I know you can set up remote connection in Netbeans or as others have suggested, mount the remote file system locally and let Netbeans read that.
This current set-up I have to SSH into a remote server and then SSH again into another one.
Is it possible in Netbeans to access the filesystem on the 2nd server hop?
I think you can setup a SSH local port forwarding on your first remote server to archive what you want here. Once ssh connection established with the first server, it will be tunnel to second server. Also, will be much more convenient if using SSH public key as authentication method.
Run below command on your local (Need to keep this running)
ssh -NL 2222:server2.example.com:22 server1.example.com
Test connection with ssh locally
ssh localhost 2222
So in your case, Netbeans just need to connect to localhost port 2222.
Ref: https://www.ssh.com/ssh/tunneling/example
That isn't answer you expect, but to big to put it in comment.
I think best solution is configure autostart some service which will create tunnel to first server on your login and bind local port (let's say 2222) to second remote server ssh port. This is basical feature of ssh client. When you can configure Netbeans to connect to localhost:2222 and login right into second server. You might need to use keys authentication for first server.
Where are examples to make such thing. Like is underneath link on article
http://www.pc-freak.net/blog/start-ssh-tunnel-pc-boots-windows-alwaysup/
Since you can get ssh access via a daisy-chain, you can very likely use SSHFS:
https://github.com/libfuse/sshfs
Available in Debian (and therefore, likely many other distributions):
https://packages.debian.org/jessie/sshfs
As long as you have ssh keys set up properly on each server, you can daisy-chain mounting via SSHFS to the machine where your NetBeans app is running.
https://en.wikipedia.org/wiki/SSHFS
NOTE: There are some caveats, including that SSHFS expects that it is the only mechanism used to update the filesystem, and that there is only one writer at a time. Undesirable behavior can occur if you allow other mechanisms to change the files or directories on the target server, including data loss and/or corruption.
Related
It's easy to simply scp from another computer to the local one or vice versa. However, how to do it when you already sshed into another computer?
user#anothercomp:~/$ssh ~/path/file (how to specify local computer?):~/localpath/file
Note that my computer is a personal laptop instead of a server, so answers here Download files to local drive when sshed do not apply since it requires to specify the domain name, and my laptop is no server.
So what's the correct way to specify my local computer? (Please don't say exit ssh and then scp, since it will possibly lose temporary data when working)
You don't need to exit ssh, you can run scp from another virtual terminal in your laptop.
For convenience, you may want to try connection sharing, to avoid the need to enter passwords again; you may either use ssh -M or modify ~/.ssh/config. See man ssh and man ssh_config for details.
By SSH'ing into the second machine you lose the context of your first. For the purpose of transferring files the second machine would need to scp the files to the first, or could use a different (yet similar) approach such as sshfs.
If the issue is that the second machine does not have network access to the first, then tunneling is the likely solution. However, this just enabled scp or sshfs to connect--it doesn't let your ssh session access paths or variables from your local machine.
While your computer does not have a domain name, it still has an IP address, so you can connect to the IP address. You can retrieve the address from the SSH_CLIENT variable. See How to get the IP address from $SSH_CLIENT.
Obviously to ssh or scp to your computer, you need to be running an SSH server there. What is not common, if you are running Windows, in particular.
I was setting up a Perforce server and only noticed options for localhosts and such. What I'm trying to do is setup up the server on a desktop machine at one household, and then be able to connect to it using the P4V Client to access the files over the internet form a another household. I no that I'll have to forward some ports and stuff but what set up files do I need to do this? I can only find info for servers that are all being run on the same network like at a business or something nothing that is over the internet. I've set up a team speak server like this where you go to connect and type in the ip address and port and then connect to the server but this dosn't have options like that, that I've seen anyway. This will be done all on Windows 7 64 bit machines. Server on desktop and clients will be on desktops and laptops. All help is appreciated and I'll be posting back with updates on what i'm doing so others can follow this as well if needed.
The server accepts TCP/IP connections, which can be from any client machine which has TCP/IP connectivity. The Perforce server configuration for telling it which IP address and port number to listen at is the P4PORT setting: http://www.perforce.com/perforce/r12.2/manuals/cmdref/env.P4PORT.html
Since you're on a Windows machine, your server will probably be run as a Windows Service, and hence its P4PORT setting will be held in the registry section for that service. You can edit the service's configuration using a registry editor such as RegEdit, or more simply you can use 'p4 set -S Perforce P4PORT=my-host-name:my-port-number' to specify the desired IP address and port.
