To make a long story short, a former developer have setup a database(MongoDB) at Amazon Web Services(AWS), through EC2. Now to the problem, all I have got thus far is the information in the previous sentence as well as a .PEM file, and I would like to access the database through R, is that possible?
Sorry that I don’t have more information at the moment, but I just have no idea where to start.
If you have the PEM file you can follow the directions to access the instance here. Now this assumes the instance has a public ip address that is internet reachable with port 22 open.
If it does not you'll need a vpn setup to reach the private instances.
If you do not have the PEM file you'll need to re-create instance by snapshotting it and creating a new instances based off of that snapshot, with a PEM key you do have access to. Here is the AWS documentation on that process
Related
I installed wordpress in a GCP VM and tried installing plugins and themes through the wp-admin dashboard, but it asks for an FTP server.
I installed vsftp but couldn't connect to the server, even after creating firewall rules. I was hoping someone could help.
As other have pointed out, knowing what type of firewall rules (and how) you have configured or if you followed a specific tutorial would be very helpful to provide a specific answer. I'll do my best to provide a general answer based on the details you shared.
It's not clear to me if you modified the firewall rules inside your instance or in the Cloud Console. This page describes the commands for working with firewall rules in GCP and offers some examples in using them. In case you were setting firewall rules within the instance, make sure both firewalls are configured properly.
I'm not familiar with vsftp but I found this tutorial that you may find helpful as it's specific for GCP.
As Gurpreet mentioned in his reply, you can use SSH keys to connect via SFTP instead. This is a tutorial to configure an SFTP connection with Filezilla and is also specific to GCP.
If you expanded your question with more details, screenshots, etc. maybe we could provide better suggestions to solve your issue.
You can use filezilla to connect to GCP through SFTP.
Web Host is your public IP
Username should be root by default unless you changed it
And, Password is your root password.
If you don't have the root password or not able to connect via SFTP You can use SSH keys.
Read this carefully regarding how to add SSH keys in Google Cloud Console:
https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys
After adding SSH keys, you can Filezilla without root password using SSH keys
https://tecadmin.net/import-private-key-in-filezilla/
Let's say I want to set up a poor man's authentication scheme for a simple network service.
I don't want to bother with username/password authentication, for simplicity I just want to have a list of public keys in my application and anyone who can prove they are the owner of that key can use my service.
For the purposes of my application it would greatly simplify the authentication process since all my users are on the local network and they all use Unix. Anytime I onboard a new user I can just ask them for their ssh public key.
Is there a simple way to reuse the mechanism involved in ssh public key authentication in a non-ssh application? This is question is intended to be language agnostic.
If you just have a list of users that can use your application and you have no need to see who did what.
You can setup your server so that it listens only on localhost (127.1) rather than 0.0.0.0, and provide a restricted sshd, forwarding the port required to connect to the application
~/.ssh/authorized_keys will provide a list of the authorized keys that can be used.
ssh -I private_key_file <hostname> -L 3000:localhost:3000
For a basic setup and help with configuring your sshd, check out this answer:
https://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding
Note: Be warned that if you don't lock it down, any user will have full shell access on your box where the machine is hosted.
A dirty hack from top of my head: could you wrap the application so that it would create an actual SSH tunnel from localhost to your server, and use that for ?
Assuming you are talking about a web based application. What you are really looking for is X.509 Client certificates (1.3.6.1.5.5.7.3.2). This will allow you to identify a user individually to your application.
These face the same issues that are usually faced when looking at key distribution. Which is generally considered a hard problem.
If you wanted to head down this road here is what you would need to do.
Generate a root certificate (once)
Setup web server with appropriate modules to parse the certificate (nginx/apache)
Generate a certificate for each user (openssl)
Download cerificiate from centralized server. (maybe use their ssh pub key here)
Install the x509 cert locally (OS Dependent)
On the server side, you would need to process the cert as part of the web-server (nginx or apache should have modules to do this) and then pass the name onto your application as a header field which you can then process internally.
This is a much better security solution than usernames and passwords, however is complex because of the key distribution issue. Most people wouldn't bother since in most applications it is easy enough to integrate logins with LDAP or radius.
I got the connection details of a SFTP server, connected to it with FileZilla, and then successfully downloaded a file from that SFTP.
The only details I had was host, port, user and pass.
