Secure tunnel from SSH server to target host - jsch

My java application connects to an SSH server and runs a third party utility by ChannelExec of Jsch. Then, this application makes unsecured/uncompresed file transfer to another server on which an SSH server is installed.
The flow is:
JavaApplicationHost --> SSHServer1(3rd party utility runs) --> SSHServer2
I want file transfers between these SSH servers to be secured/compressed. But, I cannot use any platform dependent utilities such as ssh command. I cannot install anything on these SSH servers. I just can use JSch to these SSH servers.
Is there a way to secure/compress communication between these SSH servers by JSch or any other alternatives ?
Thanks in advance!

There is a jump host example of Jsch at http://www.jcraft.com/jsch/examples/JumpHosts.java.html that cascades multiple JSch sessions.
The flow can be:
JavaApplicationHost --(JSchSession1)--> SSHServer1(3rd party utility runs) --(JSchSession2)--> SSHServer2
If I can create another tunnel by JSchSession2 between these SSH servers, I will be able to secure/compress the 3rd party application.
I will test and update here.
Thanks!

Related

Steps to transfer file from One Windows Remote Server to another Windows Remote Server using OS Process Sampler in JMeter

I have transferred or copied a files from local machine to Server successfully using OS Process Sampler but unable to transfer a file from One remote server to another remote server on windows.
Can anyone explain me the process or share the steps or command which are being used to do the same.
Thanks
If you have OpenSSH servers on both machines you can use SSH Command sampler to execute scp command for transferring a file from one remote machine to another remote machine
In case of Windows you might have to provide the full path to scp.exe binary like:
C:\Windows\System32\OpenSSH\scp.exe
The exact configuration may differ depending on source/destination paths, whether public key authentication is enabled or not, etc.
Also SSH Command sampler doesn't come with JMeter, you will need to install it as a part of SSH Protocol Support bundle using JMeter Plugins Manager

Not able to login after migrating libvert on-prem boot disk to Google cloud platform using cloud endure migration service

I migrated the vm from libvirt to Google Cloud Platform using Cloudendure. The initial sync is complete and is in Data Replication stage from over a week. Once the VM is launched using test mode and try to putty using ssh it throws Connection Refused exited with error code 255.
I tried to log in using my on-premise local machine username and SSH key with putty, As it is told in the Cloudendure documentation that I can log in to the replicated server using same credentials
The firewall rule in GCP and the machine allows port 22 for incoming connections. SSH key is also updated properly in metadata section and saying SSH key is not propagated properly.
I thought there is a problem with my local machine ufw rules and tried turning off firewall and replicated again but no use. Also tried adding SSH rule to ufw allow connections from 0.0.0.0/0 still I'm not able to connect to VM which is replicated and launched in test mode.
Steps tried:
I tried interactive console method where I tried to log in using serial-port, but the problem is it is asking for ID and password. Where I don't have PASSWORD and using only SSH keys to log-into.
Tried using Static IP for an instance. before replicating boot disk I added firewall rule allow SSH from that static-IP then I replicated and tried to login (assuming that it is blocking connection via this IP).
Followed this article to install Linux Guest OS.
Generated SSH key using ssh-keygen -t RSA -C "" in gcloud shell.
I cannot ssh into the Linux environment. Appreciate the help
Operating System: Ubuntu 18.04 LTS x64
ANy help would be greatful.

How to automatically start a tunnel when a session is opened in MobaXterm?

I use MobaXterm for remote access to servers running in the cloud. For development and admin purposes, these servers expose admin application on local network interfaces. For example, Tomcat will expose 127.0.0.1/manager.
Since I prefer not to have to expose these services to the internet, I've set up ssh tunnels in MobaXterm to connect to these web applications on a local port through local port forwarding, which is easy to set up with the application itself.
My question: How can you get MobaXterm to automatically start a tunnel when a session is opened and to stop/close them when the session is ended?
I know a client like Putty would do this by default, but I don't want to use different clients for different jobs if I don't have to and MobaXterm has other features I need that Putty doesn't.
You can setup new SSH tunnels in Tunneling section (or from the MobaXterm's Tools menu, you can start MobaSSHTunnel). This will show a graphical port forwarding tool, where you can setup a new SSH tunnels which can be configured to be started automatically at MobaXterm startup by selecting Autostart from the tunnel settings.
Try to use MyEn Tunnel:
https://myentunnel.informer.com/
There is an option to Connect on Startup

Start ipython cluster using ssh on windows machine

I have a problem setting up a ipython cluster on a Windows server and connecting to this ipcluster using a ssh connection. I tried following the tutorial on https://ipython.org/ipython/doc/dev/parallel/parallel_process.html#ssh, but I have problems to understand what the options mean exactly and what parameters are to use exactly...
Could anyone help a total noob to set up an ipcluster? (Let's say the remote machine has ip 192.168.0.1 and the local machine has 192.168.0.2)
If you scroll roughly to the middle of the page https://ipython.org/ipython-doc/dev/parallel/parallel_process.html#ssh you will find this:
Current limitations of the SSH mode of ipcluster are:
Untested and unsupported on Windows. Would require a working ssh on Windows. Also, we are using shell scripts to setup and execute
commands on remote hosts.
That means, there is no easy way to build an ipcluster with ssh connection on windows (if it works at all).
Do you really need to connect the machines with an ssh connection? I guess it's possible with a ssh client on each windows machine, but if you are in a trusted local network you can also decide not to use the loopback interface and just expose the ports...
Sure you can start controller and engine separately! For further examples about ports (if you have problems with firewalls) see also How to setup ssh tunnel for ipython cluster (ipcluster)

Transfering file to remote server behind a gate node with key authentication disabled - and compiling

I'm working on a project that requires me to run my code on a remote Unix server, that is not available to connect to directly (you first have to log in to the "gate" node and then to this server).
What's really bad is that they disabled key authentication, so each time I need to ssh into it, I have to type in my password twice. It's really annoying and I wonder what's the best way to transfer my local modifications of source files to this server, compile and run them without having to provide those passwords so many times.
I have no sudo access to any of those servers (neither to this "gate", nor to this target server). Any ideas on how to make the whole process more efficient?
EDIT: Martin Prikryl provided a great answer below, but it's suitable for Windows and I'm on a Mac :) I guess it might be a good thing to have it documented here also for *NIX systems.
You are looking for SSH tunneling.
WinSCP SFTP client supports one-hop SSH tunneling natively.
See the Tunnel page on WinSCP Advanced Site Settings dialog.
I assume that after you transfer the file, you need to open SSH terminal to compile the file.
You may be able to make use of WinSCP Console window for that step.
Alternatively, if you need/want to use a real SSH terminal client, make use of an existing SSH tunnel, created by WinSCP, and connect with PuTTY (or any other SSH client) over it.
In the Local tunnel port of WinSCP Tunnel page, select a fixed port number (instead of the default Autoselect). In PuTTY enter "localhost" to Host Name and the selected port in Port.
(I'm the author of WinSCP)