Then restart your Perforce service from the Services Control Panel and you're good to go!
I have to occasionally work remotely. In order to do so, I have to connect to a gateway server, through which I can then connect to the development server. At work I can connect directly to the dev server. I use SSHFS to map the remote folder to a local one (in Ubuntu). My colleagues don't seem to mind using vim for all of their work, but I really prefer and IDE. I know that using just ssh I can tunnel through multiple connections (ssh -t server1 ssh -t server2), but I'd like to do the same with SSHFS. Does anyone know how this could be accomplished?
Yes, it can be done. For this, the remote server has to support local port forwarding (which might be disabled for security reasons). What you bascially do, you instruct the remote server to open a tunnel to a server in the other network for you:
ssh -fL 127.0.0.1:someport:host.in.the.remote.net:22 proxy.host
someport should be an unused port on your machine (for example 2222), host.in.the.remote.net should be the hostname or IP of the development machine you eventually want to connect to, from within the network of the proxy.host, which is the intermediate server you have to go through. -f instructs ssh to detach from the terminal after the connection is established.
You run this command, and after it is in the background, the remote machine's ssh port can be referred to as 127.0.0.1:someport and can be used as such by sshfs. I don't know of a way to automate this though, but you should easily be able to script it.
Make sure you clear this action with the remote administrator beforehands if you're unsure about the policies. You may need to change the 22 in the first command if the development machine serves ssh on a different port.
Scenario:
Many embedded devices (running Linux) out in the fields, behind routers so NAT'd and we can't make connections to them.
We need for a support person to be able to initiate a terminal/shell session on any of the devices.
Their local terminal will also be NAT'd behind a corporate firewall, so we need some central "meeting point" that both they and the device can connect to.
If necessary, we could require the support person to log into some sort of terminal server, but I'd prefer a solution that just popped up a terminal window on their desktop.
We can (through other means) tell the device to execute some arbitary script or application to start up the session.
Without the NAT, it's just SSH to the device and away we go. But what are my options in this NAT'd environment?
We're OK to develop code at either end or at the meeting point server if required, but obviously if there are apps out there so we don't have to write stuff, even better.
Pointers to other questions I may have missed (although I have looked) or to applications that I should consider for the central "meeting point" server welcomed
How about simply setting up an ssh server that is reachable by both the device and the support user, and have the device set up a reverse tunnel (using remote port forwarding)?
ssh -R 10022:localhost:22 device#server
Then the support personnel can simply connect to the server and log on using
ssh -p 10022 localhost
Of course there are several security aspects that need to be accounted for here, depending on what kind of information the devices hold/have access to and how the support organization is set up.
SSH is an adequate tool for this. You will, as you say, need a middle-man server. But it would be very easy to set up, assuming that your 'other means of executing a script' are remote and can be executed from your office.
So, fire up a new server on a global IP (an Amazon AWS micro node is free for a year and would do the job just fine), and install an ssh deamon. Say it has the hostname middleman.example.org.
The script to put onto your embedded devices would look like;
#!/bin/bash
ssh -i ./middle_id.pem -R 22:localhost:2222 middleuser#middle.example.org
(The private key authentication would be a way of making the login non-interactive)
The script to put onto your desktop machines would look like; (assuming the argument $1 is the IP of the embedded device, and that prod_remote_device.sh executes the above script on the chosen embedded device.)
#!/bin/bash
./prod_remote_device.sh $1
ssh -i ./device_id.pem deviceuser#middle.example.org:2222
And that should forward your connection to the embedded device.
In order to make it bind to all interfaces, use:
ssh -N -R 0.0.0.0:2222:localhost:22 root#example.com
Don't forget to edit /etc/ssh/sshd_config and go to GatewayPorts and enable it and set it to yes.
And Then connect to it from any Loopback or Ethernet interface.
I have the following setup:
Machine 1: hosts a given svn repository and lives under a private network
Server: lives under the same network as Machine 1 (therefore having access to it), but is also open to outside ssh connections.
Machine 2: my personal computer which (when not under the same private network) can only access Server.
I would like to access Machine 1 directly so that I can interact with the repository that it hosts using subversive on Eclipse. I can ssh to Server and from there ssh to Machine 1 via terminal, but so far I haven't been able to figure out a way to do that on subversive.
Any suggestion is much appreciated!
Ps.: All systems run linux
Consider using stunnel for your tunneling in such cases.
It provides a proxy to connect to your host by localhost itself.
It works on linux very well
PS: we have a similar architecture, and we use the same.