I have a microservice, let's call it RdsConnector, I want to test locally that is normally deployed on a machine on AWS. It connects to a MySQL instance, which is also in AWS, without any SSH tunnelling as they are in the same VPC. To connect to that MySQL instance from my local machine, I can use SSH tunnelling to get into the VPC I have set up in AWS. This is what that configuration looks like:
I could set up my microservice to also connect through SSH (optionally, perhaps), but I don't want to do that. Then I would have a different configuration running it locally vs in the cloud. What I want to do instead is set up some kind of proxy server on my local machine that will take the SSH credentials and do that SSH tunnelling, exposing the VPC MySQL endpoint locally. Then RdsConnector will just use that local endpoint, and I won't have to have a different config for RdsConnector just for local testing.
I'm not very familiar with the networking technologies in use here. I just know that there's no public IPs for my VPC, so I have to SSH in. I imagine that what I want is possible, but I have no idea what the moving parts would be.
Ok this turned out to be quite simple actually! The ssh program can do this for you, this is how I configure it with Mac OS ssh:
ssh -N -i "/Users/foo/aws_ssh_key.pem" \
-L "localhost:5990:stack-name-vpc-db.asdfqwerty.us-east-1.rds.amazonaws.com:3306" \
foo#12.34.567.890
With the -L flag, it'll proxy stuff over the SSH connection for you from the given endpoint to the provided endpoint on the other side. That -N flag is optional, it just turns off the regular SSH console since we only want to run a proxy server. The microservice can treat localhost:5990 as if it were the regular MySQL endpoint.
Related
Is there a simple step by step example on how to SSH into a private Aurora MySQL db?
something like:
mysql -h dbDomain.pair.com -u dbUser -p dbName
I think you are looking for how to config RDS to be remote accessible, if that's the case, check this https://aws.amazon.com/premiumsupport/knowledge-center/aurora-private-public-endpoints/
For me I wouldn't make my db access via public endpoints, instead, I would setup as private and only can access from my VPC LAN.
Then I use a EC2 instance as proxy, and access the database via LAN ip from SSH tunnel.
To do that, you need check the VPC document, setup subnets etc.
AWS document is a good place to start.
https://docs.amazonaws.cn/en_us/vpc/latest/userguide/what-is-amazon-vpc.html
Update: if you already set the db to be private, take a look at this
https://linuxize.com/post/mysql-ssh-tunnel/
I would like to connect to an Oracle database hosted on a remote box using Oracle SQL Developer. I am able to create a standard connection BUT I have to be connected to a VPN for security reasons. I want to bypass this vpn.
I do this all the time with normal ssh connections. There is one machine (gateway) on my company network than can be accessed outside the network (no vpn). From gateway, I can connect to any machine on our network. I would like to connect to the database hosted on machine (dbmachine) on the network (which cannot be accessed without being on the vpn unless I am first connected to the gateway).
This seems to be a common issue because I was easily able to bake this functionality seamlessly into my ssh config. Example:
Host gateway
HostName gateway.company.org
User marc
Host dbmachine
HostName dbmachine.company.org
User marc
ProxyJump gateway
Host exampleMachine
HostName exampleMachine.company.org
User marc
ProxyJump gateway
By using ProxyJump, I am able to type ssh dbmachine to seamlessly connect to dbmachine or ssh exampleMachine to seamlessly connect to exampleMachine. I want to do a similar jumping technique with Oracle SQL Developer. How can I connect to the database on dbmachine from Oracle SQL Developer?
I'm not sure what port the db is running on dbmachine, but I can access it though sqlplus when I'm logged into the box.
The answer is to create an SSH Tunnle:
ssh -L 1521:localhost:1521 -N -f dbmachine
This will forward all traffic on localhost:1521 to dbmachine:1521 (where the database is running). It will respect the user's configuration so you do not have to setup two tunnles.
-N Will not switch to remote shell
-f Requests ssh to go to background just before command execution
I'm not sure if there's a better solution that is configurable directly in a database client, but this works for me on Arch Linux.
This might be a really stupid question but I don't know where to begin to search for something like that.
Im using google cloud.
I have a master node in gcloud called master-node and a couple of slave nodes called slave-node-1, slave-node-2. They all have external IP addresses.
I can connecting to the master instance using the following command, gcloud compute ssh master-node -i /.ssh/sshkey.
Then, if I want to connect to the other two instances, I could do something like ssh slave-node-1 -I /.ssh/sshkey.
I also know its possible to use an ssh tunnel and forward a port so I can do things like connect to 127.0.0.1:5901 on my local pc so I can see the desktop on the vm instance.
My question is... Is possible to put my local computer into the same domain as that vm instance in the gcloud project so that if I did ssh slave-node-1 -I /.ssh/sshkey from my local pc, it would work and I could connect to my slave-node-1 instead of using the external IP address; it would be as if I was the master-node in my gcloud project.
Does my question make sense?
I have a problem setting up a ipython cluster on a Windows server and connecting to this ipcluster using a ssh connection. I tried following the tutorial on https://ipython.org/ipython/doc/dev/parallel/parallel_process.html#ssh, but I have problems to understand what the options mean exactly and what parameters are to use exactly...
Could anyone help a total noob to set up an ipcluster? (Let's say the remote machine has ip 192.168.0.1 and the local machine has 192.168.0.2)
If you scroll roughly to the middle of the page https://ipython.org/ipython-doc/dev/parallel/parallel_process.html#ssh you will find this:
Current limitations of the SSH mode of ipcluster are:
Untested and unsupported on Windows. Would require a working ssh on Windows. Also, we are using shell scripts to setup and execute
commands on remote hosts.
That means, there is no easy way to build an ipcluster with ssh connection on windows (if it works at all).
Do you really need to connect the machines with an ssh connection? I guess it's possible with a ssh client on each windows machine, but if you are in a trusted local network you can also decide not to use the loopback interface and just expose the ports...
Sure you can start controller and engine separately! For further examples about ports (if you have problems with firewalls) see also How to setup ssh tunnel for ipython cluster (ipcluster)
We have an AWS EC2 server that we've configured to be only accessible (via SSH) from within our office network. Obviously this isn't ideal for remote arrangements where someone has to connect to the EC2 instance and is working remotely outside the office such as during a business trip.
I've managed to set-up a VPN through PPTP and can connect to the office network (I have two local IP's one from wlan0 and one from ppp0) regardless of anywhere I am. However, when I SSH to the EC2 instance, it's still rejecting me most likely because it sees that I'm still trying to ssh from outside the network.
I think I'm missing something very important. What do you think, what am I missing to to get the ssh to use the vpn connection rather than one in wlan/eth?
I'm starting to think this isn't possible so kindly let me know. My other option is to ssh to a machine within the office network and then use that machine to ssh to the EC2 instance but I've been hesistant to do that as it seems excessive.
Find your gateway through which you want to connect to your ec2-instance.
For Linux systems, route -n will show you the routing table. Now add the route
sudo route add -host gw
Just having a VPN to your office does not mean all traffic from your machine will go through the VPN - that depends on how you configure the VPN.
You can SSH from your machine to an office machine, and from there ssh to EC2 - that should work.
Alternatively, configure your system to route traffic for the ec2 instance through the VPN connection - doing this depends on your specific VPN configuration.