Now I'm trying to connect to this same server trough WinSCP .NET assembly (C#)
using(Session session = new WinSCP.Session()) {
session.Open(new SessionOptions() {
Protocol = Protocol.,
HostName = "ftp.*********.be",
UserName ="*****",
Password ="*****"
});
TransferOptions transferOptions = new TransferOptions();
transferOptions.TransferMode = WinSCP.TransferMode.Binary;
TransferOperationResult transferResult;
transferResult = session.GetFiles("/downld/fileonserver.dbf",#"c:\testfolder\localfilename.dbf", false, transferOptions);
Whatever I try here it keeps asking for a key for SSH, but I don't have that key, I generated a 128 bit RSA key somewhere online and put it in the session options like:
SshHostKeyFingerprint = "ssh-rsa 1024 82:09:12:b4:93:92:3a:61:10:90:61:12:b4:XX:XX:XX"
But this just tells me that key is invalid.
I kind of figured out that I maybe need the public/private SSH key from the server to get this to work but I sadly don't have access to this server.
Since FileZilla can connect to it without me entering any KEYS, why can't my C# program do the same?
I'm not an expert when it comes to security related stuff, so please point me in the right direction. I found this thread but I don't have access to .ssh folder on the FTP server and I don't really get where they are going with this.
You are confusing the SSH server public host key verification with the client public key authentication. These are two completely different things. This first involves the public key of the server, while the latter involves your account public key.
Read about SSH Key Pairs to learn the difference.
FileZilla cannot connect without verifying the server's public host key either. On the first connection it always prompts you to accept the key. Once you do, it optionally caches the key and won't prompt you again, unless the key changes.
You have probably forgotten that you got this prompt before or someone else connected to the server before from your machine.
Any SSH (SFTP) client must do the same. You are losing any security had you not verified your server's host key.
You should get the host key fingerprint from your server administrator.
If you had not, you can see it on WinSCP Server and Protocol information dialog.
For details see WinSCP FAQ Where do I get SSH host key fingerprint to authorize the server?
I solved this by just copying the SSH key returned to my FileZilla client into my C# app. I don't know if this is the right thing to do, but at least it got my solution working now.
It was also an SSH-DSS key 2048 key instead of an SSH-RSA 1024, and that's why messing around with the keys kept failing I guess.
Recently all our testing machines have been moved to a secured shell network. As a result, ip addresses of all these machines has now been changed and we have to access these machines using SSH protocol now onwards.
However, I am not able to access any target machine which is also enabled for SSH using "remsh" to perform some task.
I have checked the existence of ".rhosts" file and and entry of the target machine's ip entry into "/etc/hosts" file.
Kindly let me know if I need to change/look any where else to make remsh work?
Remsh, rlogin, rsh, and rcp are not a secure systems as information is sent as plain text between the machines and because the hosts verification is not done with secret keys but is host-based and can be forged. I would think that you have changed to ssh precisely for these reasons.
Luckily you can do all the same things using ssh. For example, after configuring the machines to use public & private key pairs, you can run commmands on remote machine automatically (by supplying password or using passwordless keys):
ssh user#remotehost command-to-be-run
If you haven't used ssh much earlier, there are a lot of things to learn, but isn't that fun? As a result you will also know how to do state of the art secure connections. You will want to learn especially about public key authentication.
There are lots of tutorials on the Internet how to create and use keys and use ssh. http://www.olearycomputers.com/ll/ssh_guide.html seems like a good starting point. https://engineering.purdue.edu/ECN/Support/KB/Docs/SSHReplacingRhosts discusses specifically replacing .rhosts authentication with a key pair.
I am writing a small c# app to run at startup when a new machine is booted, connected to our corporate network.
I have some code which checks whether a machine account for the machine already exists on the domain, and if so deletes it, prior to joining the machine to the domain.
This works fine on my computer, which already has the trust set up to the domain, but doesn't from a test machine which is not yet joined.
Is there a way round this? Not sure if this is one for Serverfault or Stackoverflow - so hedging my bets!
Yes you can, via LDAP, as long as you can connect to a domain controller via your underlying network transports (ie- TCP/IP). You'll need to bind to Active Directory under the context of a domain user who has at least read access to the directory. You'll also need to specifically call out which domain controller you want to connect to as autodiscovery relies on a domain connection.