I have two remotes, A and B defined in my ssh-config. I have a program running on each and I'm running two port-forwarding commands to my localhost.
ssh A -NL 8888:node:8888 and ssh B -NL 9999:node:9999
How can I execute these in one bash-command? I've tried using & or && and it doesn't work. The forwarding to A has to be established first, since B connects via A with ProxyJump, and A uses and 2FA, and I'm using ControlMaster for A. If possible I'd like to be able to cancel both with ctrl+c.
Related
I have two things that I'm able to do separately but would like to combine into a single step so I can automate it with Ansible.
Host A is my own laptop that cannot directly access C
Host B is a server with internet access that can access C. It is running squid
Host C which has no internet access
I can manually SSH to B and set up a reverse tunnel when I SSH to C. This allows C to have internet access if I set up http_proxy and https_proxy in the environment.
I can also use Ansible to connect to Host C from Host A via the proxy Host B. However so far whenever I do this host C has no internet access as the reverse tunnel isn't set up.
So I'm able to get close to my goal of running Ansible jobs on C while enabling internet access with a reverse tunnel from B, but I can't combine these two steps. So far I have
ansible_ssh_common_args='-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ProxyCommand="ssh -p 22 -W %h:%p -q admin#HOST_B"'
ansible_ssh_extra_args="-R 3129:localhost:3128"
This works to connect to C, but I cannot access the internet. I'm guessing the ansible_ssh_extra_args is run on my host machine, when really I want to be run from the proxy server B when connecting to B.
I've tried putting the -R 3129:localhost:3128 in a few different places but without success. If I manually connect to B and run the reverse proxy command before running the Ansible task (which tests pinging Google) it works as expected.
How can I tell Ansible to use a reverse tunnel from the proxy server when connecting to C?
According your description
This allows C to have internet access if I set up http_proxy and https_proxy in the environment.
I understand that (only) for tasks which will require internet access (annot. and which might be very few), you need probably just to set the remote environment via
- name: Update all packages
yum:
name: '*'
state: latest
environment:
http_proxy: http://localhost:3128
https_proxy: http://localhost:3128
Please consider that Ansible bases on Task execution. For each task a connection will be made and a small package for remote execution transferred.
i have to create a virtual topology with miniedit that has to talk using the mqtt sub/pub system.
i'm working on virtualbox (mininet-wifi)
i have installed mosquitto & the clients... using the terminals i have no problem with:
mosquitto_sub -t test
mosquitto_pub -t test -m hello!
but when i emulate the topology on Miniedit with (controller,switch and two hosts), the hosts cannot talk using mosquitto, i think that there is no broker that can handle the communications in the virtual topology, any suggestions?
I tried to connect also to a remote server, using cloudmqtt but i only got failed connection
i expect that using
xterm h1 h2
on the Comand Line Interface of miniedit, i would be capable of make the two hosts talks beetween them using
mosquitto_sub/pub system, because also in the xterm of the host, if i type
service mosquitto status
i obtain that
mosquitto is active
UPDATE
solved.
i just have to run another host in which i type "mosquitto" and the others hosts would just reach it using "mosquitto_sub/pub - h 10.0.0.3 for example
2 brokers (1 on each hosts) won't automatically discover each other when the "link" comes up.
You will have to either manually configure the a bridge between the 2 brokers if you want messages to be shared.
Or pick one and have the clients explicitly connect to that one broker. e.g. the -h option for the mosquitto_pub or mosquitto_sub commands.
I agree with the solution. Let me give more in depth explanation.
Run basic mininet topo with 4 hosts and 4 switches.
mn --topo linear,4
Then open xterm for 3 hosts
xterm h1 h2 h3
Three terminals will pop up. One of them will be the host. on h3's(10.0.0.3) xterm terminal run
mosquitto
On h2(10.0.0.2) subscribe to the topic with;
mosquitto_sub -h 10.0.0.3 -t "home/bedroom/light"
On h1(10.0.0.1) publish a message by;
mosquitto_pub -h 10.0.0.3 -t "home/bedroom/light" -m "ON"
You can now see the message on h2's terminal. Hope it helps.
I have 3 Ubuntu machines. First one (A) is my local machine, second one (B) is a gateway to the third (C) Ubuntu server. I can SSH from my local machine, A, to B and then SSH from B to C. I can't SSH from A to C directly.
What I need is to remotely log (graphical) into C from B? and if possible from A? I'm no network guy and the tunneling concept and port 3389 is confusing me.
Appreciate your help.
Confusing or not, you need tunneling. The easiest:
ssh -L 7722:address.of.C:22 address.of.B
will log you into B. At the same time, it will set up a tunnel between the current machine's port 7722 (can be any unused port over 1024, I arbitrarily selected 7722) and C's port 22 (the ssh port). Then, in another terminal,
ssh -X -p 7722 localhost
will open a SSH connection to your local port 7722, which is being tunneled to C's 22. It is functionally equivalent to ssh address.of.C while the above tunnel exists.
When you are done, just exit the second connection to leave C, then exit the first connection to deconstruct the tunnel.
If you don't have two terminals to work with, it is a bit more complex since you need a way to refer to the tunnel in order to be able to close it later.
ssh -fNM -S /tmp/tunnel.B.to.C.control 7722:address.of.C:22 address.of.B
ssh -X -p 7722 localhost
ssh -O exit -S /tmp/tunnel.B.to.C.control address.of.B
Here, /tmp/tunnel.B.to.C.control is an arbitrary name of file in a location where you can create a file. The first command sets up a tunnel and exits (instead of logging in), but stays in memory and records its activities in the named file. The last command then releases the tunnel, the memory and the file.
