Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'm trying to tunnel to a machine on a private network. I can ssh to one of the machines on the private network. My network is 10.4.0.x and the private network is 192.168.1.x.
I can ssh to the tunnel machine and then ssh to the destination machine from there without problems.
But I just want to tunnel from my machine directly to the destination. I am using this command but it is hanging. How do I specify the username of the machine I'm trying to access?
ssh -N -L localhost:22:DESTINATION_MACHINE:22 BRIDGE_MACHINE_USER#BRIDGE_MACHINE
ssh -N -L localhost:22:192.168.1.4:22 bridge#10.4.0.41
You can do it in two steps. The first command below sets up the port forwarding. The second command establishes an SSH session with the final destination machine.
First command:
ssh -N -L localhost:3306:destination:22 bridge-user#bridge-machine &
-N: don't create an interactive login to bridge-machine, just connect and do the port forwarding.
-L localhost:3306:destination:22. Arrange that any network request received on port 22 on the local machine is forwarded, via this ssh session, and re-issued on bridge. Since bridge can route to destination, the re-issued request will work. We choose 3306 because we need a port number that is not presently being used. We use 22 as the destination because that is the well-known port for SSH.
bridge-user#bridge-machine - Since this SSH session terminates at bridge, we need bridge credentials.
& - run in the background so that we can issue the second command.
Second command:
ssh destination-user#localhost -p 3306
destination-user - Since the end-point of this connection is destination, we need credentials from there.
#localhost - We are actually connecting to the forward service established in step 1.
-p 3306 - The command from step 1 arranged that any requests received on localhost:3306 will be re-issued from bridge to destination:22. So we treat localhost:3306 as a local alias for destination:22.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I am doing my hw on this page: https://www.isi.deterlab.net/file.php?file=/share/shared/Softwareexploitsexercise/index.html#dassign
In the second task, I don't really know how to do the following:
If you have set up ssh tunneling to port 80 via local port 8118 (a
good idea), the memo application can be accessed at
http://localhost:8118/cgi-bin/memo.cgi
How to set up ssh tunneling to port 80 via local port 8118? Is that certain command in terminal? Could you tell me how to do? The whole operation should be done in shell because it is on certain platform.
This ssh feature is called port forwarding.
Local port forwarding listens to the port on local machine and forwards it via the connection to specified destination:
ssh -L 8118:localhost:80 ssh-server
In the example it forwards the port from client machine to localhost of the remote server but you can specify any destination you want. I assume the http server runs on that server.
Remote forwarding does the opposite, i.e. listens on port on remote server and forwards via ssh to specified destination:
ssh -R 8118:localhost:80 ssh-server
Again, it doesn't have to be localhost. It can forward the port 8118 on ssh-server to any destination accessible from the client machine.
Both forwardings are useful when the service is not directly accessible from the remote destination, either because of firewall, visibility or simply the service running on localhost only.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
There's a file on a node I'm trying to grab with WinSCP. Normally to access the file through my Linux VM I use the commands
ssh -p 2200 -L 2020:py-01:22 foo#university.edu
and that builds a tunnel to where I want to go. Then I open a second terminal and say:
ssh -p 2020 foo#localhost
Which connects me to that tunnel and I can see the file I want to get at. So I'm trying to use WinSCP to do the similar process so I can see the file and then make my own copy of it but I'm falling short. Can someone help me plugin the above commands to WinSCP?
If you need to connect through a tunnel for an SSH terminal session, you need to connect through the tunnel with WinSCP for an SFTP session too, as the SFTP uses the SSH underneath. There's no difference.
To setup a connection through a tunnel in WinSCP:
first set up a session as if you were connecting directly, i.e. py-01
click the Advanced button to open the Advanced Site Settings dialog
there go to the Connection > Tunnel page
check Connect through SSH tunnel
in the Host name specify a host to tunnel through, i.e. university.edu
in the User name specify an account for the tunnel host
Note that tunnel port is autoselected, so you do not specify it (2200) anywhere.
For detais, see:
https://winscp.net/eng/docs/ui_login_tunnel
If you have an SSH tunnel setup already (using the first command from your question, if it is run on Windows using Cygwin), you can connect to the existing external tunnel with WinSCP:
the Host name localhost
the Port number 2200
You can also do it the other way around: Explicitly specify the Local tunnel port number in WinSCP, and reuse the WinSCP tunnel also for an SSH terminal client.
Generally, a tunnel is not required for WinSCP. You can connect to the remote Linux machine via standard ssh port 22.
However, if you still need the tunnel, there is a guide: http://winscp.net/eng/docs/ui_login_tunnel.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Alright, so I'm not great (or even good) with servers, but have recently been put in charge of the task of setting them up. I have an application sitting on a VPS, here are the specs that may matter for this question...
