login to my digital ocean host via the private key pair file, and then ssh to port 1234 on localhost to connect to my homehost from anywhere outside the network.
Now I forwarded the port 1235 to port 1234 on the digitalocean host by doing this.
ssh -L *:1235:localhost:1234 root#localhost
This way, I can connect to my homehost from outside the network, by:
ssh useronhomehost#digitaloceanhost -p 1235
However, this does not depend on any keypair validation so my homehost is completely open to attacks.
How can I enable a key-pair authentication for port 1235 of my digital ocean host?
I want to copy a folder from remote ubuntu to ec2-instance tried the below at remote ubuntu machine
scp -i </path/of/ec2_pemkey> -r <folder that I wanna copy> user#<ip of ec2>:/path/where/I wanna/copy
I copied my pem to remote and changed permissions chmod 400
error: connection timed out
The Connection Time out means that your local can't be able to reach the remote.
to debug :
Check if your remote machine authorize traffic from port 22 ( Security Group)
Check if You have the good public IP of your machine
If its was an error with your pem key or user (ubuntu) you will receive an access denied error.
From you comment, that means its was the IP of the machine missing or not good.
I missed adding ip address of my remote ubuntu machine to security groups of my ec2 instance. Once done, I was able to scp from remote ubuntu to ec2 instance.
Make sure security group type is SSH which enables port 22
I'm new to Amazon Web Service (AWS).
I already created a PostgreSQL from AWS RDS:
Endpoint: database-1.XXX.rds.amazonaws.com
Port: 5432
Public accessibility: Yes
Availablity zone: ap-northeast-1c
After that, I will push my application that using the database to AWS (maybe deploy to EKS).
However, I want to try testing the database server from my local computer first.
I haven't tried testing from my laptop PC at home yet, but I think it will connect OK because my laptop PC is not using the HTTP proxy to connect to the network.
The problem is that I want to try testing from my company PC, which needs setup the HTTP proxy to connect to the internet. The PC spec:
Windows 10
Installed PostgreSQL 10
Firstly, I tried using psql command-line:
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://user:password#my_company_proxy:3128
set https_proxy=http://user:password#my_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
set http_proxy=http://my_second_company_proxy:3128
set https_proxy=http://my_second_company_proxy:3128
psql -h database-1.XXXX.rds.amazonaws.com -U postgre
> Unknown host
Then, I tried using the pgAdmin tool.
As from the internet post, it said that we can use "SSH Tunnel" for inputing proxy:
However, the error message will be shown:
So, anyone can help suggest if we can connect to the public PostgreSQL server through HTTP proxy?
I think problem is Postgres uses plain TCP/IP protocol and you are trying to use HTTP proxy. Also you're trying to create SSH tunnel against your HTTP proxy server which won't work.
So I'd suggest following solutions:
Use TCP proxy instead of HTTP proxy
Create an EC2 or any instance that has SSH access from your company network and has access to public internet. So that you can create SSH tunnel through that instance to achieve your goal.
NOTE: Make sure you PostgreSQL is accessible from public internet (although this is usually bad idea, but it's out of scope this question) sometimes security group configs prevent it to connect from public internet.
Just add all ports(5432,3128...) in the Security Group from your RDS and specify your IP. Don't forget "/32"
Let me add that "unknown host" is usually an indication that you're not resolving the DNS hostname. Also, your HTTP proxy should not interfere with connections to databases since they aren't on port 80 or 443. A couple of things you can try (assuming you're on windows) sub in your actual url:
nslookup database-1.XXXX.rds.amazonaws.com
telnet database-1.XXXX.rds.amazonaws.com 5432
You should also check the security group that is attached to your RDS and make sure you've opened up the ip address that you're originating from on port TCP/5432.
Lastly check that your VPC has DNS and Hostnames enabled. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-updating
I am new to mongoDB trying to setup tools for my new project. Most of my infrastructure run on AWS so i prefer to use AWS documentDB. I manage to connect to documentDB from EC2 both via mongo client or NodeJS aplication. but it would be good to mange documentDB from my Windows workstation using MongoDB Compass.
As we know, we can not direct connect any mongo client from outside AWS to DocumentDB Connecting to an Amazon DocumentDB Cluster from Outside an Amazon VPC
so we need SSH tunnel through EC2. I try many options but still fail... below are most likely 2 options:
Option 1: Connect using MongoDB Compass SSH tunnel
Error: unable to get local issuer certificate
both RDS-COMBINED-CA-BUNDLE.PEM and SSH Key already supplied so which one unable to get?
as red highlight on SSH port, I also tried to open another SSHD port on server and tried to connect using second port but still failed.
