How can I create a SSH tunnel to a machine (RedHat Enterprise Linux) hosting a MongoDB (Version 3) and then run R scripts from my machine (windows) on the database?
I know how to connect to the machine via puTTY and then run an uploaded FCP transferred R script from the shell on the machine, however I want to perform the analysis from my PC so I can test my scripts quickly and export analyses and results easily.
This is adapted from an instruction I have for our remote MySQL SSH connections. The remote database server is configured to listen to its local address on port 27017. (127.0.0.1:27017). You would want to replace 10.10.10.10 with the IP address of the MongoDB server.
1. Install putty.exe
2. Start putty.
3. Sessions Tab:
3a. Set hostname like:
3b. <username#hostname>
3c. Eg: mongo_user#mongodb.server.com
4. Connection : SSH : Tunnels tab.
4a. Source port: 27017
4b. Destination: 10.10.10.10:27017
5. Sessions Tab
5a. Saved Session: Type name such as “MongoDB Server”
5b. Select [Save] button
On your windows client, you would use a connection string to connect to 127.0.0.1:27017 (the local source port you configured in the putty connection above)
edit to change 192.168.0.1 to 127.0.0.1 (wrong local/loopback address)
Related
I've created a virtual machine on Google Cloud Platform following this manual.
I was able to create an SSH connection from my local machine to the VM and set it up to host a publicly available R Shiny App. Now I'm wondering if there is any way to access my local machine from the VM using this SSH connection. This would be a problem if the server gets hacked, maybe because I wasn't able to correctly configure security settings (I'm not too experienced with this). Or is this a "one-way" connection to the VM and the other way is blocked, e.g. by my personal firewall?
Any suggestion would help. Thanks!
An SSH connection requires that the target machine have a public SSH key that are used to identify an incoming client that has the corresponding private SSH key. If you can SSH from your local PC to a GCP Compute Engine (CE) then your local PC has a copy of the private key and the compute engine has the public key. This is one-way connection. There is no symmetry in a connection originating from the compute engine. To be able to SSH into your local PC then:
Your local PC needs to has SSH server installed.
Your local PC needs to have the public part of an SSH key pair configured.
The client needs to have the private part of an SSH key pair available.
The client needs to know your IP address.
There needs to be a network route to your local PC from the client.
Your firewall needs to permit the incoming client on the port that the SSH server is listening (default 22)
Unless the above are all satisfied, there should be no mechanism to allow a compromised compute engine to open a shell "back into" your local PC.
I want to access machine A which is behind the firewall through a jump host from machine B.
I want to do the same either via ssh keys or via username and password.
What will be the steps and the commands to achieve the same?
The feature is called port forwarding:
ssh -L localport:machine-a-address.domain:remote-port machine-b
Then you can simply use localpott on localhost to access the remote service on machine-a, for example:
telnet localhost localport
Basically my question is: How do I connect to a docker host on the network?
Background:
We have a Windows Server 2012 machine that I would like to run a docker engine from.
I've managed to get it running with docker-machine and the hyperv driver. I've also successfully gotten a docker host to work on my computer locally using VirtualBox, and have been using it.
To ease access to docker for other people on the network on a perpetual set-up, I'd like to use the docker host instance on the server with Hyper-V.
In my search for answers, I've not been able to find any mention of provisioning hosts on the network, only on the local and cloud.
I'd like to know what commands do I have to use to connect my local docker-machine to the server's docker host, and use it as the active docker host?
There's a blog post explaining how to add a docker engine with an IP with the generic driver, as well as some extra steps you need to go through.
ADDING AN EXISTING DOCKER HOST TO DOCKER MACHINE : A FEW TIPS
SSH Keys
The bottom section on certs explains how to get working on the remote docker engine after connecting with the create command
Old answer
To create/connect successfully the local machine must be able to ssh into the remote docker engine, and not just the server hosting the docker engine. This means a public key was generated and added (using puttygen or ssh-keygen) on the local machine and the OpenSSH RSA public key was added to the list of authorized keys in ~/.ssh/authorized_keys on the remote docker engine.
