Running Windows 10 home I keep getting the following error message when I try to open Google Cloud Shell in Chrome:
Cannot connect to Cloud Shell due to a client network error. Please ensure you are connected to the internet and your network proxy settings allow connections to Cloud Shell.
In Firefox it's this error message (incl. incognito mode): An error occurred while communicating with the SSH server. Check the server and the network configuration.
I have tried:
Instances (VM on GCP/Compute Engine) in 2 different zones
Switching off firewall
Safe mode option for google cloud shell
Restart google cloud shell
Two different computers, on two different networks
No proxy server marked in LAN settings
Clearing cache on Chrome browser
CMD as Admin netsh winsock reset
CMD as Admin netsh int ip reset resetlog.txt
CMD as Admin netsh int ipv4 reset
CMD as Admin SFC/Scannow
CMD as Admin DISM /Online /Cleanup-Image /RestoreHealth
Using Chrome SSH extension - SSH for Google Cloud Platform
Connected through Tunnelbear VPN
Applied latest Windows Update patch - November 27, 2018—KB4467682
Deleted SSH keys in "Compute Engine -> Metadata"
Any suggestions are really appreciated!
Relevant troubleshooting link for others could be - https://cloud.google.com/compute/docs/ssh-in-browser#ssherror
More than an answer is a comment, if I understand you are try to open the Cloud Shell from the web browser, the browser is as not incognito mode?, disabling the default proxy configuration from your browser. Any relevant change from your firewall rule in the Win10 host?
I found that an Ad Blocker on my Firebox browser was preventing connection. If you disable it for Google Cloud then it works again.
Related
We do have one server [Windows Server 2016] and i want to monitor that server, by installing Wazuh Tool.
I saw the documentation, but still i am getting confused. Should i need to install,
Wazuh Server
Wazuh Agent
Kibana
in server.? I don't see any article related to installing Wazuh Server in Windows Machine.
After following up the wazuh documentation, i can able to go up to a certain limit.
Installed Virtual Box in Windows Server.
Downloaded Wazuh OVA file and imported the same into virtual box.
Now i can able to connect to Wazuh Server, using the default credentials.
Now i stuck up at one place. I need to get the IP. I tried with 'Ip addr' command. But still, it is showing 127.0.0.1/8
As far as i checked, it is creating some dynamic IP's. Is there a way to setup Static IP. So that, i can able to access Wazuh Web console
through that IP.
Some of my findings:
It seems that the eth0 network interface for the VM does not have an IPv4 address assigned to it.
In the video in the documentation when running 'ip addr' it shows a dynamic IPv4 address as well as the IPv6 address so I suspect that this is the reason you cannot access the web console. This could be caused by the type of network interface you created for the VM in virtual box.
-------- Edited----------
As per your guidence, i did the following things.
Wazuh Server:
Virtual Box -> Adapter 1 -> Bridged Adapter
Virtual Box -> Adapter 2 -> Host-only Adapter
Started the Virtual Box and checked the 'Ip addr' command. Got the following IP's, eth0 [192.168..] and eth1 [10.0..]
In browser, i tried https://192.168.. and i can able to login to kibana.
Wazuh Agent:
The server which ever i am going to monitor, i installed Wazuh Agent. In the Wazuh Config file, i need to specify
Here i am bit confused. Should i need to give the actual server IP [where the wazuh server is] or i need to specify the IP's which i am getting in 'Ip Addr' command.?
I have tried all the IP's. When i check the Logs, it is showing like,
start_agent.c:100 at connect_server(): ERROR: (1216): Unable to connect to 'xx.xx.xx.xxx': 'Bad file descriptor'.
I recommend you reading the Architecture guide for a better understanding of how Wazuh works. Its architecture is based on agents, which means you need to install Wazuh agent on those endpoints you want to monitor (for example, your Windows server), and then connect these agents to a Wazuh Manager server (which need to be installed in a Linux machine, so you will need another server).