Ubuntu 10.04
Nginx
ufw
So I was setting up my first firewall and was using UFW. I accidentally only opened up ports 80 and 443 (I was confused about setting up an SSL cert (also a new task)) and got logged out of the server. My ssh is set to try port 22 and so when I try to ssh in, it won't let me, I get this error --
ssh: connect to host xxx.xxx.xxx.xxx port 22: Operation timed out
So I tried to ssh in on one of the open ports by running this command --
ssh deployer#xxx.xxx.xxx.xxx -p443
and received this error --
ssh: connect to host xxx.xxx.xxx.xxx port 443: Connection refused
The same thing happened for trying port 80.
What do I do? I already have a live and very active application on this server. I need to be able to login and reopen port 22 for ssh or switch ssh over to another port.
Side note: sftp did not work either.
Most (if not all) VPS providers have a shell integrated in the control panel of the customer, so even if you have the sshd off you can still run commands on the server.
If not you can still also contact the hosting company and they can run commands on any of the virtual devices they are hosting.
Because your ssh server is running only on port 22 you will not be able to connect to it through port 80 (usually used for http) or port 443 (usually used for https). So there is nothing you can do from remote :(
If somehow you could upload and execute a file in your application, then to get a shell on the server is only a matter of uploading a reverse-shell. Some web applications allow the admins (I suppose you're an admin of the web application) to upload this kind of files (.php, .perl, etc.). Maybe is the case of your application. If you can't upload a file, then you probably are screwed.
Note that this isn't a good security practice. The application shouldn't allow you to upload and execute code, because if somehow an admin account is compromised, then the whole server may be compromised.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I need to ssh to a remote host 2 when I am "sshed" in other remote machine (remote host 1). For example, from remote host1 I need to execute:
ssh -i MY_PRIVATE_KEY_FILE_NAME myname#remotehost2
However, my private key file is on my local machine. How can I specify it?
You can use ssh agent to forward your local key.
Start your agent (should be already installed) with
ssh-agent
then add your local key
ssh-add /path/to/your/keyfile.key
then login to serverA
ssh -A userA#serverA
Now you should be able to login at serverB with you local key.
Options:
scp the key to remote host 1
Copy the key manually, i.e. copy locally, open an editor on remote host 1, paste, save.
Connect to remote host 2 from a different local terminal (or drop the connection in the one you're on)
Set up ssh forwarding. I believe it would be something like ssh -R 12345:remotehost2:22 user#remotehost1, then from local ssh -p 12345 user#remotehost1. Note that user in the second command is the username for remotehost2, despite apparently connecting to 1.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
So I've been scouring the internet for days trying to figure this out and can't figure it out.
I know its going to be an easy one.
So I recently took an old desktop and loaded ubuntu server 12.04 on it. My goal with this project is to create an area to host a few git repositories and maybe a simple webpage.
I've installed both the SSH and Apache2 packages and tried to configure them. Right now I can log in from my laptop using ssh greg#0.0.0.0.0 but only while I am on the same network. Once I leave the house I get a timeout error.
So 2 things I would like to get at right now.
How to configure the SSH to allow me to access the server from outside the network.
Get my host name on the server so logins will be greg#hostname instead of greg#0.0.0
(I've done sudo hostname and changed the etc/hostname file and no results)
Thanks guys.
The timeout external to your home network occurs because the IP you specified will be routed elsewhere on external networks.
As others have indicated, you need to configure port forwarding on your router (external interface) to the SSH server. You can either use the standard port (22) or any alternative port (something above 1024). For the webserver you will need to set the port forwarding from port 80 on the external interface to your server and maybe port 443 if you want to include SSL/TLS connections.
I also recommend using the SSH config file (~/.ssh/config) to make it easier when making either an internal or external connection. Add something like this:
Host serverext
Hostname 1.2.3.4
User greg
Port 22
Host serverint
Hostname 192.168.1.10
User greg
Port 22
Change the Hostname for the serverext config to the IP address of your Internet connection. If you use a non-standard port for the external SSH connections then change the port field for serverext to match that.
Change the Hostname for the serverint config to the internal IP address for that server on your network.
Once this is configured, in conjunction with the port forwarding you will be able to use "ssh serverint" to connect to your server when you're at home and "ssh serverext" to connect to it when you're somewhere else.
It is possible to include advanced configuration options through the SSH configuration file, such as port tunneling and websocket connections. In the past I've done things like that and redirecting SSH connections through SOCKS proxy servers. I've even had it run through Tor, but it is very slow.