Develop Reference

Ssh port forwarding google compute engine

I am trying to forward traffic with google instances but no luck.
Here is the scenario:
I have 2 instances currently main-server, and mini-server-1
I want to ssh mini-server-1 from main-server and create a dynamic port forwarding like so:
gcloud compute ssh "mini-server-1" --zone="us-central1-f" --ssh-flag="-D:5551" --ssh-flag="-N" --ssh-flag="-n" &
I have this error:
bind: Cannot assign requested address
I tried: ssh -N username#mini-server-1(all ips internal external, hostname) -D 5551 &
When i run netstat i can see that ports are free.
Here is wget with proxy from main-server
wget google.com -e use_proxy=yes -e http_proxy=127.0.0.1:5551
Connecting to 127.0.0.1:5551... connected.
Proxy request sent, awaiting response...
Does someone know how can i achieve this?

Much simpler syntax:
gcloud compute ssh my-vm-name --zone=europe-west1-b -- -NL 4000:localhost:4000
You can pass as many options as you want:
-NL 8080:localhost:80 -NL 8443:localhost:443
https://cloud.google.com/solutions/connecting-securely
https://cloud.google.com/community/tutorials/ssh-tunnel-on-gce
https://cloud.google.com/community/tutorials/ssh-port-forwarding-set-up-load-testing-on-compute-engine

run the command with the debug flag to help you find more information:
gcloud compute ssh --ssh-flag=-vvv "mini-server-1" \
--zone="us-central1-f" \
--ssh-flag="-D:5551" \
--ssh-flag="-N" \
--ssh-flag="-n" &
and as mention in my comment before, use https_proxy.

gcloud compute ssh --ssh-flag="-L 2222:localhost:8080" --zone "us-central1-a" "your_instance_name"
With this command you can port forward and connect to a port running on a particular VM instance from your local PC
2222 refer to local IP
8080 is the remote port where our application will be running

How can I find available but unoccupied ports on a Linux box?

Specifically RHEL 6.5
It's a Dev box and we have certain port ranges we are permitted for development use.
...unfortunately, getting a tech's attention to find out what ports are available is like pulling teeth. Would prefer a script or alias that does this so that we don't have to ask all the time. Clues? Is this an iptables command or is it a netstat command or some weird combo? nmap is not available on this machine.
Please don't say this is a Server Fault question. They say it's a programming question. :-|

Definitely a SF question but here we go. From the dev box itself (command line) you should be able to see what ports are in use with the netstat tool.
To see the list of listening ports both UDP and TCP, complete with the program names:
# preferably as root
netstat --listening --program --numeric-ports --protocol=ip -6 -4
From another machine, you can use nmap or a similar tool to see what ports are open/listening by scanning the IP address assigned to the dev box. Before trying this, maybe you should ask for permission. Also, you should consider that the box in question might have firewall rules in place that can thwart your scanning attempts.
To see what firewall rules are in place in the dev box try:
# as root
iptables -nvxL -t filter
# maybe there are NAT rules, redirects to other addresses, etc.
iptables -nvxL -t nat
To see what these iptables options do, try man iptables.
As an example, assuming 172.16.0.1 is the IP address assigned to the dev box, to run nmap in the simplest way possible:
# preferably as root
nmap -v 172.16.0.1
In a few minutes you should see a list of ports/services listening in that relevant box.
Try man nmap and read the documentation for more details.
If you really think this is a programming issue, you can use the netcat tool and program a simple script to do something roughly equivalent to what nmap does.
#!/bin/bash
#
# DISCLAIMER: NOT TESTED -- just an example
# NOTE: This will take many DAYS to complete
HOST=172.16.0.1
for port in `seq 1 65535`
do
echo "Trying ${port}..."
netcat -vvv ${HOST} $port -w 1 -z
done
For every open TCP port you should see a line similar to this:
Connection to 172.16.0.1 23 port [tcp/telnet] succeeded!

Linux (bash): how to list available SSH authentication methods for local host?

Is there a way to list all available SSH authentication methods for the local host using command line? Basically, I want to see the same list which the server would announce when trying to connect from a (remote) client.
Note: I do not want to search through /etc/ssh/sshd_config, as this will require too much understanding of which authentication methods do in general exist (e.g. sshd_config may just be emtpy)

ssh -v server and look for the first "Authentications that can continue" line.

There is better way from here + modified by me for localhost case:
ssh -o PreferredAuthentications=none -o NoHostAuthenticationForLocalhost=yes localhost

nmap can do this too using ssh-auth-methods:
nmap -p 22 --script ssh-auth-methods localhost
Example output:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-16 12:07 +07
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000087s latency).
PORT STATE SERVICE
22/tcp open ssh
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
Nmap done: 1 IP address (1 host up) scanned in 0.26 seconds
What it does behind the scenes is in ssh-auth-methods.nse. Uses libssh2 to connect with a random username and lists out the possible authentication methods.
(It's possible to print out the effective sshd configuration options with sshd -T, this will show what options are in effect even if sshd_config is empty. For this use case running sshd -T | egrep 'permitrootlogin|authentication' would be useful.)

I get "cannot assign requested address" error

I am trying to run beanstalkd
if i use 127.0.0.1 with port no 11300 it works or for the matter any other port
beanstalkd -d -l 127.0.0.1 -p 11300
But if use external IP it doesn't work.
beanstalkd -d -l 107.0.1.5 -p 11300
Should i enable the port or something . If i should how does it work in the first case and not the second

The IP address you pass to beanstalkd is the address that it binds to - if given, it will only accept connections to that address on the machine it runs on. So the address 107.0.1.5 must be on one of the network interfaces on the machine you run it on.
If you want you can simply omit the -l <address> option to get beanstalkd to listen on all of the addresses on the host.

How to purge connections left open by SSH ProxyCommand?

I have a webserver WWW1 and a front-facing proxy PRX. I use SSH ProxyCommand to connect to WWW1's internal IP (private IP) via PRX (private+public IP). For some connections (not all) I see a network connection left open after I'm finished. These add up!
~/.ssh/config
Host *
ServerAliveInterval 5
ControlMaster auto
ControlPath ~/.ssh/master-%r#%h:%p
Host WWW1 WWW2 WWW3
User foo
ProxyCommand ssh -q -a -x PRX nc %h 22
IdentityFile ~/.ssh/id_foo_WWWx
On PRX, lsof | grep WWW1:ssh shows 124 open connections at the moment. On WWW1, the same command shows 243 open connections. There are similar open connections for WWW2, WWW3 etc.
WWW1 and PRX are Debian. Client connections are coming from a mix of Debian, Ubuntu and OSX10.6. I use Emacs Tramp but this has no special configuration (AFAIK) outside of my ~/.ssh/config.
I'm concerned about running out of internal ports, and ideally I want these connections to clean themselves up without intervention. Ideally by configuring them to kill themselves off; failing that a command I can kill old processes with is fine!

A better way would be to use the -W option of SSH, so you could put
ProxyCommand ssh -q -a -x PRX -W %h:22
instead of
ProxyCommand ssh -q -a -x PRX nc %h 22
This way you get rid of dependence on nc too.

Don't know whether it matters but I use nc -w 1 %h %p