Option 2: Connect using Putty SSH tunnel
Error: Hostname/IP does not match certificate's altnames...
since MongoDB Compass need to connect to locathost to get into tunnel and i still can not find the way to supply --sslAllowInvalidHostnames options.
So, what i can do to get around this ?
MongoDB Compass: 1.25.0
I am done with Compass.
successful established "robo3t" connection to AWS DocumentDB using this guild.
https://docs.aws.amazon.com/documentdb/latest/developerguide/robo3t.html
As of Jan 2022 MongoDB Compass does not support sslInvalidHostNameAllowed=true in the connection builder form, this is the parameter you are missing in order to connect to AWS DocumentDB while ssh tunneling to a machine inside the same VPC of the database itself.
I used Studio 3T and it worked perfectly. You could create the connection string yourself or try other GUI.
Edit Jan 2023:
I just gave a try to compass again and it seems they now support sslInvalidHostNameAllowed flag through the UI, you could still change manually the connection string but then any UI interaction would overwrite it.
If you edit the connection string directly in MongoDB Compass you can set options that may not be accessible in the user interface.
Below is an example with tweaked parameters to connect without using TLS:
mongodb://xxxx:yyyy#localhost:27017/?authSource=admin&connectTimeoutMS=10000&readPreference=primary&authMechanism=SCRAM-SHA-1&serverSelectionTimeoutMS=5000&appname=MongoDB%20Compass&ssl=false
For Hostname, are you using DocumentDB endpoint? In one screenshot, I see you are using localhost.
I have managed to connect with option 1.
The workaround can be by establish connection using SSH Tunnel (port forward) and so that SSH tunnel opens a port on your local system that connects through to another port at the other end of the tunnel.
Using the below command establishes a tunnel on terminal and later you can use this channel/connection to connect MongoDB using MongoDB Compass.
For example:
ssh user#aws-ec2-ip-address -L 35356:127.0.0.1:27017 -N
where -L as the Local listening side
Port 35356 is listening on localhost (that is in this case your EC2) and port forwards through to port 27017 on remote server.
Note - Add identity file in .ssh/config
Ex - On Mac
Host XXXXXXX
HostName 52.xx.xx.xx
User ubuntu
IdentityFile ./path/prod.pem
I am new to pgAdmin and to SSH tunnels. I am trying to establish a connection to a postgres DB with SSH tunnel. I am on Windows 10. I am given the following instructions (I changed all the names and ports in the below)
Add the following to your SSH config (~/.ssh/config):
Host prod
Hostname myorg.org.uk
User sshusername
IdentityFile idef.pem
LocalForward 9999 localforward.amazonaws.com:8888
Now you can tunnel your way through to PostgreSQL:
ssh -N prod
And now psql et al can connect (You must open a new Terminal window while the SSH tunnel is running):
psql -h localhost -p 9999 -U connectionusername -d dproduction
I am also given the dproduction database password for the database I am trying to connect to: dproduction_pwd
I don't understand where everything goes in pgAdmin. I did the following:
Create-Server:
Name = test
Connection:
Host Name/Address: localhost
Prot: 9999
Maintenance database: postgres
username: connectionusername
SSH Tunnel:
Tunnel host: myorg.org.uk
Tunnel post: 9999
username: sshusername
Identity file: C:\idef.pem
Password: dproduction_pwd
I must be doing something wrong, as I don't use LocalForward from the ssh config above, where does this go? putting it in Tunnel host does not work.
I managed to use SSH tunnel to access my database with Windows 10 SSH and PGAdmin SSH Tunnel. It did take a while. pgAdmin's document isn't very clear on this. Here's the difference I found:
When setting SSH tunnel with Windows 10 SSH, you need to forward a local port (9999 in your case) to the remote port (8888).
In pgAdmin, that local port is no longer needed. My guess is since it already knows you want to access which service through which tunnel, it takes care of the local port in the background. That tunnel port, in the most common cases, should be the SSH port 22.
My suggested changes to your current setting would be:
in SSH Tunnel tab, set Tunnel port to 22
in Connection tab, set Port to 8888
This should work.