While copy some file from server to server using scp command custom port and private key with passphrase parameter gives error
Command is like
scp -i xxxxxxx.pem -P xxxxx /path/source-file.zip
root#example.com:/path/to/destination/file.zip
error message
ssh: connect to host example.com port xxxxx: Connection timed out
lost connection
While connecting example.com using privatekey(with custom port and passphrase) is working fine. But not working while we use scp command.
This syntax is not working for me.
So I have used alternate method like wget and CURL
Related
Thought it should be straight forward but I have a very hard time figuring out the following:
I got mongodb connection string: mongodb://user:password#123.123.123.111:27017/?authSource=admin
I want to be able to connect to mongo from localhost at port 1234 by doing: mongo localhost:1234
The solution is to create a tunnel, but nothing I do works for me.
I tried the following command:
ssh -L 1234:localhost:27017 user:password#123.123.123.111 -p 27017
Please help me understand what I am doing wrong.
You need to have a unix user on 123.123.123.111
ssh -L 1234:localhost:27017 UNIXuser#123.123.123.111
Then your local mongodb connection string is : mongodb://user:password#localhost:1234/?authSource=admin
MongoDB and ssh use different protocols, so you can't use ssh to connect directly to a mongod process.
If you want to use an ssh tunnel you will first need to have an account on the destination machine, and use that account's credentials with ssh to connect to port 22 (assuming default port). The mongod username/password will probably not be valid for ssh.
Once the tunnel is established, you would connect to the local port using a driver or mongo shell using the connection string:
mongodb://user:password#127.0.0.1:1234/?authSource=admin
I have HOP server (bastion) and APP server. I am able to ssh to HOP server via:
$ ssh HOP
I am able to ssh to APP server from HOP server:
$ ssh APP
Both SSH works without password, only via ssh keys.
During ansible deploy I find out I cannot connect to APP server via HOP. I am testing it over cmd:
ssh -o ProxyCommand="ssh -W %h:%p HOP" APP
After this, I am able to connect to APP server but it requires password. I find out, even when APP ssh works from HOP, now it cannot detect configuration from HOP server. So I defined the public key to use in command line:
ssh -o ProxyCommand="ssh -W %h:%p HOP" APP -i /etc/ssh/my_ssh_key
Warning: Identity file /etc/ssh/my_ssh_key not accessible: No such file or directory.
But now, It tried to locate my_ssh_key on localhost, and it asks for password again.
How can I force the use configuration from HOP server or define to use SSH public key from HOP and not from localhost? Is it even possible?
I have achieved this by following this approach:
Ansible host file changes to use bastion host under host group:
[testservers]
192.168.20.140
192.168.10.88
[testservers:vars]
ansible_port = 22 # remote host port
ansible_user = ec2-user # remote user host
private_key_file = /Users/laptop-ansibleuser/.ssh/id_rsa # laptop key to login to bastion host
ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ProxyCommand="ssh -o \'ForwardAgent yes\' ansible-remote#<bastion host> -p 2222 \'ssh-add /home/ansible-remote/.ssh/id_rsa && nc %h %p\'"'
Using Docker 1.12.1, I face a strange behaviour trying to access a host port created with ssh -R.
Basically I try to access a service running on port 12345 on my local machine from a docker container running on a server.
I opened a ssh connection with ssh -R *:12345:localhost:12345 user#server to open a port 12345 on server that forwards to port 12345 on my local machine.
Now when I try curl https://172.17.42.1:12345 inside the container (172.17.42.1 is the IP to access the docker host from the docker container) I get :
root#f6873fe1109b:/# curl https://172.17.42.1:12345
curl: (7) Failed to connect to 172.17.42.1 port 12345: Connection refused
But on server the command curl http://localhost:12345 succeeds (eg. no Connection refused)
server$ curl http://localhost:12345
curl: (52) Empty reply from server
I don't really understand how the port binding done with ssh differs from a test with nc on server (it works) :
# on server
nc -l -p 12345
# inside a container
root#f6873fe1109b:/# curl http://172.17.42.1:12345
curl: (52) Empty reply from server
NB: the container was started with docker run -it --rm maven:3-jdk-8 bash.
