Everytime I try to copy files from ESXi machine to other Linux machine it always fails. Either it waits for longer time or ends up with time out error.
Cmd used: scp local_file root#:IP:path/to/folder
cmd err:ssh: connect to host port 22: Connection timed out
lost connection
Linux machine has sshd service running.
But, copying from Linux to ESXi works.
Where am I missing in configuration? Thanks in advance !!
Enable SSH client (CLI method).
Check if SSH client service is enabled. Will return 'False' if 'Disabled'.
esxcli network firewall ruleset list --ruleset-id sshClient
Then enable SSH client.
esxcli network firewall ruleset set --ruleset-id sshClient --enabled=true
Enable sshClient in the firewall properties of the server.
In vSphere Client select
host -> Configuration -> Security Profile -> Firewall -> Properties
then enable SSH Client to enable outgoing scp connections.
Related
I was updating the ssh port of an Oracle Cloud Infrastructure machine
I changed /etc/ssh/sshd_config
The port was
#Port 22
I changed it to
Port 40531
Then
restarted the sshd service systemctl restart sshd
open the port on the OCI Web
however, now I cannot connect.
ssh -vvv -p 40531 -i ~/.ssh/vm.key opc#129.xxx.xxx.xxx
OpenSSH_8.2p1, OpenSSL 1.1.1e 17 Mar 2020
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 129.xxx.xxx.xxx is address
debug2: ssh_connect_direct
debug1: Connecting to 129.xxx.xxx.xxx [129.xxx.xxx.xxx] port 40531.
debug1: connect to address 129.xxx.xxx.xxx port 40531: Connection timed out
ssh: connect to host 129.xxx.xxx.xxx port 40531: Connection timed out
I saw a Cloud Shell but I'm not sure if it can be used to connect to the machine to perform maintenance tasks
Is there a way to connect to the VM from the web oci interface to fix the ssh issues?
I used to use a VPS service that has a web console from which you can enter to fix problems like this
is there something like this in OCI?
Note:
SELinux was disabled on the machine
if you are about to do this on your machine, remember to update the SELinux configuration prior restart the sshd service or you will be locked out, another option is to disable SELinux totally (this is what I did)
The changes above described worked well, the only thing that was causing issues on my side
(I don't really know why) is that I was connected from a VPN
After I disconnected the VPN and tried to connected again it worked
Update:
I figured out why the ssh using a different port was not working. The VPN I use is a corporate VPN which has very strict inbound and outbound rules, The VPN outbound rules were blocked by the TCP on port 40xxx.
Update:
if you are struggling with a VM you can connect using the below instruction
Creating the Instance Console Connection
Before you can connect to the serial console or VNC console, you need to create the instance console connection.
To create the console connection for an instance
Open the navigation menu. Under Core Infrastructure, go to Compute and click Instances.
Click the instance that you're interested in.
Under Resources, click Console Connection.
Click Create Console Connection.
Upload the public key (.pub) portion for the SSH key. You can browse to a public key file on your computer or paste your public key into the text box.
Click Create Console Connection.
When the console connection has been created and is available, the state changes to Active.
Thanks to #bmuthuv for the info
You can connect to Serial Console of the VM where you could get access to GRUB Menu during a Reboot operation. You can subsequently use typical Linux commands to get to Shell from Grub. You can subsequently undo anything you would like to.
Serial Console connection can be created on OCI Web Console in the Instance's page.
I am ssh-ing onto a remote desktop. Since I have to connect over the internet, I have exposed the ssh port (22) on the remote side using ngrok, and everything is working great. I connect to the desktop using the command
ssh username#2.tcp.ngrok.io -p portno
where I get the portno from the remote side, when I start the ngrok service from the line that says
Forwarding tcp://2.tcp.ngrok.io:portno -> localhost:22
However, everytime I start a new ngrok session on the remote side, a new portno is generated. Now, unless I have a secondary connection open (typically using teamviewer), I would not be able to know what that port number is.
How can I start the ngrok service with a fixed portno. This is because I want to have the ngrok service on startup as I would have to restart my remote desktop a couple of times and still want to connect to the desktop using ssh.
