I made a ssh tunnel for port forwarding to get mapped a port on my laptop with port on the remote host (your-mv.com):
ssh -nfNT -L 3376:your-mv.com:3376 login#server.com
Then I changed docker_host and setup docker tls variables:
export DOCKER_HOST=localhost:3376
export DOCKER_TLS_VERIFY=1
export DOCKER_CERT_PATH=/my/path
And I run:
docker ps
But I have an error:
Get https://localhost:3376/v1.26/containers/json: x509: certificate is valid for your-mv.com, not localhost
Could you help me what did I wrong and how to overcome this problem?
UPD
Common name of my laptop is subject= /CN=kenenbek. Common name of CA is subject= /CN=cert-authority.com and common name of remote host is subject= /CN=your-vm.com.
DOCKER_TLS_VERIFY is set and the certificate has the Common Name of your-mv.com, but DOCKER_HOST was set to localhost.
Do not set DOCKER_TLS_VERIFY.
Related
When I run knife ssh "name:node1" "chef-client"
WARNING: Failed to connect to admagnifico.magnifico.fvds.ru -- Errno::EHOSTUNREACH: No route to host - connect(2) for [fe80::225:90ff:fe19:4b12]:22
And I can't find out why it so...
on node runs ufw with enabled 22, 443, 80
The hostname admagnifico.magnifico.fvds.ru is resolving to an unreachable IP address. The firewall isn't involved. That hostname isn't resolvable from here so I'm guessing it's an internal DNS setup.
Let's say I have a digital ocean droplet - 68.456.72.184
When ssh-ing into my remote server, I'd rather not have to type out the whole ssh command -
ssh 68.456.72.184
The host's name is Stormtrooper - how do I make it so that client machines can ssh into the server via
ssh Stormtrooper
I imagine this requires some sort of configuration on the local client machine that's connecting? In what order does does a client machine search for host names? I imagine there's some local setting where it looks for "Stormtrooper"'s IP address, and if not found it it looks in the local network, and then looks in the "global" network (i.e. public DNS).
I'm not quite sure how that lookup process works, so an explanation there would be great as well.
You can create local ssh_config in ~/.ssh/config with a content:
Host Stormtrooper
Hostname 68.456.72.184
And then you can ssh to that server using ssh Stormtrooper (even tab completion will work for you).
Connecting using FQDN will work too if you have correctly set up DNS. If you have a domain Stormtrooper.tld pointing to this IP, you are able to ssh using
ssh Stormtrooper.tld
For local network resolving, you would need local DNS, which would do this translation for you.
I have 2 different ubuntu VPS instances each with different ip addresses.
One is assigned as a chef-server and the other acts as a workstation.
When I use the command
knife configure -i
I do get options to locate admin.pem and chf-validator.pem files locally.
I am also able to create knife.rb file locally.
WHile setting up knife, I get a question which asks me to enter 'chef-server url' so I enter 'https://ip_address/ of the vps instance
But in the end I get an error message
ERROR: SSL Validation failure connecting to host: "ip_address of my server host"- hostname "ip_address of my host" does not match the server certificate
ERROR: Could not establish a secure connection to the server.
Use knife ssl check to troubleshoot your SSL configuration.
If your Chef Server uses a self-signed certificate, you can use
knife ssl fetch to make knife trust the server's certificates.
I used 'knife ssl fetch' to fetch the trusted_certs from the chef-server but still it doesnt work.
CHef experts please help.
Your chef-server has a hostname, the selfsigned certificate is done with this hostname.
The error you get is due to the fact you call an IP adress where the certificate is done for a hostname.
Two way: disable ssl validation (you'll have a warning but it will works) or make a configuration (using your hostname files for exemple) to use the chef-server hostname instead of ip address.
This is a SSL configuration point you may have with other servers too.
I am trying to connect to one Linux server from a client,
openssl s_client -connect <IP of Server>:443
I am getting the following error:
socket: Connection refused
connect:errno=111
Check the ports of the server by any tool.
For Example,
nmap <IP>
Starting Nmap 5.21 ( http://nmap.org ) at 2015-05-05 09:33 IST
Nmap scan report for <IP>
Host is up (0.00036s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open *****
139/tcp open *****
443/tcp open openssl
MAC Address: 18:03:73:DF:DC:62 (Unknown)
Check the port number is in openstate.
As I mentioned in the comment that the host name is missing. You would mention is right before the port number.
$ openssl s_client -connect myHost.com:443
Edit: now that you mention that there is a hostname in the command so we are fine there. Now check to see if host/port is blocked. To check you can use nmap or telnet or any other port scanner.
If you can ping / connect to the host but not to the server process available on a particular port then there is a firewall blocking access.
The firewall could be on the host and if iptables is the firewall(assuming Linux) then you need to add a rule to allow the connection. For a quick test, you could disable the firwall (NOT RECOMMENDED). Or you could run the server process on a port that is open.
This has nothing to do with SSL. Connection refused means that either there is no server or the connection is blocked by firewall. In your case (before your edit) the server is also plain wrong, i.e. ":443" is no valid server name (hostname missing).
I want to connect to remote amazon aws service(EC2 instance) , and I would like to be able to ssh to it from my laptop while using the campus provided network (which has cyberoam firewall). However, they have pretty much every port blocked and ssh won't work. Is there anything i can do? does ssh run through port 80? I don't really know what to do .
All it says is :
ssh_exchange_identification: read: Software caused connection abort
ssh works elsewhere.
You can set your SSH server to use port 80 (or 443 if 80 is used for a webserver). Just check the configuration file of your ssh server for more details!