An example of an OpenSSH RSA public key (because I get confused by these formats):
ssh-rsa AAAAB3NzaC1kc3MAAACBAJ3hB5SAF6mBXPlZlRoJEZi0KSIN+NU2iGiaXZXi9CDrgVxTp6/sc56UcYCp4qjfrZ2G3+6PWbxYso4P4YyUC+61RU5KPy4EcTJske3O+aNvec/20cW7PT3TvH1+sxwGrymD50kTiXDgo5nXdqFvibgM61WW2DGTKlEUsZys0njRAAAAFQDs7ukaTGJlZdeznwFUAttTH9LrwwAAAIAMm4sLCdvvBx9WPkvWDX0OIXSteCYckiQxesOfPvz26FfYxuTG/2dljDlalC+kYG05C1NEcmZWSNESGBGfccSYSfI3Y5ahSVUhOC2LMO3JNjVyYUnOM/iyhzrnRfQoWO9GFMaugq0jBMlhZA4UO26yJqJ+BtXIyItaEEJdc/ghIwAAAIBFeCZynstlbBjP648+mDKIvzNSS+JYr5klGxS3q8A56NPcYhDMxGn7h1DKbb2AV4pO6y+6hDrWo3UT4dLVuzK01trwpPYp6JXTSZZ12ZaXNPz7sX9/z6pzMqhX4UEfjVsLcuF+ZS6aQCPO0ZZEa1z+EEIZSD/ykLQsDwPxGjPBqw= rsa-key-20160224
Not having this key in the remote docker engine gave me a exit status 255 when I attempted to docker ssh into it. At this point, only regular ssh docker#192.168.1.165 worked. Be prepared to repeat the above process.
The article also mentions sudo, but the boot2docker image used by the Hyper-V driver already allows password-less sudo so that part is already done.
Ports
Make sure TCP port 2376 is allowed connection to the remote docker engine, through the server's firewall rules, physical firewall etc.
The Command to Run
Then this command connects the remote engine to docker-machine:
> docker-machine create --driver generic --generic-ip-address 192.168.1.165 --generic-ssh-user %USERNAME% vm
> docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Running tcp://192.168.99.101:2376 v1.10.1
vm - generic Running tcp://192.168.1.165:2376 Unknown
vm is the newly added docker engine from the network, and 192.168.1.165 is the IP of the docker engine on the server.
Certs
If this works, just copying over the certs (ca.pem, ca-key.pem, cert.pem, key.pem) from the remote server directory %USERPROFILE%\.docker\machine\machines\<server's local docker engine name> to the same location on the local machine should keep it connected. Do not use docker-machine regenerate-certs since this disables any connections that other computers might have to that docker engine, including the server itself.
Active
Then finally making the engine active completes the connection.
> IF /F "tokens=*" %G ('docker-machine env vm') do %G
Note: This issue points out that the command docker-machine create --driver none --url=tcp://192.168.1.165:2376 <name> should add a remote machine's docker engine as well, should the "none" driver be working in a future version.
I'm running Sequel Pro 0.9.9.1 and can connect to a remote mySQL (v 14.14) database hosted on a server that only allows SSH connections. When I connect via Sequel Pro, I only need to fill out the ssh user and password to connect without issue. I am able to access all databases in this manner.
I then try to connect to the database in R (2.14.0) using RMySQL (0.9-3), but this command fails:
conn <- dbConnect(MySQL(), user="ssh_user", password="ssh_password", host="localhost")
with the error: "RS-DBI driver: (Failed to connect to database: Error: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)" regardless of if I use single quotes (suggested elsewhere), change the user and/or password to "root" or "", or substitute "127.0.0.1" for "localhost". If I substitute the server host for host in the R command, I am told I cannot access the server (which is true, it is configured to only be accessed via ssh).
What are the correct user, password and host to use to connect to a database accessed via ssh through Sequel Pro in this manner?
I've never done this, but I assume you could use SSH to tunnel the appropriate port, as discussed here: http://www.howtogeek.com/howto/ubuntu/access-your-mysql-server-remotely-over-ssh/ .
In brief, you would:
Tunnel the appropriate port through SSH, which by default would be
3306 for MySQL.
Use dbConnect() to connect to the MySQL server as
if it was on your local machine.
This bypasses the need for Sequel Pro. The tunnel essentially allows traffic on your local 3306 port to be tunneled through an SSH connection on port 22 between your local machine and the server and then forwarded to port 3306 locally on the server.
I got access via SSH (root access) to a Machine that's inside a network at my client's office.
I'm programming in my computer a PHP application that needs to integrate to LDAP. The LDAP server is in another server at my client's network and not accesible from outside, however I can perfectly access it via the server I can connect to via SSH.
My question is: IS there anyway I can make a tunnel and setup a port in my computer to get the traffic forwarded to the LDAP server using my SSH connection to one of the computers on the network?
Thanks!!!!
Yes, ssh has a "-L" option to create a tunnel. That option takes 3 parameters, separated by colons (:). Local listen port, remote host, remote port.
ssh -L 9999:ldapserver:389 user#otherhost
Where 9999 is the local port that the tunnel will be created on. The ldapserver:389 bit tells it where to connect to on the other side.
Then, tell your application to connect to localhost:9999 (or whatever port you choose) and it will be tunneled across.