What can I do to allow my container to access the host port corresponding to a ssh binding ?
From man ssh:
-R [...]
... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled
And man sshd_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
This means that a default sshd server installation only allows to create forwards that bind to the local interface. If you want to allow forwards to other interfaces then loopback, you need to set the GatewayPorts option to yes or clientspecified in your /etc/ssh/sshd_config
I'd like to copy my config.yml file from my local django app directory to my heroku server, but I'm not sure how to get the user#host.com format for heroku.
I've tried running 'heroku run bash'
scp /home/user/app/config.yml
I'm not sure how I can get it in the
scp user#myhost.com:/home/user/dir1/file.txt user#myhost.com:/home/user/dir2'
format
As #tamas7 said it's firewalled, but your local machine is probably also firewalled. So unless you have a private server with SSH accessible from the Internet, you won't be able to scp.
I'm personally using transfer.sh free and open source service.
Upload your config.yml to it:
$ curl --upload-file ./config.yml https://transfer.sh/
https://transfer.sh/66nb8/config.yml
Then download it back from wherever you want:
$ wget https://transfer.sh/66nb8/config.yml
According to http://www.evans.io/posts/heroku-survival-guide/ incoming connections are firewalled off. In this case you need to approach your local machine from the Heroku server.
heroku run bash
scp user#mylocalmachine:/home/user/dir/file.txt .
This is a bit late to answer this question, but I use services like localtunnel - https://localtunnel.github.io/www/ to copy files from local machine to heroku.
First, run a python HTTP server in the directory where the file is located.
cd /path/to/file
python3 -m http.server
This starts a server in port 8000. Configure localtunnel to connect to that port.
lt -s mylocal -p 8000
Now from your heroku machine, you can fetch the file via curl.
curl -XGET http://mylocal.localtunnel.me/myfile.txt > myfile.txt
You could also use a service like https://ngrok.com/ to open up a TCP tunnel into your local machine.
You will need to enable Remote Login as in simlmx answer.
On your local machine open the TCP tunnel just like this:
$ ngrok tcp 22
And then, on the Heroku console, just use SCP with the PORT and HOST that Ngrok provided.
$ scp -P [PORT] username#[HOST]:~/path/to/file.ext .
If you need to download your entire repo, for example to recover an app that you no longer have locally, use heroku git:clone -a myapp. Docs.
Expanding on tamas7's answer:
You can connect to your computer from the heroku server.
If your computer is behind a router, you'll also need to forward the connection to your computer.
1. You computer must accept ssh connections
On my mac it was as simple as enabling it in the Preferences / Sharing panel.
2. Your router needs to forward the connection to your computer.
Go to your router's settings page in your browser (typically 192.168.0.1 but varies depending on the router). Find the port forwarding section and forward some port to your computer on port 22.
This is how it looked on my tp-link:
Here I am making sure that port 22000 is forwarded to my computer (192.168.0.110) on port 22.
3. Find your external IP
Simply google "what is my IP".
4. Scp your file from heroku
heroku run bash
scp -P 22000 your_user#your_external_IP:/path/to/your/file .
5. Undo everything!
Once you're done it's probably good practice to disable the port forwarding and remote login.
I have SSH access to a web server that is hosting an application on port 8080. I have a SSH session setup and a proxy configured on Chrome to redirect requests to SSH tunnel. I basically configured it using these instructions: http://drewsymo.com/2013/11/ssh-tunnel-in-30-seconds-mac-osx-linux/
I can confirm using Whats My IP that my IP is that of the SSH session and that is working correctly.
But I cannot figure out how to access the local application on the web server that I am SSHed into. When I try localhost:8080 the SSH session gives me an error "channel X: open failed: connect failed: Connection refused"
Any idea what is going on?
You can just create a port-specific tunnel:
ssh -L18080:localhost:8080 username#theothermachine
and then go to localhost:18080 on your local machine. The tunnel will forward your request to port 8080 of the localhost on the other end (and of course, localhost on the other end is the other machine itself). If that doesn't work for some reason, then replace localhost by 127.0.0.1 in the ssh command.