Kibana/Splunk are optional and useful tools to index the data generated by the manager for better visualization. I recommend using Kibana and the Elasticsearch Stack.
For the Linux Wazuh Manager server I recommend trying the all in one deployment, or, if you will have few agents connected and doesn't want to deploy any instance from scratch, you could try the pre-built Virtual Machine appliance (OVA)
I hope this helps you. The best point to start using Wazuh is the Getting started guide. I recommend you read that first of all.
------------------------ edit --------------------
Hello,
I'm sorry if I weren't clear enough. Wazuh has two main components: Manager (server in the documentation) and Agent.
The manager is also called a server because it serves the Wazuh service itself. That means the part of Wazuh that analyzes security events and generates alerts.
But Wazuh agent (despite its name) is also installed on servers that you want to monitorize and it is used to send security events to the Wazuh Manager (server) so they could be analyzed.
That said, if you want to correctly monitorize a Windows server you need to install the Wazuh Windows agent on it because it is designed to monitorize Windows servers. And you need to connect this agent to a Wazuh server. Here, you have different options:
You could install the Wazuh Manager in another (Linux) server.
You could install docker and docker-compose on your Windows server and use the wazuh-docker GitHub repository to deploy a Wazuh manager stack (with Wazuh, Elasticsearch and Kibana) to connect you, agent, to.
You could install the Wazuh OVA (VM appliance) on Virtualbox or similar software (this Virtual machine has installed by default Wazuh Manager, Elasticsearch and Kibana as well).
I see that you're trying with the 4th, deploying the Wazuh OVA on Virtualbox. Nevertheless, remember that you must have to install the Windows agent as well and connect it to the Wazuh Manager.
Regarding the IP question. My advice here is to enter the VirtualBox configuration for the machine and set up two network interfaces (or adapters). One host-only adapter (which will have a static IP that you could use to connect from your local browser) and other with a bridged adapter (to connect to the internet). Then, I recommend using nmtui (a console user interface for network manager) to set up your static IP as in the attached capture. That should be enough.
I have a WordPress site hosted on Google Cloud, and was working very well.
With no apparent motive, stoped working and I can't access to it, neither the front panel or admin panel.
I can't access via FTP o SSH console.
The VM on Google cloud still running as far as I can see.
Errors I get:
When trying to access de website on Google Chrome:
ERR_CONNECTION_TIMED_OUT
When trying to access FTP via FileZilla:
Error: Connection timed out after 20 seconds of inactivity
Error: Could not connect to server
When trying to access SSH:
Connection via Cloud Identity-Aware Proxy Failed Code: 4003 Reason:
failed to connect to backend You may be able to connect without using
the Cloud Identity-Aware Proxy.
i just want to update this issue.
The problem was that the memory quota.
I've increased the amounth of memory, restarted de VM and all went back to work.
Thanks
This page with SSH troubleshooting steps might be able to help you.
The issue could be solved by trying these troubleshooting steps. I think it is likely that the first one might be the cause of your issue since you mentioned it did work before.
Does the instance have a full disk? Try to expand it!
Is the firewall correctly setup, check your firewall rules and ensure that the default-allow-ssh rule is present.
Check your IAM permissions, do you have the roles required to connect to the VM?
Enable the serial console from your instance settings, connect and review the logs, they might give you some useful insights.
I'm trying to use Google's Colab feature to connect to a remote run-time that is configured with HTTPS. However, I only see an option to inform the port on the UI, not the protocol.
I've checked the Network panel and the website starts a WebSocket connection with http://localhost:8888/http_over_websocket?min_version=0.0.1a3, HTTP-style.
