I want to use R Server constructed on a Ubuntu system on the Alibaba Cloud to do some elastic computing. The data is on the office computer, which has a firewall to prevent information leaking. I want to update the data to the cloud server for analysis.
I tried WINscp. It won't connect to the server (Connection timeout). I also tried PuTTY, which didn't work, either.
Could this be because of the Firewall?
Since you mentioned that your office has firewall rules in place to prevent data leaking, it is possible that your office firewall has blocked outbound traffic to port 22 (SSH), which is required to connect to your Ubuntu ECS instance running on Alibaba Cloud.
You should try to connect to your Ubuntu ECS instance from other locations without your office's firewall and see if it works.
Alibaba Cloud's ECS instance allows in-bound traffic access to port 22 by default based on their product page as below.
Source: Default security group rules
The security group created by
the system has only rules for access over all ICMP ports, TCP Port 22,
and TCP Port 3389, of which,
All ICMP ports are used by network devices, including routers, to send
error messages and operational information.
TCP Port 22 is used to connect to a Linux instance using SSH.
TCP Port 3389 is used to remotely connect to a Windows instance using Windows Remote Desktop.
Related
I have an AWS environment where
for each client, there is a dedicated ec2 windows instance.
There is NO active directory; each ec2 instance is like in its own workgroup.
Each instance is deployed on its own dedicated VPC, security group etc.
Clients use RDP to connect from their site to the ec2 instances whenever required over port 3389.
The clients' ip addresses are known upfront and we open port 3389 to allow RDP connection.
Now we want to introduce the RDP using SSL (port 443)
The typical guides from Amazon and other books walk thru setting up a RD Gateway in a SEPARATE ec2 instance and use that as the jump box.
https://docs.aws.amazon.com/quickstart/latest/rd-gateway/architecture.html#best-practices
This is all good except that,
I do not want to have an additional ec2 within each VPC.
(I understand that there are other options to have a centralized RD Gateway in its own vpc and then using VPC peering etc. But I don't want to go that route for various reasons).
So, my question is:
Is it possible to setup the RD gateway directly on the ec2 instance to
which I ultimately want to RDP into ? and use SSL(port 443) for
connecting thru RDP?
Thanks in advance.
I tried this out successfully. I created an EC2 windows 2016 server.
I installed RD gateway using the powershell command.
Install-WindowsFeature RDS-Gateway -IncludeManagementTools
Then I launched the RD gateway manager.
configured the CAP and RAP to allow my Remote Desktop Users to access any resource.
Used the ssl certificate which I created using certroot in linux.
From aws console, opened the port 443 in the security group to allow connections from my public to the ec2 instance. (No other ports were opened).
From my local computer, I setup a RDP connection such that:
The RD Gateway server setting had the RD gateway server name (ex. poc.mydomain.com)
This should match the ssl certificate.
The remote computer name was specified as "localhost" (implying that the same server needs to be connected to).
After providing the right credentials, I was connected the the ec2 instance using RDP.
I have got a VM in Google Compute Engine. And I want to use this VM using RDP. I have enabled the firewall settings to accept RDP(TCP:3389). This works fine when I connect to it using a LAN connection. But when I try to connect to this VM using an ICMP connection(ICMP tunneling software), it shows an error that couldn't connect to the remote computer for one of these reasons:
1. Remote access to server is not enabled.
2. The remote computer is turned on.
3. The remote computer is not available on the network.
But my current configuration works fine when I connect over a LAN. I want to use RDP using an ICMP tunnel. Is there a way to use RDP using ICMP?
Ping also works when trying to connect through ICMP.
I am running an Ubuntu server with my laptop through an Orcale VirtualBox and I try to maximize the bandwidth of my home server, as it really slows down my internet connection. My router supports up to 300Mbit upload/download speed and my laptop wifi's card up to 150bit.
I configured my server with the following(static IP, configured by vim /etc/network/interfaces):
auto eth0
iface eth0 inet static
address 192.168.1.240
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1
192.168.1.1 is my default gateway, and I just configured a static IP which ends with 240.
