Searched quite a bit on this, but I think it's a bit of a unique case. What I'm asking may not be possible.
I'm taking an online DB class that requires logging into an SSH server and using SQLPLUS to execute commands and then copying and pasting the results into a document to be submitted. I find SQLPLUS to be excruciatingly painful to work with in the command line... You can't press up for the last command, and if you happen to be holding shift while pressing backspace you get garbage characters.
Anyway, I was hoping I could attach a GUI to make my life easier, but there are some major restrictions. I've tried logging in with SQL Developer, but the connection is rejected.
The only way I can get to the SQL database to do my assignments is by logging into the school's SSH server and running SQLPLUS from there. It seems that attempted connections to the Oracle DB from any IP other than the school's SSH servers are rejected.
I was hoping to use SSH tunneling to connect to the DB server from my local machine, but the only open port on the school's SSH server is 22.
Do I have any options? I would just love to have some sort of database program with a terminal window on the bottom part of the screen and a GUI on top.
Is SSH tunneling not working, it sounds like it would be perfect. Take a look at this link.
You should be able to do something like (from a terminal on your home system)
oracle_port=XXXX
ssh -f user#school-server.com -L $oracle_port:school-server.com:$oracle_port -N
Now fire up SQLPLUS on your home machine and point it at localhost:$oracle_port.
Forgive me on the $oracle_port part, I'm not an oracle guy! Substitute appropriately.
Related
I want to set up a Linux box so that when you ssh into it you're talking to a specific application, and not ever to a shell.
I.e., I want to tell a user to log into user_level_stuff#mybox, and they get some nice super-safe (for them and for my box) application. By preference, I'd like to have this on a non-traditional port (i.e., not port 22), but I can live without that. Having my application be an ssh server is fine, as long as it can coexist on my box with a generic ssh server. Having a route, either through error or malice, to a shell would be a bad thing.
How do I do this?
By terminal I am able to SSH multiple times to connect to the server:
(client--->gateway--->server1---->server2---)
But now to do it through JSch library of Java, how to go about it?
First tried portforwarding, but on terminal I am not doing that (not setting -R -L parameters in ssh).
Then I came across question How to SSH to a server behind another SSH server using JSch?, but I don't understand how to create tcp tunnel!
Port-forwarding is the best way to go.
You do not do port forwarding in the terminal, as you connect to the second section manually by typing the ssh command. While you can automate that using JSch, it is not really a reliable way to try to simulate a human being. If you want to replace the first ssh (terminal) step with JSch, for the same reason you do not want to use ssh for the second step. The accepted answer in the question you link to also discourages you from trying that. While when everything goes ok, it might work. But once any problem steps in, your will have troubles dealing with it automatically. For example, you can hardly automate host key verification for the second server.
The SSH tunnel is port forwarding. But maybe the mentioned ProxySSH (which does not seem to exists anymore) did internally without opening a local port, but used the "port forwarding" channel directly by the second session. But that's a way too complicated to implement. Stick with simple port forwarding.
For a complete example, see:
JSch multiple tunnels/jumphosts
I'm working on a project that requires me to run my code on a remote Unix server, that is not available to connect to directly (you first have to log in to the "gate" node and then to this server).
What's really bad is that they disabled key authentication, so each time I need to ssh into it, I have to type in my password twice. It's really annoying and I wonder what's the best way to transfer my local modifications of source files to this server, compile and run them without having to provide those passwords so many times.
I have no sudo access to any of those servers (neither to this "gate", nor to this target server). Any ideas on how to make the whole process more efficient?
EDIT: Martin Prikryl provided a great answer below, but it's suitable for Windows and I'm on a Mac :) I guess it might be a good thing to have it documented here also for *NIX systems.
You are looking for SSH tunneling.
WinSCP SFTP client supports one-hop SSH tunneling natively.
See the Tunnel page on WinSCP Advanced Site Settings dialog.
I assume that after you transfer the file, you need to open SSH terminal to compile the file.
You may be able to make use of WinSCP Console window for that step.
Alternatively, if you need/want to use a real SSH terminal client, make use of an existing SSH tunnel, created by WinSCP, and connect with PuTTY (or any other SSH client) over it.
In the Local tunnel port of WinSCP Tunnel page, select a fixed port number (instead of the default Autoselect). In PuTTY enter "localhost" to Host Name and the selected port in Port.
(I'm the author of WinSCP)
I have a website in one place which needs to transmit information and ssh to a second server. For security the second place doesn't like ssh in, they want vpn. I have seen postings on here for vpn from android, but is there anything for php under linux?
A command line utility would do it. I want to:
scp a file over, ssh a script, get the output back.
This has probably been asked somewhere but I can't find it for the life of me.
I am currently setting up a server machine, and I want to make it so that only computers which are directly SSH'ing into the server and has an authorized key can get in. I've already gotten the keys to work, but I don't know how I should go about making sure that people can't multi-hop their way into the server machine. I want to know:
Is it even possible to disable multi-hopping by only changing settings on the server machine?
If it is, how do I go about doing it?
If not, what other options do I have to achieve what I'm trying to do?
I don't believe it's possible by only changing settings on the server.
If your server is called server and another machine on your network is called aux, then you need to disallow the following multi-hop methods, probably others as well:
ssh -t aux ssh server
ssh -o ProxyCommand='ssh aux /usr/bin/nc %h %p' server
ssh -N -L 2222:server:22 aux & ssh -p 2222 localhost
So you need to ensure that
ssh when run on any other machine on your network will refuse to connect to server, except when the user is logged in locally (not via ssh)
alternatively, ensure the sshd setting AllowAgentForwarding is set to no on all other machines on your network
the manpage notes that this "does
not improve security unless users are also denied shell access, as they can always install their own forwarders"
netcat and equivalents are not installed on any other machine on your network
the sshd setting AllowTcpForwarding is set to no on all other machines on your network
the manpage notes that this "does not improve
security unless users are also denied shell access, as they can always install their own forwarders"
This may be a bit much.
Perhaps you can keep the private keys embedded on hardware tokens that may not leave the building? This is beyond the limits of my experience, though.
You should get a better answer if you ask at ServerFault.com, and hopefully your question will be migrated there soon.