Is there a simple step by step example on how to SSH into a private Aurora MySQL db?
something like:
mysql -h dbDomain.pair.com -u dbUser -p dbName
I think you are looking for how to config RDS to be remote accessible, if that's the case, check this https://aws.amazon.com/premiumsupport/knowledge-center/aurora-private-public-endpoints/
For me I wouldn't make my db access via public endpoints, instead, I would setup as private and only can access from my VPC LAN.
Then I use a EC2 instance as proxy, and access the database via LAN ip from SSH tunnel.
To do that, you need check the VPC document, setup subnets etc.
AWS document is a good place to start.
https://docs.amazonaws.cn/en_us/vpc/latest/userguide/what-is-amazon-vpc.html
Update: if you already set the db to be private, take a look at this
https://linuxize.com/post/mysql-ssh-tunnel/
Related
I would like to connect to an Oracle database hosted on a remote box using Oracle SQL Developer. I am able to create a standard connection BUT I have to be connected to a VPN for security reasons. I want to bypass this vpn.
I do this all the time with normal ssh connections. There is one machine (gateway) on my company network than can be accessed outside the network (no vpn). From gateway, I can connect to any machine on our network. I would like to connect to the database hosted on machine (dbmachine) on the network (which cannot be accessed without being on the vpn unless I am first connected to the gateway).
This seems to be a common issue because I was easily able to bake this functionality seamlessly into my ssh config. Example:
Host gateway
HostName gateway.company.org
User marc
Host dbmachine
HostName dbmachine.company.org
User marc
ProxyJump gateway
Host exampleMachine
HostName exampleMachine.company.org
User marc
ProxyJump gateway
By using ProxyJump, I am able to type ssh dbmachine to seamlessly connect to dbmachine or ssh exampleMachine to seamlessly connect to exampleMachine. I want to do a similar jumping technique with Oracle SQL Developer. How can I connect to the database on dbmachine from Oracle SQL Developer?
I'm not sure what port the db is running on dbmachine, but I can access it though sqlplus when I'm logged into the box.
The answer is to create an SSH Tunnle:
ssh -L 1521:localhost:1521 -N -f dbmachine
This will forward all traffic on localhost:1521 to dbmachine:1521 (where the database is running). It will respect the user's configuration so you do not have to setup two tunnles.
-N Will not switch to remote shell
-f Requests ssh to go to background just before command execution
I'm not sure if there's a better solution that is configurable directly in a database client, but this works for me on Arch Linux.
This might be a really stupid question but I don't know where to begin to search for something like that.
Im using google cloud.
I have a master node in gcloud called master-node and a couple of slave nodes called slave-node-1, slave-node-2. They all have external IP addresses.
I can connecting to the master instance using the following command, gcloud compute ssh master-node -i /.ssh/sshkey.
Then, if I want to connect to the other two instances, I could do something like ssh slave-node-1 -I /.ssh/sshkey.
I also know its possible to use an ssh tunnel and forward a port so I can do things like connect to 127.0.0.1:5901 on my local pc so I can see the desktop on the vm instance.
My question is... Is possible to put my local computer into the same domain as that vm instance in the gcloud project so that if I did ssh slave-node-1 -I /.ssh/sshkey from my local pc, it would work and I could connect to my slave-node-1 instead of using the external IP address; it would be as if I was the master-node in my gcloud project.
Does my question make sense?
I'm newbie for GCP and I need your help which this is the step I had made.
(1) I setup google cloud firewall rules to allow ssh on port 22 and I can ssh to my instance, CentOS7, correctly.
(2) When I connect to my instance, I run some firewall script and after that I cannot ssh to my instance anymore. It seem that script block ssh port even I enable it in the VPC Network > Firewall rules.
(3) Now I cannot connect to my instance including Open in browser window in the SSH menu on gcp console.
Is there any solution to connect my instance? Please help.
Thank in advance.
Bom
You probably change block ssh port by changing firewall configuration inside VM.
So you can consider 2 options :
1) Recreate VM if no sensitive data, or not too much work spent for the existing setup.
2) Detach Boot disk and reuse it on another instance, to change the configuration files of firewal.
check Official Docs - Use your disk on a new instance for that:
gcloud compute instances delete $PROB_INSTANCE
--keep-disks=boot
gcloud compute instances create new-instance
--disk name=$BOOT_DISK,boot=yes,auto-delete=no
gcloud compute ssh new-instance
Hope it will help you.
I have a microservice, let's call it RdsConnector, I want to test locally that is normally deployed on a machine on AWS. It connects to a MySQL instance, which is also in AWS, without any SSH tunnelling as they are in the same VPC. To connect to that MySQL instance from my local machine, I can use SSH tunnelling to get into the VPC I have set up in AWS. This is what that configuration looks like:
I could set up my microservice to also connect through SSH (optionally, perhaps), but I don't want to do that. Then I would have a different configuration running it locally vs in the cloud. What I want to do instead is set up some kind of proxy server on my local machine that will take the SSH credentials and do that SSH tunnelling, exposing the VPC MySQL endpoint locally. Then RdsConnector will just use that local endpoint, and I won't have to have a different config for RdsConnector just for local testing.
I'm not very familiar with the networking technologies in use here. I just know that there's no public IPs for my VPC, so I have to SSH in. I imagine that what I want is possible, but I have no idea what the moving parts would be.
Ok this turned out to be quite simple actually! The ssh program can do this for you, this is how I configure it with Mac OS ssh:
ssh -N -i "/Users/foo/aws_ssh_key.pem" \
-L "localhost:5990:stack-name-vpc-db.asdfqwerty.us-east-1.rds.amazonaws.com:3306" \
foo#12.34.567.890
With the -L flag, it'll proxy stuff over the SSH connection for you from the given endpoint to the provided endpoint on the other side. That -N flag is optional, it just turns off the regular SSH console since we only want to run a proxy server. The microservice can treat localhost:5990 as if it were the regular MySQL endpoint.
I was going to do rsync, but rsync over SSH needs to have the private key on the second EC2 instance. I'm concerned about copying my private SSH key to the server. That can't be safe, right?
Is there another possibility, e.g. somehow getting authentication via my computer? If it's only a little auth check at the beginning of each sync, I don't mind that.
Or can I securely sync files between EC2 instances without the private key?
Thanks for your input,
MrB
You needn't use your EC2 keys to setup SSH between the two EC2 instances. Look at this guide - http://ask-leo.com/how_can_i_automate_an_sftp_transfer_between_two_servers.html .
Simple outline of the process is, lets say you want to transfer files from Server1 to Server2. You basically create a new key for your user on Server1 (note this is different from the key you downloaded to access your EC2 instance - Server1 in this case). Then load up the public part in Server2's authorized_keys and you should be able to setup SSH.
If the user that the rsync process is going to run under is not your user, then you will have to setup SSH keys for the user that the process will run under.
HTH
Just create a snapshot of the volume you have your modified files contained and attach it your outdated instance after detaching the outdated volume.