I can establish a port forwarding session in Ubuntu as follows:
ssh -L 8000:dev.mycompany.com:443 jump.mycompany.com
now I'd like to emulate this with Jsch:
public static void openTunnel() {
JSch jsch = new JSch();
String privateKey = "~/.ssh/id_rsa";
try {
jsch.addIdentity(privateKey);
log.info("Connecting to {}#{}", getJumpUser(), getJumpServer());
Session session = jsch.getSession(getJumpUser(), getJumpServer(), 22);
session.connect();
session.setPortForwardingL(8000, getHost(), 433);
} catch (JSchException e) {
log.error("", e);
}
}
However I get the following exception after the tunnel is set up, and trying to connect to it with RestTemplate (Spring HTTP Client - but curl gives an error as well):
ssl.SSLHandshakeException: Remote host closed connection during handshake
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:744)
What do I have to confiugre in Jsch so that it does exactly the same as the openssh client?
I suppose, you're trying to get a connection to a https webserver that's not public available.
The port forwarding works, BUT https will not work on localhost:8000, because the certificate is for dev.mycompany.com and not localhost.
You can cheat, by adding an entry into your hosts file.
127.0.0.1 dev.mycompany.com
But probably it's easier to try socks5.
ssh jump.mycompany.com -D 8005
And then setting in your browser (sample for firefox):
Select: Manual proxy configuration:
Socks Host: localhost
Port: 8005
Socks5
Related
I am new to Terraform , OCI .
So I am now trying to ssh on a linux host in my OCI via cloud shell, but that host is in a private subnet. So I am trying below command but getting timeout error.
Could you please tell me where I am getting this wrong
resource "null_resource" "remote-exec" {
provisioner "remote-exec" {
connection {
agent =false
timeout = "5m"
host ="xx.xx.xx.x" --- This is in a private subnet(private ip address to connect to linux env)
user = var.host_user_name
private_key =file("${path.module}/sshkey.pem")
}
inline = [
"sleep 10",
"sudo su - oracle",
"source EBSapps.env run",
"cd /u01/",
"touch ytest.txt",
]
}
}
#Deepak .. I guess you cannot connect to instance in private subnet using private IP. You would need bastion host in this case. Before trying it from terraform, did you try it out from OCI console?. I believe you will not be able to connect to instance just by private IP. If you want complete setup in terraform, you would need to create resource for bastion-host and then you can get connect to private subnet instance via bastion host. In this case, you remote execution block will have bastion-host IP. Something similar to below
provisioner "remote-exec" {
connection {
agent =false
timeout = "5m"
host ="xx.xx.xx.x" --- This should be bastion host IP
user = var.host_user_name
private_key =file("${path.module}/sshkey.pem")
}
References:
https://medium.com/#harjulthakkar/connect-to-private-compute-instance-using-oci-bastion-service-ca96a3ceea49
https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/bastion_bastion
I'm having trouble when I try to connect my local Photon Server with Unity3D WebGL Build, using secure websocket connection. I can establish the connection with websockets (not the secure one) and any other environment other than WebGL builds (Even in Unity's play mode with WebGL configuration, it just won't work when I get a build). I'm guessing that the problem is related with my certificate but I'm not entirely sure. I tried self-signed one, and a real one.
Here is the error:
WebSocket connection to 'wss://localhost:19091' failed: Error in
connection establishment: net::ERR_INSECURE_RESPONSE
I already tried 127.0.0.1 instead of localhost, tried to change the port.
I got my socket code from Photon's website, link is here:
https://www.photonengine.com/sdks#onpremiseunity3d
My Client code(uses Photon's SocketWebTcp class) is like this:
using ExitGames.Client.Photon;
using UnityEngine;
public class HiveClient : IPhotonPeerListener
{
public PhotonPeer PhotonClient { get; set; }
public HiveClient() { }
public void Connect()
{
this.PhotonClient = new PhotonPeer(this, ConnectionProtocol.WebSocketSecure);
this.PhotonClient.SocketImplementationConfig.Add(ConnectionProtocol.WebSocketSecure, typeof(SocketWebTcp));
this.PhotonClient.Connect("wss://localhost:19091", "Hive");
}
public void DebugReturn(DebugLevel level, string message)
{
Debug.Log("DebugReturn: " + level.ToString() + " Message: " + message);
}
public void OnEvent(EventData eventData)
{
Debug.Log("OnEvent: " + eventData.Code);
}
public void OnOperationResponse(OperationResponse operationResponse)
{
Debug.Log("OnOperationResponse: " + operationResponse.DebugMessage);
}
public void OnStatusChanged(StatusCode statusCode)
{
Debug.Log("OnStatusChanged: " + statusCode.ToString());
}}
Here is app's websocket listener in photon server config:
<WebSocketListeners>
<WebSocketListener IPAddress="0.0.0.0" Port="19091" DisableNagle="true" InactivityTimeout="10000" Secure = "true" StoreName = "MY" CertificateName = "DESKTOP-PQ845BC" UseMachineStore = "true">
</WebSocketListener>
</WebSocketListeners>
Lastly, here is my self-signed certificate:
Thank you.