Thanks.
You'll need to reserve a TCP address on ngrok, which will give you a fixed address.
To associate a tunnel with a reserved TCP address, you should include the remote-addr option in your ngrok config when starting the tunnel.
An example from the docs: ngrok tcp --region=us --remote-addr 1.tcp.ngrok.io:20301 22
I'm having problems SSH'ing between ESXi guests that are on different hosts within the cluster. I've one guest that is on the routable cluster virtual network that I am using as a bastion server to access guests on a private network - the distributed port group spans all hosts.
I'm using SSH ProxyJump to route through the bastion host to the other guest VM's. When the guests on the private network are on the same cluster host as the bastion there is no problem. When the guests are on a different host, I get a connect refused by the remote server error. If I manually migrate the VM to the same cluster as the bastion, the error goes away.
I found this answer which relates to SSH'ing between ESXi hosts, not guests on hosts, and suggests that SSH Client needs to be allowed on the outgoing firewall of each host. It seems like it could be relevant, but my vSphere knowledge is limited and I don't have sufficient admin rights to make this change myself.
I'd be grateful if anyone could confirm if my inability to SSH between guests on different hosts is as a result of not having SSH Client enabled in the outbound firewall or if there is some other reason why I can't get an SSH connection?
From the link you posted:
You need to open the required ssh ports in the ESXi firewall.
In the vSphere Client check the host -> Configuration -> Security Profile -> Firewall -> Properties
and enable "SSH Client" if you need outgoing scp connections resp. "SSH server" if you want to enable incoming scp connections.
Instead of opening SSH client for outgoing firewall of each host, please configure it this way:
Outgoing Server Receiving Server
SSH Client -> Outgoing firewall -> Incoming firewall -> SSH Server
It was an underlying network issue - physical switch was dropping my VLAN tagged packets as VLAN ID wasn't configured on it.
I want to use jvisualvm's remote functionality to see live stats of a remote JVM.
I've started the jvisualvm from my windows machine but I don't know how to configure the remote connection.
On the remote machine (OS: Redhat Linux), tomcat is started with below jmx parameters:
-Dcom.sun.management.jmxremote"
-Dcom.sun.management.jmxremote.port=3030"
-Dcom.sun.management.jmxremote.authenticate=false"
-Dcom.sun.management.jmxremote.ssl=false"
netstat -lnp| grep 3030
tcp 0 0 0.0.0.0:3030 0.0.0.0:* LISTEN 30728/java
ssh connection is open to remote server and I tunneled the remote port 3030 on a certain local port but when I create new jmx connection (localhost:localport) in jvisualvm I get the below error
Cannot connect to localhost:10000 using service:jmx:rmi:///jndi/rmi://localhost:10000/jmxrmi
Can someone help me to create the connection?
First of all if you are making a remote connection, localhost connection doesn't make sense.
You need to start jstatd on the remote machine. For this purpose create a jstatd.all.policy file in the home directory of your remote machine and add the following lines:
grant codebase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
};
Then on the command line of your remote machine you will type ' jstatd -J-Djava.security.policy=jstatd.all.policy -J-Djava.rmi.server.hostname={Your Ip address} '
Once jstatd service start on the remote machine you basically add the remote connection Ip address connection on the jvisualVM UI using add remote host.
The Oracle documents for JvisualVM can be referred at https://docs.oracle.com/javase/8/docs/technotes/guides/visualvm/applications_remote.html but it is really confusing to understand jstatd steps.
I want to connect to remote amazon aws service(EC2 instance) , and I would like to be able to ssh to it from my laptop while using the campus provided network (which has cyberoam firewall). However, they have pretty much every port blocked and ssh won't work. Is there anything i can do? does ssh run through port 80? I don't really know what to do .
All it says is :
ssh_exchange_identification: read: Software caused connection abort
ssh works elsewhere.
You can set your SSH server to use port 80 (or 443 if 80 is used for a webserver). Just check the configuration file of your ssh server for more details!