How to connect to OCI machine if the sshd is not responding? - ssh

I was updating the ssh port of an Oracle Cloud Infrastructure machine
I changed /etc/ssh/sshd_config
The port was
#Port 22
I changed it to
Port 40531
Then
restarted the sshd service systemctl restart sshd
open the port on the OCI Web
however, now I cannot connect.
ssh -vvv -p 40531 -i ~/.ssh/vm.key opc#129.xxx.xxx.xxx
OpenSSH_8.2p1, OpenSSL 1.1.1e 17 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 129.xxx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to 129.xxx.xxx.xxx [129.xxx.xxx.xxx] port 40531.
debug1: connect to address 129.xxx.xxx.xxx port 40531: Connection timed out
ssh: connect to host 129.xxx.xxx.xxx port 40531: Connection timed out
I saw a Cloud Shell but I'm not sure if it can be used to connect to the machine to perform maintenance tasks
Is there a way to connect to the VM from the web oci interface to fix the ssh issues?
I used to use a VPS service that has a web console from which you can enter to fix problems like this
is there something like this in OCI?
Note:
SELinux was disabled on the machine
if you are about to do this on your machine, remember to update the SELinux configuration prior restart the sshd service or you will be locked out, another option is to disable SELinux totally (this is what I did)

The changes above described worked well, the only thing that was causing issues on my side
(I don't really know why) is that I was connected from a VPN
After I disconnected the VPN and tried to connected again it worked
Update:
I figured out why the ssh using a different port was not working. The VPN I use is a corporate VPN which has very strict inbound and outbound rules, The VPN outbound rules were blocked by the TCP on port 40xxx.
Update:
if you are struggling with a VM you can connect using the below instruction
Creating the Instance Console Connection
Before you can connect to the serial console or VNC console, you need to create the instance console connection.
To create the console connection for an instance
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you're interested in.
Under Resources, click Console Connection.
Click Create Console Connection.
Upload the public key (.pub) portion for the SSH key. You can browse to a public key file on your computer or paste your public key into the text box.
Click Create Console Connection.
When the console connection has been created and is available, the state changes to Active.
Thanks to #bmuthuv for the info

You can connect to Serial Console of the VM where you could get access to GRUB Menu during a Reboot operation. You can subsequently use typical Linux commands to get to Shell from Grub. You can subsequently undo anything you would like to.
Serial Console connection can be created on OCI Web Console in the Instance's page.

Related

Create multiple-hop ssh connection without tcp forwarding

I would like to login to another server via ssh via a jump sever. I would like to run system tests on the sever and receive their evaluation / result. The whole thing should take place automatically and I don't want to have to copy the individual test files to the target system.
my_compuer --SSH--> Jump_Server --SSH--> Server(run system tests)
For security reasons, tcp forwarding is disabled in the sshd config of the jump server.
A dedicated username and a public key are required for both ssh connections.
The establishment of an SSH tunnel does not work due to the missing tcp forwarding. Here I get the error message "channel 1: open failed: administratively prohibited: open failed". When I active tcp forwarding the ssh connection is working as expected.
Would ssh proxy represent a possibility to enable an ssh connection with deactivated tcp forwarding? Which additional authorizations would be required here on the jump server?
What furhter options would I have?

How to fix ngrok forwarding port?

I am ssh-ing onto a remote desktop. Since I have to connect over the internet, I have exposed the ssh port (22) on the remote side using ngrok, and everything is working great. I connect to the desktop using the command
ssh username#2.tcp.ngrok.io -p portno
where I get the portno from the remote side, when I start the ngrok service from the line that says
Forwarding tcp://2.tcp.ngrok.io:portno -> localhost:22
However, everytime I start a new ngrok session on the remote side, a new portno is generated. Now, unless I have a secondary connection open (typically using teamviewer), I would not be able to know what that port number is.
How can I start the ngrok service with a fixed portno. This is because I want to have the ngrok service on startup as I would have to restart my remote desktop a couple of times and still want to connect to the desktop using ssh.
Thanks.
You'll need to reserve a TCP address on ngrok, which will give you a fixed address.
To associate a tunnel with a reserved TCP address, you should include the remote-addr option in your ngrok config when starting the tunnel.
An example from the docs: ngrok tcp --region=us --remote-addr 1.tcp.ngrok.io:20301 22

SCP in ESXi not working

Everytime I try to copy files from ESXi machine to other Linux machine it always fails. Either it waits for longer time or ends up with time out error.
Cmd used: scp local_file root#:IP:path/to/folder
cmd err:ssh: connect to host port 22: Connection timed out
lost connection
Linux machine has sshd service running.
But, copying from Linux to ESXi works.
Where am I missing in configuration? Thanks in advance !!
Enable SSH client (CLI method).
Check if SSH client service is enabled. Will return 'False' if 'Disabled'.
esxcli network firewall ruleset list --ruleset-id sshClient
Then enable SSH client.
esxcli network firewall ruleset set --ruleset-id sshClient --enabled=true
Enable sshClient in the firewall properties of the server.
In vSphere Client select
host -> Configuration -> Security Profile -> Firewall -> Properties
then enable SSH Client to enable outgoing scp connections.

