This might be a really stupid question but I don't know where to begin to search for something like that.
Im using google cloud.
I have a master node in gcloud called master-node and a couple of slave nodes called slave-node-1, slave-node-2. They all have external IP addresses.
I can connecting to the master instance using the following command, gcloud compute ssh master-node -i /.ssh/sshkey.
Then, if I want to connect to the other two instances, I could do something like ssh slave-node-1 -I /.ssh/sshkey.
I also know its possible to use an ssh tunnel and forward a port so I can do things like connect to 127.0.0.1:5901 on my local pc so I can see the desktop on the vm instance.
My question is... Is possible to put my local computer into the same domain as that vm instance in the gcloud project so that if I did ssh slave-node-1 -I /.ssh/sshkey from my local pc, it would work and I could connect to my slave-node-1 instead of using the external IP address; it would be as if I was the master-node in my gcloud project.
Does my question make sense?
Related
I'm newbie for GCP and I need your help which this is the step I had made.
(1) I setup google cloud firewall rules to allow ssh on port 22 and I can ssh to my instance, CentOS7, correctly.
(2) When I connect to my instance, I run some firewall script and after that I cannot ssh to my instance anymore. It seem that script block ssh port even I enable it in the VPC Network > Firewall rules.
(3) Now I cannot connect to my instance including Open in browser window in the SSH menu on gcp console.
Is there any solution to connect my instance? Please help.
Thank in advance.
Bom
You probably change block ssh port by changing firewall configuration inside VM.
So you can consider 2 options :
1) Recreate VM if no sensitive data, or not too much work spent for the existing setup.
2) Detach Boot disk and reuse it on another instance, to change the configuration files of firewal.
check Official Docs - Use your disk on a new instance for that:
gcloud compute instances delete $PROB_INSTANCE
--keep-disks=boot
gcloud compute instances create new-instance
--disk name=$BOOT_DISK,boot=yes,auto-delete=no
gcloud compute ssh new-instance
Hope it will help you.
I have a microservice, let's call it RdsConnector, I want to test locally that is normally deployed on a machine on AWS. It connects to a MySQL instance, which is also in AWS, without any SSH tunnelling as they are in the same VPC. To connect to that MySQL instance from my local machine, I can use SSH tunnelling to get into the VPC I have set up in AWS. This is what that configuration looks like:
I could set up my microservice to also connect through SSH (optionally, perhaps), but I don't want to do that. Then I would have a different configuration running it locally vs in the cloud. What I want to do instead is set up some kind of proxy server on my local machine that will take the SSH credentials and do that SSH tunnelling, exposing the VPC MySQL endpoint locally. Then RdsConnector will just use that local endpoint, and I won't have to have a different config for RdsConnector just for local testing.
I'm not very familiar with the networking technologies in use here. I just know that there's no public IPs for my VPC, so I have to SSH in. I imagine that what I want is possible, but I have no idea what the moving parts would be.
Ok this turned out to be quite simple actually! The ssh program can do this for you, this is how I configure it with Mac OS ssh:
ssh -N -i "/Users/foo/aws_ssh_key.pem" \
-L "localhost:5990:stack-name-vpc-db.asdfqwerty.us-east-1.rds.amazonaws.com:3306" \
foo#12.34.567.890
With the -L flag, it'll proxy stuff over the SSH connection for you from the given endpoint to the provided endpoint on the other side. That -N flag is optional, it just turns off the regular SSH console since we only want to run a proxy server. The microservice can treat localhost:5990 as if it were the regular MySQL endpoint.
We've brought up this topic before, but curious if anyone has any new information on this issue.
We use multiple servers that are accessed behind a "management server", so when we SSH in we have to log in there first, then from there log into our destination machine so always at least 2 SSH connections. We currently use port forwarding on the management server by using : which will take us directly through to the server of interest behind the scenes so we think we're directly ssh'ing into each one.
The issue here is that it requires specific setup, and in a scalable environment where servers can be added/removed the maintenance is cumbersome. Ideally we'd just be able to ssh into multiple machines using phpseclib and run commands.
Has anyone ran into this or have advice on a solution from the scripting level? Basically we need to ssh chain and ssh into machine 1, then machine 2 from machine 1, and run commands/interact with machine 2.
