I have a gpu-server Server-A in office. The only way to access that server is through the office wired network. The office provides a proxy server Server-B. How I connect to the Server-B? I first ssh login Server-B, then in the bash of Server-B, ssh login Server-A. I want to use vscode remote extension to work for Server-A. How can I do? I can connect to Server-B now in vscode.
After several days of struggling, I have figured it out. As Marc said, vscode respects the tunnels I setup in my .ssh/config file. A sample can be like this:
Host serverB
HostName serverB_ip
PreferredAuthentications publickey
IdentityFile your_key
User you
Host serverA
Hostname serverA_ip
IdentityFile your_key
ProxyJump serverB
User you
Have you looked into setting up a tunnel in your ssh config to go to Server-A via Server-B?I believe vscode will respect the tunnels you setup in your .ssh/config file.
Yes, its very easy:
You can install in VSCODE the sftp plugin and set the config file (.vscode\sftp.json) like this:
{
"name": "CONEXION 1",
"remotePath": "/",
"host": "192.168.1.98",
"username": "user",
"privateKeyPath": "C:/Users/Usuario/.ssh/id_rsa",
"passphrase": true,
"uploadOnSave": true,
"hop": {
"host": "11.0.0.255",
"port": 22,
"username": "user",
"password": "password"
}
After that, you can see in sftp:explorer the "CONEXION 1" to deploy it.
Right button "edit file" to change it in file explorer.
You have many options to do things very powerfull (more steps hops for example...).
Plugin: https://marketplace.visualstudio.com/items?itemName=liximomo.sftp
it is very easy now with VS code Remote-SSH by using Jump host option
ssh -J server_gate_way_proxy destination_server
ssh -tt server_gate_way_proxy ssh -tt destination_server
Related
I know I can use KDE dolphin to open a directory in a remote machine that I can directly access via ssh, but what if that machine is 1 hop away? Normally, when I have to open a terminal on such machine (let's call it destination), I issue the following command:
ssh user1#intermediate_destination:dir1
which allows me to connect to an "intermediate" server. Then, from intermediate_destination:
ssh user2#destination:dir2
How do I open a file browser in destination from my local machine using KDE Dolphin?
As suggested by #sanette, I've tried setting up an ssh tunnel in the following way:
sudo ssh -J user1#intermediate_destination -NL 22:localhost:22 user2#destination
Then, I've tried to create a "Network folder" using Dolphin with the following parameters:
Type of network folder: Secure shell (ssh)
Name: whatever
User: user2
Server: localhost
Port: 22
Protocol: sftp
Folder: dir2
Encoding: Unicode (UTF-8)
And it finally worked!
Here's the thing. I'd like to access a remote host by ssh, and make a tunnel as a proxy. I did it on my windows computer with Putty. In putty, there is a "tunnels" options, add a dynamic tunnel would do the trick. That is, a (dynamic, that is in the putty's option, I don't really know what it means)tunnel at port 1111, and then I can access the internet though socks5 proxy 127.0.0.1:1111.
But now I want to make the tunnel on my openwrt router, 192.168.1.1, and access the proxy as 192.168.1.1:1111. I want to know how. There are two major question:
1.the proper command of ctl ssh to make a tunnel just as the putty did. I googled a few, but because of the 2nd question, I never know which one is correct.
2.how can I access the tunnel on the router though 192.168.1.1:1111. As I tried before with ss_local(another proxy program), I established a socks locally but it can never be accessed by my another LAN host. Are there some firewall things to do?
Does anyone know the answers? Thank you!
This is what I did to access remotely to my AP.
I used a SSH Reverse Tunnel to a remote server. Here I dump a simple script to achieve it.
key_ssh=/root/.ssh/id_rsa
user=root
ip='YOUR_SERVER_IP'
port='THE_PORT_YOU_WANT_TO_CONNECT_THROUGH'
#connect ssh
ssh -f -N -i $key_ssh -R 0.0.0.0:$port:localhost:22 $user#$ip
And in your remote server you type:
sudo su
ssh -p THE_PORT_YOU_WANT_TO_CONNECT_THROUGH localhost
You will be asked for the root password, type it and you're in.
I am running Ansible on my machine. And my machine does not have ssh access to the remote machine. Port 22 connection originating from local machine are blocked by the institute firewall. But I have access to a machine (ssh-tunnel), through which I can login to the remote machine. Now is there a way we can run ansible playbook from local machine on remote hosts.
In a way is it possible to make Ansible/ssh connect to the remote machine, via ssh-tunnel. But not exactly login to ssh-tunnel. The connection will pass through the tunnel.
Other way is I can install ansible on ssh-tunnel, but that is not the desired and run plays from there. But that would not be a desired solution.
Please let me know if this is possible.
There are two ways to achieve this without install the Ansible on the ssh-tunnel machine.
Solution#1:
Use these variables in your inventory:
[remote_machine]
remote ansible_ssh_host=127.0.0.1 ansible_ssh_port=2222 ansible_ssh_user='username' ansible_ssh_private_key_file='/home/user/private_key'
hope you understand above parameters, if need help please ask in comments
Solution#2:
Create ~/.ssh/config file and add the following parameters:
####### Access to the Private Server through ssh-tunnel/bastion ########
Host ssh-tunnel-server
HostName x.x.x.x
StrictHostKeyChecking no
User username
ForwardAgent yes
Host private-server
HostName y.y.y.y
StrictHostKeyChecking no
User username
ProxyCommand ssh -q ssh-tunnel-server nc -q0 %h %p
Hope that help you, if you need any help, feel free to ask
No request to install ansible on the jump and remote servers, ansible is ssh service only tool :-)
First make sure you can work it directly with SSH Tunnel.
