I'm trying to write a go application that would allow me to perform reverse ssh tunneling between a Windows machine and a Linux machine using the go ssh library.
In the process of doing so, I create a listener on the remote machine, as follows:
remoteListener, err := sshClient.Listen("tcp", remoteString)
where sshClient is an object of type ssh.Client and is configured to connect to the remote machine.
The issue here is that when the sshd process on the Linux machine disrupts the connection with the application, the ssh Listener remains alive on the remote machine. So, reconnecting with the application fails because a listener is already running on the same port on the remote machine.
How do I get around this issue? Does the ssh library allow me to define a timeout on the listener?
I'm just waiting for the timeout after reconnecting. I found no other easy solution for this.
Related
I'm trying to connect a VM I have in AzureML studio. I keep getting the following: Connection attempt timed out for ''. Verify that server is accessible and SSH service is accepting connections.
Go to your VM config and test your connection through the 'connect' tab. Is your test successful? If not, check if port 22 is blocked. Watch for automated blocking rules applied to your VM.
we have DSVM attach in preview - might be interesting for you: https://github.com/Azure/azureml-previews/tree/main/previews/dsvm-attach.
I am looking to use asyncssh with python3.7 (asyncio)
Here is what I want to build:
A remote device would be running a client that does a call-home to a centralized server. I want the server to be able to execute commands on client using reverse ssh tunnels on the incoming connection. I cannot use forward ssh (regular ssh) because the client could be behind NAT and server might not know the address of the client. I prefer client doing a call-home and then server managing the client.
The program for a POC should use python3 + an async implementation of ssh. I see asyncssh as the only viable choice (please suggest if you have an alternate):
Client: Connect to server and accepts reverse ssh tunnels to be opened on same outbound connection
Server: Accepts connection from client and keeps the session open. The server then opens reverse ssh tunnel to the client. For e.g. the server program should open 3 reverse ssh tunnnels on the incoming connection. Each of these tunnels would run one command ['ls', 'sleep 30 && date', 'sleep 5 && cat /proc/cpuinfo']
Server program should print the received response for each of these commands (one should come back amost immediately, other after 5 and other after 30).
I looked at the documentation, and I could not see examples of using multiple reverse ssh tunnels.
Anyone has experience using this? Can you point me to examples?
Developer of asyncssh has provided an example:
As of now, this is in develop branch. I have tested it and it does the job perfectly!
https://asyncssh.readthedocs.io/en/develop/#reverse-direction-example
[If you are checking this after a while, you might find it in master documentation.]
I have created basic ASP.Net Core server on Azure Ubuntu VM. I have exposed the server to a port 80 using nginx.
I am conecting to the VM via ssh.
And starting the server with "dotnet run" command.
That works fine.
However, every time I close the ssh connection, the server is stopping as well.
Is there a way to start and keep running the asp.net core server on Linux without having an active ssh connection?
Basically what happens is:
You login with ssh
you startup an application under your user (dotnet run)
Close your ssh => logging out user, which means application is closed.
You need to start a service outside of your user. Here is some information:
https://askubuntu.com/questions/8653/how-to-keep-processes-running-after-ending-ssh-session
Otherwise i'd advice you to ask on https://askubuntu.com/
I want to setup monit on a server which is going to be a centralized server to monitor processes running on remote servers. I checked many docs related to setup monit but could not find how to setup for remote server processes. For example a centralized monit server should monitor nginx running on A server, mongod running on B server and so on. Any suggestion how to do this?
In the documentation, Monit can be able to test the connection remotely, using tcp or udp, what you can do is to provide a small status file that gets refreshed for each technology you are intending to monitor, and let Monit hit that status file through http, etc. and can be used as follows:
check host nginxserver with address www.nginxserver.com
if failed port 80 protocol http
and request "/some_file"
then alert
Since you are testing a web server that can be easily accomplished with the above. as a note , below is the part about Monit connection testing:
CONNECTION TESTING Monit is able to perform connection testing via
networked ports or via Unix sockets. A connection test may only be
used within a check process or within a check host service entry in
the Monit control file.
If a service listens on one or more sockets, Monit can connect to the
port (using either tcp or udp) and verify that the service will accept
a connection and that it is possible to write and read from the
socket. If a connection is not accepted or if there is a problem with
socket i/o, Monit will assume that something is wrong and execute a
specified action. If Monit is compiled with openssl, then ssl based
network services can also be tested.
The full syntax for the statement used for connection testing is as
follows (keywords are in capital and optional statements in
[brackets]),
IF FAILED [host] port [type] [protocol|{send/expect}+] [timeout]
[retry] [[] CYCLES] THEN action [ELSE IF SUCCEEDED [[]
CYCLES] THEN action]
or for Unix sockets,
IF FAILED [unixsocket] [type] [protocol|{send/expect}+] [timeout]
[retry] [[] CYCLES] THEN action [ELSE IF SUCCEEDED [[]
CYCLES] THEN action]
host:HOST hostname. Optionally specify the host to connect to. If the
host is not given then localhost is assumed if this test is used
inside a process entry. If this test was used inside a remote host
entry then the entry's remote host is assumed. Although host is
intended for testing name based virtual host in a HTTP server running
on local or remote host, it does allow the connection statement to be
used to test a server running on another machine. This may be useful;
For instance if you use Apache httpd as a front-end and an
application-server as the back-end running on another machine, this
statement may be used to test that the back-end server is running and
if not raise an alert.
port:PORT number. The port number to connect to
unixsocket:UNIXSOCKET PATH. Specifies the path to a Unix socket.
Servers based on Unix sockets always run on the local machine and do
not use a port.
When I use WinSCP in Windows to connect to VMware with Ubuntu, it prompted this:
The server rejected SFTP connection, but it listens for FTP connections.
Did you want to use FTP protocol instead of SFTP? Prefer using encryption.
What's the matter?
I can succeed to ping Ubuntu in Windows.
The fact that you can ping the server has nothing to do with what protocols it supports.
The message says that the server does not listen on port 22 (SSH, SFTP), but listens on port 21 (FTP). The point of the message is that WinSCP defaults to SFTP protocol, what is not common. So it tries to help users who expect FTP to be a default. But that's not relevant to you apparently.
As #ps2goat suggested, make sure you setup SSH/SFTP server.
For more details, see the documentation for the error message The server rejected SFTP connection, but it listens for FTP connections.
If you see this error all of a sudden (when SFTP has always worked for you for this particular server), and if you are using CSF (ConfigServer Security & Firewall), then it might be that your IP was blocked for SSH access. Try flushing all blocks. Also, try restarting the SSH server.
Old question but still responding so others might get benefited.
I stumbled upon this error and the first thing I checked was if my ubuntu machine had ssh installed. It was there and the latest version and I still would get this error.
As long as you have ssh access to the target, check the ssh service status and most certainly it'd be found inactive. Turn it on using
sudo service ssh restart
and you should be back in the game.
Do check the status of the SFTP by using
sudo service ssh status
and take any corrective action.