$ssh = new Net_SSH2('machine1');
$ssh->login('user', 'pass');
$ssh->setTimeout(10);
$ssh->enablePTY();
$ssh->exec('ssh machine2');
echo $ssh->read();
At this point (assuming that you're using RSA authentication and that your private key is in your ~/.ssh/id_rsa file on machine) the prompt that you get back should be of machine 2.
You could connect to a machine3 as well by doing this:
$ssh = new Net_SSH2('machine1');
$ssh->login('user', 'pass');
$ssh->setTimeout(10);
$ssh->enablePTY();
$ssh->exec('ssh machine2');
echo $ssh->read();
$ssh->exec('ssh machine3');
echo $ssh->read();
We have an AWS EC2 server that we've configured to be only accessible (via SSH) from within our office network. Obviously this isn't ideal for remote arrangements where someone has to connect to the EC2 instance and is working remotely outside the office such as during a business trip.
I've managed to set-up a VPN through PPTP and can connect to the office network (I have two local IP's one from wlan0 and one from ppp0) regardless of anywhere I am. However, when I SSH to the EC2 instance, it's still rejecting me most likely because it sees that I'm still trying to ssh from outside the network.
I think I'm missing something very important. What do you think, what am I missing to to get the ssh to use the vpn connection rather than one in wlan/eth?
I'm starting to think this isn't possible so kindly let me know. My other option is to ssh to a machine within the office network and then use that machine to ssh to the EC2 instance but I've been hesistant to do that as it seems excessive.
Find your gateway through which you want to connect to your ec2-instance.
For Linux systems, route -n will show you the routing table. Now add the route
sudo route add -host gw
Just having a VPN to your office does not mean all traffic from your machine will go through the VPN - that depends on how you configure the VPN.
You can SSH from your machine to an office machine, and from there ssh to EC2 - that should work.
Alternatively, configure your system to route traffic for the ec2 instance through the VPN connection - doing this depends on your specific VPN configuration.
I'm playing with Google Compute Engine(GCE) as I'm planning to migrate the cloud service provider from Rackspace(reason: GCE has good upgrade plans with best discount price).
I have few issues with GCE and one of them is Ubuntu os/image not supported by default. But there is an alternate method to run any linux distro in GCE, which is called Building an image from scratch for uploading custom images and creating instances(servers) from uploaded image.
I could able to create and run the instances from the Ubuntu image I uploaded to GCE following the link hagikuratakeshi.hatenablog.com. This is simply running ubuntu in general. I didn't face any problem but google's gcutil tool prompts for ssh passphrase and adds the key in GCE meta data but accepts only password logins(then why it prompts for passphrase).
I want to strictly follow Building an image from scratch as recommended by google. But after following all the steps, I could not able to login to my server instance via SSH. I guess this happens when I install Google Compute Engine image packages: google-startup-scripts_1.1.2-1_all.deb, google-compute-daemon_1.1.2-1_all.deb & python-gcimagebundle_1.1.2-1_all.deb. These packages/scripts make some changes to the instance at the startup and also to SSH configuration which are Strongly recommended. Once I strictly follow the link or once I install these packages I could not able to establish SSH connection once the instance is rebooted. The error message similar to the one below is shown while trying to connect:
test#machine1:~$ gcutil --service_version="v1" --project="mypro-555" ssh --zone="asia-east1-a" "server-instance-1"
INFO: Running command line: ssh o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i /home/test/.ssh/google_compute_engine -A -p 22 test#101.167.xxx.xxx -
ssh: connect to host 101.167.xxx.xxx port 22: Connection refused
NOTE: The user account test is available and common on both local and GCE server!.
My main problem is SSH connection when I strictly follow the steps. If I upload the fresh image and then follow the recommended steps connecting SSH, I could not do SSH again once I restart the instance (or) if I setup everything in the uploaded image before uploading, the created instance will be running but I could not able to connect atleast ones and the error is same.
Anybody using GCE with your custom image?, are you allowed to connected even after following the recommended settings?. Anyone already fixed this SSH issue?. Please post your comments!
EDIT 1
I could not figure out from the logs and here is the output of gcutil getserialportoutput server-instance-1.
The key here is that your ssh client says "connection refused". This indicates that there is indeed a machine at that IP address, but it's not accepting SSH connections. There are a few possible explanations:
The ssh daemon isn't running, or is listening on the wrong interface
Your instance is configured with a firewall that's denying SSH traffic
The GCE firewall rule to allow SSH traffic has been removed