On local machine (Local_A), you can login to Remote machine (Remote_B) via jump box (Jump_C).
login server Local_A
ssh -f user#remote_B -L 2000:Jump_C:22 -N
The other options are:
-f tells ssh to background itself after it authenticates, so you don't have to sit around running something on the remote server for the tunnel to remain alive.
-N says that you want an SSH connection, but you don't actually want to run any remote commands. If all you're creating is a tunnel, then including this option saves resources.
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.
There will be a password challenge unless you have set up DSA or RSA keys for a passwordless login.
There are lots of documents teaching you how to do the ssh tunnel.
Then try below ansible command from Local_A:
ansible -vvvv remote_B -m shell -a 'hostname -f' --ssh-extra-args="-L 2000:Jump_C:22"
You should see the remote_B hostname. Let me know the result.
Let's say you can ssh into x.x.x.x from your local machine, and ssh into y.y.y.y from x.x.x.x, while y.y.y.y is the target of your ansible playbook.
inventory:
[target]
y.y.y.y
playbook.yml
---
- hosts: target
tasks: ...
Run:
ansible-playbook --ssh-common-args="-o ProxyCommand='ssh -W %h:%p root#x.x.x.x'" -i inventory playbook.yml
I'm trying to connect to vagrant via homestead ssh:
vagrant#127.0.0.1's password:
But my public key password doesn't work.
My Homestead.yaml looks like this:
authorize: ~/.ssh/id_rsa.pub
keys:
- ~/.ssh/id_rsa
I'm using "Laravel Homestead version 2.0.14" with "Vagrant 1.7.2".
After trying a lot of passwords and becoming totally confused why my public key password is not working I found out that I have to use vagrant as password.
Maybe this info helps someone else too - that's because I've written it down here.
Edit:
According to the Vagrant documentation, there is usually a default password for the user vagrant which is vagrant.
Read more on here: official website
In recent versions however, they have moved to generating keypairs for each machine. If you would like to find out where that key is, you can run vagrant ssh -- -v. This will show the verbose output of the ssh login process. You should see a line like
debug1: Trying private key: /home/aaron/Documents/VMs/.vagrant/machines/default/virtualbox/private_key
I've a same problem. After move machine from restore of Time Machine, on another host. There problem it's that ssh key for vagrant it's not your key, it's a key on Homestead directory.
Solution for me:
Use vagrant / vagrant for access ti VM of Homestead
vagrant ssh-config for see config of ssh
run on terminal
vagrant ssh-config
Host default
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile "/Users/MYUSER/.vagrant.d/insecure_private_key"
IdentitiesOnly yes
LogLevel FATAL
ForwardAgent yes
Create a new pair of SSH keys
ssh-keygen -f /Users/MYUSER/.vagrant.d/insecure_private_key
Copy content of public key
cat /Users/MYUSER/.vagrant.d/insecure_private_key.pub
On other shell in Homestead VM Machine copy into authorized_keys
vagrant#homestad:~$ echo 'CONTENT_PASTE_OF_PRIVATE_KEY' >> ~/.ssh/authorized_keys
Now can access with vagrant ssh
By default Vagrant uses a generated private key to login, you can try this:
ssh -l ubuntu -p 2222 -i .vagrant/machines/default/virtualbox/private_key 127.0.0.1
This is the default working setup https://www.youtube.com/watch?v=XiD7JTCBdpI
Use Connection Method: standard TCP/IP over ssh
Then ssh hostname: 127.0.0.1:2222
SSH Username: vagrant password vagrant
MySQL Hostname: localhost
Username: homestead password:secret
On a Windows machine I was able to log to to ssh from git bash with
ssh vagrant#VAGRANT_SERVER_IP without providing a password
Using Bitvise SSH client on window
Server host: VAGRANT_SERVER_IP
Server port: 22
Username: vagrant
Password: vagrant
In my case I learned through the output from:
vagrant ssh -- -v
The problem was my private key generated by vagrant was ignored because the permissions were too open (on Windows 10).
The log lines were:
Permissions for 'C:/My Folder/.vagrant/machines/default/virtualbox/private_key'
are too open. It is required that your private key files are NOT
accessible by others. This private key will be ignored.
So in Windows Explorer, navigate to the private key for the VM on the path in your log, right-click and select properties. Then go to the Security tab and click the Advanced button. Next, Add your specific user with Full Control, and then select whichever group also has permissions and click the Disable inheritance button at the bottom of the dialog and chose to remove all inheritance. You should be left with just your own user account having permissions on the private_key file. Click Apply and close the properties dialog, then try vagrant ssh again. It should now let you in without asking for a password.
Is there a trick to running Fabric over a reverse SSH tunnel? An interactive ssh connects fine back over the turnnel, but running fab, I just get asked for my password repeatedly.
Here is a snippet with a solution
https://gist.github.com/856179
Just copy, paste and use
Here's a solution that doesn't involve writing any extra Python code:
If you set up your SSH configuration to tunnel over a SOCKS proxy, you can tell Fabric to use the SSH configuration. It's sweet.
Example $HOME/.ssh/config file:
Host bastion
HostName bastion.yourdomain.com
DynamicForward 0.0.0.0:1080
ServerAliveInterval 120
ServerAliveCountMax 30
Host hostbehindthebastion.yourdomain.com
ProxyCommand /usr/bin/nc -x 127.0.0.1:1080 %h %p
Now tell Fabric to use the configuration:
env.use_ssh_config = True
env.hosts = [
"user#hostbehindthebastion.yourdomain.com",
]
Now ssh bastion in one window, then run fab from another window.
See the official Fabric documentation for more information.
NB. You will have to have nc (netcat) installed on your machine to use this solution.