Notepad++ NppFTP [SFTP] Connection failed : Error reading socket

Does anyone know why I am unable to connect to my server using the Notepad++ NppFTP plugin with SFTP?
I have a CentOS 6.4 server with SSH on port 22.
When I try and connect using NppFTP I get the following output:
[NppFTP] Everything initialized
Connecting
[SFTP] Connection failed : Error reading socket
Unable to connect
Disconnected
This used to work when I had my SSH port set to 3264 but when I changed the SSH port back to 22 NppFTP stopped working. All the settings for the profile are correct including the right IP, username, password and port (22).
I can connect with SFTP using FileZilla and WinSCP successfully with these same SFTP details and I can connect with SSH using PuTTY.
I can connect with SFTP to other servers using NppFTP so I believe there is an issue in my server config I'm just not sure where or what.
I looked at the access logs but found no attempt at a connection from NppFTP, I turned the firewall off and still nothing.
In the end I got in touch with my server company and it turns out it was a problem on their end. This is what they had to say:
"This was caused by an IPS rule inspecting the network packets coming into the infrastructure, which helps identify brute force attacks."
Very strange, but after they made the change NppFTP can now connect successfully.

AWS ssh access 'port 22: Operation timed out' issue

I can't access to AWS EC2 instance from one day.
(AMI: ubuntu/images/ebs/ubuntu-precise-12.04-amd64-server-20121001 (ami-22ad1223))
$ ssh -v -i mykey.pem ubuntu#XXX.XXX.XXX.XXX
OpenSSH_5.9p1, OpenSSL 0.9.8x 10 May 2012
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 20: Applying options for *
debug1: Connecting to xxx.xxx.xxx.xxx [xxx.xxx.xxx.xxx] port 22.
debug1: connect to address xxx.xxx.xxx.xxx port 22: Operation timed out
ssh: connect to host xxx.xxx.xxx.xxx port 22: Operation timed out
This is my "Security Groups" setting in EC2.
I did not change the setting from the time had a good connection.
Ports Protocol Source
22 tcp 0.0.0.0/0
80 tcp 0.0.0.0/0
3000 tcp 0.0.0.0/0
3006 tcp 0.0.0.0/0
I've tried many times to restart the server.
Web server is going well. However SSH connection is not.
What could be problem and how to make it work?
My usual checklist:
On AWS console: is the Instance up and healthy?
Is it in a public Subnet?
Does it have a public ip?
Does the VPC have an associated Internet Gateway?
Does it have the Routing Table to the Internet Gateway? (Attached to the subnet?)
Are the Network ACL rules default?
Does the Security group allow ping? If yes, does the ping work?
Does the Security group allow SSH inbound?
If there is still no clue, then fire up a new instance (from a base AMI) in the same VPC. Connect to it via SSH. If it was successful, try to ssh from that instance.
I too faced the same issue. Actually, by mistake, I deleted the default Internet Gateway.
Go to VPC and click "Internet Gateways" from the left menu.
Click "Create internet gateway" button and provide Name tag (any name - optional) and click create.
By default, it is detached. So click the Actions drop-down and select "Attach to VPC" and attach it with default VPC
Now go to "Route Table" and select default route table and edit the route by clicking "Edit routes" button under Routes tab
Then in the Destination text box provide "0.0.0.0/0" and in target select the newly created Internet gateway (starts with igw-alphanumeric) and save the route.
Now you should be able to SSH EC2 instance.
For newbies to AWS, like me, remember the hostname can change if you reboot or stop/start your instances. So remember to use the right hostname - visible in the description of your instance each time you ssh.
If this happens "from one day", the IP your AWS EC2 instance associated with may be blocked from this day.
If the IP is blocked, you need to add a new dynamic IP and associate this new dynamic IP with your AWS EC2 instance.
Steps:
1.Go to "Elastic IPs".
2.Allocate new address.
3.Choose this new address. Click "Actions" and "Associate address".
4.Select your instance and Click "Associate".
In my case, adding new dynamic IP to my AWS EC2 instance fix the problem.(My problem was I can't access to AWS EC2 instance from one day too)
Kindly create a new security group and select type SSH
SSH
TCP
22
0.0.0.0/0
In addition to Adam's answer, also check if your public subnet's RT table is using the IGW and the private Subnets' RT has 0.0.0.0/0 -> NAT instance Id.
Check that you are connecting to the public dynamic IP or associate an ElasticIP and connect to it.
I was using public wifi in the library and that was not letting me connect, which I came to know when I switched to my mobile hotspot wifi (password protected). Try switching to a protected network.
Even I also faced this same problem, good to know i have not allowed from route table.
Check EC2 Instance associated
And try these steps
subnet,Route table and allowed CIDR blocks
key pair associated with EC2 Instance
security group ssh port 22 allowed or not.
If you are accessing from a new machine, then make sure the IP of the machine you are accessing from is included in the inbound rules. If not add a rule
SSH | TCP | Port:22 | Source: MY IP
For me, I had to delete all my rules for the security group for the particular instance and create new rules for the same ssh, http and https
For some reason after stopping the instance and starting it later, my IP changed... probably because I switched my wifi connectivity device.
But putting new rules with the new IP address worked! You can check the ip by googling "myip"
Well, if this happened all of a sudden, try disconnecting and connecting back to your VPN (if accessing through a VPN). It might work!
I was able to fixed it simply by following this instruction
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/get-set-up-for-amazon-ec2.html
It sets up your private key pair as well as security group. The issue I think mainly because the default security group doesn't has a ssh inbound for your local IP setup.
If none of the troubleshooting steps above work for you, make sure that your EC2 container meets all system requirements for the application(s) you're running on the container. SSH will sometimes not be able to start if the memory runs out before getting to the SSH service.
Example: I was perfectly able to SSH into my EC2 container when I first launched it. I then proceeded to install Mailcow. My issue with SSH arose after restarting my container because the application I had installed required heavy services -- Docker, for example. After reading the system requirements from Mailcow, I realized a t2.micro wasn't even close to what I needed to run everything. I changed to a t3.large, and all worked perfectly.
Even after doing this for awhile, you can sometimes forget the most basic steps and requirements.
Try stopping the ec2 instance and then restarting. It worked for me!