I am new to Google Compute Engine. I already installed Apache and MySQL, but I have been unable to to find a way to connect to the server in FileZilla. How do I do that? Also, how can I get access to phpMyAdmin?
With FileZilla, you should use sftp as described on the FileZilla wiki. See also a related question on alternative methods for uploading files to your instance and make sure that port 22 is open in your firewall as described in this answer.
For phpMyAdmin, consider using an ssh tunnel. To create a tunnel, you just need to pass the right args to ssh via gcutil, where $A is the local port (must be unused on your local machine) and $B is the remote port (i.e., the port phpMyAdmin is listening to on the remote host):
gcutil --project=[...] ssh --ssh_arg -L$A:localhost:$B <instance-name>
Then, you can connect to localhost:$A and it will work.
Maybe you already have a Private key(.ppk) for connecting SSH.
For connect to Filezilla you have to change Private key to Public key.
1. launch Filezilla and select Edit->Settings->SFTP
2. Select Add key file.
3. Select your Private Key and Filezilla will make new public key by using your private key.
4. Now You can connect your server by SFTP in Filezilla
Related
So I'm working on a project by connecting to an FTP server which hosts the project (webdev app project based in PHP).
However I want to go work from cafe's once in a while an not just from home and i was wondering how can I do that securely?
The FTP connection is encrypted with "Pure FTP" setting in Netbeans, and there's a username and password requirement from the FTP server.
I also have a running VPN service on my laptop.
Is this enough? Or should I secure it better? I tried to find information but my search did not yield sufficient information, so any reference will also be great.
Code#30
You don't. FTP is plaintext protocol and public wifi is usually not encrypted if it is what you mean. You don't want to send passwords over this. But there are several way how to make it usable:
Use SFTP or FTPS, which adds a layer of security to the file transfer protocol.
Use VPN to the network where the FTP server is (not VPN to somewhere else -- you would be still tranfering the passwords from the other side of VPN).
Use stunnel, SSH port forwarding or SSH SOCKS proxy.
I use ssh keys to access a server at lets say 200.200.200.200. It works fine. How can i access that server in my host as 127.0.0.1?
I have tried my best but couldn't make it work.
You normally do this via port forwarding so you forward the remote port (the one from the server) that you are interested in to your local machine. Then you can access it via 127.0.0.1:
Example tutorial:
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding
In putty it is also straight forward:
http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html
You could also modify your local hosts file to point to this server but that often causes hick ups with local services.
I would like to start this discussion about mysqldump security.
With security I'm not speaking about Cron tasks that display password security or password security in any way, instead I'm talink about the security of the command itself.
In my particular case I have setup the command to execute on my home server the cron job with mysqldump and backup my website database on my VPS that I have with 1&1.
So basically the scenario is that my Home PC is backing up remotely the MySQL database on port 3306.
This work correctly but I start making nightmares while sleeping and thinking that maybe could someone listen on port 3306 and get all my data while I'm backing up (with mysqldump) I mean for what I have understanded mysql is not under SSL with port 3306 so anybody could potentially get the backup copy from the database?
I mean it would be possible this scenario:
My Home PC start mysqldump task
My VPS on 1&1 prepare remotely the sql dump
My Home PC receive locally the dump from the remote server
between point 2 and point 3 is possible that someone get a copy of my file?
Thanks in advance for the answers
Marcos
You should not expose port 3306 on your VPS host to the public internet. MySQL's unencrypted port is not secure.
If you're running mysqldump on your VPS host, and only transferring the resulting dump file to your PC, then you can do this securely.
If you can ssh to your VPS, you should be able to use scp too. This gives you the ability to transfer files securely.
Here's a FAQ article about using scp with 1&1. I found this by googling for "1&1 scp":
http://faq.1and1.co.uk/server/root_server/linux_recovery/9.html
If you need to run mysqldump on your Home PC and connect remotely to MySQL on the VPS host, you have options:
Run mysqldump on the PC with SSL connection options.
Open an port-forwarding ssh tunnel, then run mysqldump on the PC connecting to the forwarded port.
Run ssh to invoke mysqldump on the VPS, then capture output. See example in the accepted answer to this question: https://serverfault.com/questions/36467/temporary-ssh-tunnel-for-backup-purposes
Create a VPN and do anything you want because it's all encrypted.