Solved this, It seems certificates doesn't work with ip adresses like 127.0.0.1. Certificate expects some address (like xxx.photon.com)
As a temporary solution, one can send a https request to defined ip and insert the ip chrome's allowed ips. This temp solution relates to this answer:
https://stackoverflow.com/a/43493521/3013806
Redis version: 3.2.0
Jedis version: 2.8.1
Below is my java code for connecting to redis:
public class TestRedis {
public static void main(String[] args) {
String host = args[0];
int port = Integer.parseInt(args[1]);
try (Jedis jedis = new Jedis(host, port)) {
System.out.println("Connected to jedis " + jedis.ping());
} catch(Exception e){
e.printStackTrace();
}
}
}
I am running this program in the machine where redis is installed. This machine's ip address is 192.168.1.57
If I provide host="localhost" and port = "6379" as arguments, connection with redis successfully established.
However, If I give host="192.168.1.57" and port = "6379" in arguments, I end up with below exception:
redis.clients.jedis.exceptions.JedisConnectionException: java.net.ConnectException: Connection refused
at redis.clients.jedis.Connection.connect(Connection.java:164)
at redis.clients.jedis.BinaryClient.connect(BinaryClient.java:80)
at redis.clients.jedis.Connection.sendCommand(Connection.java:100)
at redis.clients.jedis.Connection.sendCommand(Connection.java:95)
at redis.clients.jedis.BinaryClient.ping(BinaryClient.java:93)
at redis.clients.jedis.BinaryJedis.ping(BinaryJedis.java:105)
at TestRedis.main(TestRedis.java:14)
Caused by: java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:339)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:200)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:579)
at redis.clients.jedis.Connection.connect(Connection.java:158)
... 6 more
Please help...
There are a few settings that would affect this: bind and protected-mode. They work together to provide a baseline of security with new installs.
Find the following in your redis.conf file and comment it out:
bind 127.0.0.1
By adding a # in front of it:
# bind 127.0.0.1
Or, if you would rather not comment it out, you can also add the IP of your eth0/em1 interface to it, like this:
bind 127.0.0.1 192.168.1.57
Also, unless you're using password security, you'll also have to turn off protected mode by changing:
protected-mode yes
To:
protected-mode no
Make sure that you read the relevant documentation and understand the security implications of both of these changes.
After making these changes, restart redis.
I can't connect to a SSH host using the Gradle SSH Plugin with my private key.
Specifying the password in the build.gradle works fine:
remotes {
webServer {
host = '<IP>'
user = '<USER>'
password = '<PASSWORD>'
}
}
But to avoid writing my password in the build file, I've set my environment to connect using my private key without entering the password from shell:
ssh <user>#<ip>
This command works from the shell but I can't achieve this with the Gradle plugin. This is my configuration:
remotes {
webServer {
host = '<IP>'
user = '<USER>'
identity = file("${System.getProperty('user.home')}/.ssh/id_rsa")
}
}
The error is:
Caused by: com.jcraft.jsch.JSchException: USERAUTH fail at com.jcraft.jsch.UserAuthPublicKey.start(UserAuthPublicKey.java:119)
Since I'm able to connect from the shell, what's wrong with my configuration?
I fixed this by adding the agent = true property:
remotes {
webServer {
host = '54.233.77.171'
user = 'denis'
agent = true
identity = file("${System.getProperty('user.home')}/.ssh/id_rsa")
}
}
agent - If this is set, Putty Agent or ssh-agent will be used on
authentication
For more information: Connections settings
I tried this property after analyzing the class UserAuthPublicKey:
if(userinfo==null) throw new JSchException("USERAUTH fail");
I think JCraft only supports PEM keys - when generating the keys, you need to specify the format:
ssh-keygen -t rsa -m PEM
I need to write a simple program for work that does the following:
read a config file
connect to a bunch of servers
establish a ssl socket
pull info form the server's x509 cert, expire date and hostname for now
email a report when its done
items 3 and 4 are things that I have had bad luck researching/googleing and I do not know java well, at all since 1.2 around 2001
A verbose but throughout guide about the inners of Java Cryptographic Extension is found at Oracles website as well: http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html
I found a code snipit that tells me what I need to know about java at http://www.exampledepot.com/egs/javax.net.ssl/GetCert.html
here it is:
try {
// Create the client socket
int port = 443;
String hostname = "hostname";
SSLSocketFactory factory = HttpsURLConnection.getDefaultSSLSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket(hostname, port);
// Connect to the server
socket.startHandshake();
// Retrieve the server's certificate chain
java.security.cert.Certificate[] serverCerts =
socket.getSession().getPeerCertificates();
// Close the socket
socket.close();
} catch (SSLPeerUnverifiedException e) {
} catch (IOException e) {
} catch (java.security.cert.CertificateEncodingException e) {
}