Currently, I have two servers running on an EC2 instance (MongoDB and bottlepy). Everything works when I SSHed to the instance and started those two servers. However, when I closed the SSH session (the instance is still running), I lost those two servers. Is there a way to keep the server running after logging out? I am using Bitvise Tunnelier on Windows 7.
The instance I am using is Ubuntu Server 12.04.3 LTS.
For those landing here from a google search, I would like to add tmux as another option. tmux is widely used for this purpose, and is preinstalled on new Ubuntu EC2 instances.
Managing a single session
Here is a great answer by Hamish Downer given to a similar question over at askubuntu.com:
I would use a terminal multiplexer - screen being the best known, and tmux being a more recent implementation of the idea. I use tmux, and would recommend you do to.
Basically tmux will run a terminal (or set of terminals) on a computer. If you run it on a remote server, you can disconnect from it without the terminal dying. Then when you login in again later you can reconnect, and see all the output you missed.
To start it the first time, just type
tmux
Then, when you want to disconnect, you do Ctrl+B, D (ie press Ctrl+B, then release both keys, and then press d)
When you login again, you can run
tmux attach
and you will reconnect to tmux and see all the output that happened. Note that if you accidentally lose the ssh connection (say your network goes down), tmux will still be running, though it may think it is still attached to a connection. You can tell tmux to detach from the last connection and attach to your new connection by running
tmux attach -d
In fact, you can use the -d option all the time. On servers, I have this in my >.bashrc
alias tt='tmux attach -d'
So when I login I can just type tt and reattach. You can go one step further >if you want and integrate the command into an alias for ssh. I run a mail client >inside tmux on a server, and I have a local alias:
alias maileo='ssh -t mail.example.org tmux attach -d'
This does ssh to the server and runs the command at the end - tmux attach -d The -t option ensures that a terminal is started - if a command is supplied then it is not run in a terminal by default. So now I can run maileo on a local command line and connect to the server, and the tmux session. When I disconnect from tmux, the ssh connection is also killed.
This shows how to use tmux for your specific use case, but tmux can do much more than this. This tmux tutorial will teach you a bit more, and there is plenty more out there.
Managing multiple sessions
This can be useful if you need to run several processes in the background simultaneously. To do this effectively, each session will be given a name.
Start (and connect to) a new named session:
tmux new-session -s session_name
Detach from any session as described above: Ctrl+B, D.
List all active sessions:
tmux list-sessions
Connect to a named session:
tmux attach-session -t session_name
To kill/stop a session, you have two options. One option is to enter the exit command while connected to the session you want to kill. Another option is by using the command:
tmux kill-session -t session_name
If you don't want to run some process as a service (or via an apache module) you can (like I do for using IRC) use gnome-screen Install screen http://hostmar.co/software-small.
screen keeps running on your server even if you close the connection - and thus every process you started within will keep running too.
It would be nice if you provided more info about your environment but assuming it's Ubuntu Linux you can start the services in the background or as daemons.
sudo service mongodb start
nohup python yourbottlepyapp.py &
(Use nohup if you want are in a ssh session and want to prevent it from closing file descriptors)
You can also run your bottle.py app using Apache mod_wsgi. (Running under the apache service) More info here: http://bottlepy.org/docs/dev/deployment.html
Hope this helps.
Addition: (your process still runs after you exit the ssh session)
Take this example time.py
import time
time.sleep(3600)
Then run:
$ python3 time.py &
[1] 3027
$ ps -Af | grep -v grep | grep time.py
ubuntu 3027 2986 0 18:50 pts/3 00:00:00 python3 time.py
$ exit
Then ssh back to the server
$ ps -Af | grep -v grep | grep time.py
ubuntu 3027 1 0 18:50 ? 00:00:00 python3 time.py
Process still running (notice with no tty)
You will want the started services to disconnect from the controlling terminal. I would suggest you use nohup to do that, e.g.
ssh my.server "/bin/sh -c nohup /path/to/service"
you may need to put an & in there (in the quotes) to run it in the background.
As others have commented, if you run proper init scripts to start/stop services (or ubuntu's service command), you should not see this issue.
If on Linux based instances putting the job in the background followed by disown seems to do the job.
$ ./script &
$ disown
I have a little Raspberry Pi that I'm playing with. I've got it running headless, and I need to make it forward one of its ports to a remote server when certain conditions are satisfied.
However, I don't want the connection to sit indefinitely until the server closes it. Is there a way to close an SSH connection (from the client, I have no root to the server) after a certain amount of time? Ideally I'd do it directly via the ssh command, but I'm writing in Python 3, so if there's a way to do this in Python, then I'm all ears.
In your /etc/ssh/sshd_config:
ClientAliveInterval <time interval in seconds>
ClientAliveCountMax 0
So using 300 in the first directive will kick the connection after 5 minutes idle. You'll need to restart sshd to make it take effect.
try ssh -o ServerAliveInterval=10 server.org
Unless you run ssh with the "-N" option, it normally launches some kind of command or shell on the remote system (the Pi in this case). Ssh disconnects when this remote command exits.
If you're running ssh just to create some port forwards, you may be running with "-N", or you may be letting the ssh session sit at a command prompt. Instead, you could launch a command on the Pi which exits after the desired period of time. You could use the sleep command, for example:
ssh -Lwhatever -Rwhatever user#pi "sleep 3600"