Full details of my setup:
I have a public Jupyter server at https://123.123.123.123:8888 with self-signed certificate and password authentication
I've followed jupyter_http_over_ws' setup on the remote
I started the remote process with jupyter notebook --no-browser --keyfile key.pem --certfile crt.pem --ip 0.0.0.0 --notebook-dir notebook --NotebookApp.allow_origin='https://colab.research.google.com'
I've created a local port forwarding with ssh -L 8888:localhost:8888 dev#123.123.123.123
I've turned on network.websocket.allowInsecureFromHTTPS on Firefox
I've went to https://localhost:8888 and logged in
Naturally, when the UI calls http://localhost:8888/http_over_websocket?min_version=0.0.1a3 it fails. If I manually access https://localhost:8888/http_over_websocket?min_version=0.0.1a3 (note the extra s) it gets through.
I see three options to solve it:
Tell the UI to use secure WS connection
Run a proxy on my local machine to transform the HTTPS into plain HTTP
Turn off HTTPS on my remote
The last two I think will work, but I wouldn't like that way.
How to do #1?
Thanks a lot!
Your option 1 isn't possible in colab today.
Why do you want to use HTTPS over an SSH tunnel that already encrypts forwarded traffic?
woocommerce webhooks aren't firing at all for me, even on a fresh install. I did the following:
Create a new MySQL database
Install WP from the zip file.
Set up WP.
Install Woocommerce.
Enable REST API and create a key.
Added "Coupon created" webhook, made sure it's set to active, and set it to a publicly accessible site.
When I create a coupon, the webhook does not fire, and no entry is created in the log. I tried this with orders as well and also doesn't work.
I think it's a machine configuration problem, but not sure what to change. The machine is an EC2 instance and has all ports opened in its security group policy.
Weirdest of all is that on a different EC2 instance does work, but it's a production machine and I want to have a dev server work so I can test out things. The only config differences between the production and dev machines that I can think of are the subnets and the firewall, but I don't understand why the subnet should matter and I opened all the firewall ports on the dev machine.
what Linux distributions are you running for prod and dev?
CentOS with SELinux enabled with not allow HTTPD scripts and modules to connect to network by default.
setsebool -P httpd_can_network_connect on
If above is not valid, please identify network problems by trying connecting to AWS RDS via SSH CLI. If you can open a connection via SSH CLI, the problem will be with your application. If you can't, it will be network problem. First thing to check in that case is AWS RDS security group. For testing you can open 3306 to public.
Let me know how it goes.
Does anyone have a foolproof way to FTP to Windows 2008 EC2 Instances? I had mine working perfectly after following a lot of online guides from other users. Then it started deteriorating, intermittently giving a "Failed to get directory listing error". Login was still all fine. Now the error is permanent and I cannot update my web site.
Amazon, of course, won't respond to any emails unless I have a support package, yet they have no documentation on setting up FTP to their servers.
I was using old IIS6 based FTP - when I was able to connect and when it stopped working I tried the new FTP 7 as detailed here: http://learn.iis.net/page.aspx/263/installing-and-configuring-ftp-on-iis-7/
Now I cannot connect at all to the server, let alone getting a directory listing.
Please someone come to my rescue!
My default security group has ports 20 & 21 forwarding for my IP address. As per the article above I have ports 4900-4910 open to 0.0.0.0/0
My client is FileZilla using FTPS (was just FTP with IIS6 FTP server), Connecting with Passive falling back to Active.
I had this issue as well and its not the easiest thing to find a fix. The following link finally worked for me. Mainly the following.
In IIS, highlight the top-level server (not the FTP site). Click FTP Firewall Support. Under Data Channel Port Range, set a small range, e.g. 41000-41099. Under External IP Address to your Elastic IP Address.
Open the Windows firewall for the ftpsvc. DISable the StatefulFtp global setting:
netsh advfirewall firewall add rule name=FTP_Service action=allow service=ftpsvc protocol=TCP dir=in
netsh advfirewall set global StatefulFTP disable
From an administrative command prompt, restart the Microsoft FTP Service to make sure all the changes take effect:
net stop ftpsvc
net start ftpsvc
Open the corresponding 100 ports, e.g. 21 and 41000-41099, in your EC2 Security Group.