When my laptop's WIFI is on, I can easily access the server's files(.html files etc) through chrome from any computer on my house, as I just need to enter the server's IP into the browser, plus I can access the server through SSH. But when It's off, I can't even access the server's HTML files through the laptop itself, though I can see that the server is still running on VirtualBox. When I turn the WIFI once again, I can run services which require Apache2 but they really slow my internet connection, as a result I can barely surf the web. I am trying to configure the server to use only the bandwidth of my router, since my actual internet connection is 30 Mbit download and 1.90 Mbit upload(according to speedtest), and It probably interferes with it. Is it possible to access the server without WIFI connection, so it will purely use my router's speed?
Any help would be appreciated.
1) Looks like you using bridged networking in VM config. When your network adapter is connected to real network - you can interact with your VM via network bridge. When it's not connected - your bridge is also closed. If you need to interact with your VM without WiFi connection - you can add one more virtual network adapter to you VM config: use "Host-only" adapter and configure it on both VM and host PC. Your VM will use new host-only adapter to interact with your PC, and old bridged adapter to interact with other network.
2) Check your WiFi speed near the router. Maybe it's too far or provides too weak signal.
PS. Sorry for my poor english.
I am newbie to servers. I am trying to connect to Amazon EC2 micro instance using Connect Using a Java-Based (SSH) Client but I am getting an error Connection timed outas shown below in the image.
Also I am getting timeout message only when I try to SSH via wireless internet connection, in case of a wired connection could SSH into the instance.
I could not zero out where is the error is?
I figured out what the problem is here. You must allow your specific IP address or IP address range for inbound SSH traffic in the security group you have associated with the instance you're trying to connect to. Create a new inbound TCP rule for SSH with your IP address (or IP address range) and the attendant CIDR Subnet Mask and after that you should be able to connect using Java SSH or any SSH client.
Do you have a local SSH client that you can use to attempt to connect to the instance? If so, does that work?
Did you remember to ensure that your IP address (or netblock) is allowed to send traffic to TCP port 22 in your security group for the instance that you just deployed? You can check this by going running the 'ec2-describe-group' command from the EC2 Toolkit, or by using Amazon's Console and heading to EC2 -> Security Groups and viewing the security group assigned to that instance.
I have my Openbravo appliance running by VMWare workstation on top of Win7 which is in a LAN connected to internet by router.
When I start the appliance. I can access ERP web console by typing in the address it gave at the end of the process (for example, 192.168.1.107). All computer in the LAN can access this address as well which is fine for now.
However, in the future, I need to access this console from my home pc running Win7 (which is, of course, connected to the internet). How do i set this up?. I have try the method given in http://planet.openbravo.com/?p=8612 (see case 3 - Expose my local ERP into a remote network)
I tried (in Openbravo Appliance console running in VMWare)
ssh -R :9999:localhost:80 myhomepc#101.108.70.128
(where 101.108.70.128 is the ip of my home pc read from whatismyip.org)
but it give the following error:
ssh: connect to host 101.108.78.128 port 22: connection timed out
Do I missed any step required?
What should i do the successfully connect to my Openbravo instance?
Best is to ask those questions directly in the Openbravo ERP forums over there: http://forge.openbravo.com
The case 3 from the blog-post you are referring to makes 2 implicit assumptions.
a.) the remote computer runs an ssh-server
b.) This ssh-server can be connected to from the erp instance
One of the two assumptions seems to not hold in your case either your win7 box does not run an ssh server and/or the router of your home network does not forward port 22 from the outside to your win7 box.
Without further information i assume both items are not done.
Let me propose another solution instead. As you want to connct to the commandline of the erp appliance from home you could do the following:
Configure the router of the network with the erp appliance to connect some external port (i.e. 2222) to the ip of the appliance, destination port 22.
This will allow you to access it from the home network (or any other system from the internet knowing the ip/port).
Using an external port different from 22 some simple ssh brute-force passwords scans.
As the appliance by default does not allow login by password but only allows authentication by public-key this is secure to not allow unauthorized access to your system.
After this either use case 1 from the blog-post or an normal ssh tunnel like (ssh -p external-port user#externalipoferplan -L 9999:localhost:22' and then access the ERP via 'http://localhost' from your win7 box.
If that is too complicated and you want to just make the ERP webinterface available from the internet without having the extra ssh security in the middle then you can just configure the router of the erp lan instead to forward port 80 or 443 (http or https) to the erp-instance and access the system directly from anymore as if it would be on some public server in the internet.