Re your comments of 10/11:
I need to execute the command from home PC to backup the VPS remotely.
I want to ... receive instead the backup file directly so in the VPS should be saved nothing.
Okay, here's what you can do, without exposing port 3306:
$ ssh marcos#192.168.1.3 'mysqldump ...options.. | gzip -c' > ~/dump.sql.gz
Notice the position of quotes in that command. You're executing on the VPS the command: mysqldump ...options.. | gzip -c. The stdout of that command is a gzipped stream of the dump. That stream is returned via ssh, and then > saves the output locally in the shell on your PC.
Re your comment of 10/13:
now I'm storing on the server an open text file that contain the credentials to access the MySQL server. I mean if someone will break into the server it will be able not just to damage the server content but also to damage and stolen MySQL database and informations. Am I right?
If you use MySQL 5.6 you can use the new feature to store connection credentials in a semi-encrypted manner. See http://dev.mysql.com/doc/refman/5.6/en/mysql-config-editor.html
If you use MySQL 5.5 or earlier, then you're right, you should be careful to restrict the file permissions of my.cnf. Mode 600 should be enough (i.e. it's not an executable file).
But if someone breaks into your server, they may have broken in with root access, in which case nothing can restrict what files they read.
MySQL doesn't have enough security to block access if someone gains root access, so it's up to you to use other means to prevent breakins. Firewalls, etc.
Yes it's possible, but you don't mention how you gonna fetch that data. If you use ssh/scp (with dedicated user for dumps, IP filtered, auth based on private key with key password) is acceptable and consider as safe in my opinion. Another fast way is be a more secure is to set up VPN. Any else is paranoid level for personal use.
Hello I have been playing with Heritrix, and would like to include it on a website/allow remote web access to it.
I have a Linux based server where I have a hosted webpage, and I have built a version of Heritrix.
The issue is I am at home now and would like to be able to offer access to the webUI in Heritrix via the hosted webpage.
I looked through the manual and discovered the -b command to bind it to remote hosts however the documentation could be better.
So what I was hoping for was a little explanation/elaboration on how this command works and if it would be possible to bind the webUI to existing webpage
Thanks for your time in advance
(Here is a link to the documentation im working from: https://webarchive.jira.com/wiki/display/Heritrix/HOWTO+Launch+Heritrix )
You should use -b <public ip address> like -b 192.168.1.1
If you don't want to use a public IP, you can use SSH port forwarding to do this. When creating a PuTTY session, under Connection > SSH > Tunnels enter the following:
Source port: 8443 (or the port Heritrix is installed on, if different)
Destination: localhost:8443 (it's good practice to match the port you're forwarding)
Back on the Session window, make sure you save the session. Now whenever you SSH onto your server you can access the Heritrix web UI by hitting https://localhost:8443
Is there a way to connect to an Amazon EC2 server via SFTP with SSH private key authentication only? I've been busting my head researching this but couldn't find a proper answer.
Basically, I need to edit files in Dreamweaver and enable automatic upload on save.
I have some detailed instructions of the setup:
Download Bitvise SSH Client (Tunnelier)http://www.bitvise.com/download-area
In login tab, press ‘Use keypair manager’ and import your amazon .pem key. You should finally end up with something like this:
In login tab set your amazon instance information
Host: ec2 instance IP Port: 22 Username: ec2-user Initial method:
publickey – slot 1
In services tab setup localhost listener for FTP connections like below:
Press Login to connect to the Amazon EC2. If success, it will open the ssh and SFT terminals. You may now close these 2 windows.
In Dreamweaver, setup a new server to connect to bitwise 127.0.0.1 listener. You can set the Root Directory of the FTP.
Now when you put files to ‘Amazon Test’ they will be directed to your amazon EC2 instance, in selected Root Directory above.
Adobe doesn't offer the option to use SFTP with private key authentication with Dreamweaver.
According to Adobes web site you can use FTPS where there is a certificate used for authenticating that your connecting to the correct server and obviously encryption, but nothing about the use of SFTP with private key authentication.
You can read all about what is available with Dreamweaver remote server connect function here: http://helpx.adobe.com/dreamweaver/using/connect-remote-server.html
You can use Putty's Pageant and FileZilla which I know is a bummer considering the cost of Adobe Dreamweaver (I have it) but appears to be the only other secure option.
You can read about how to use the 2 here: http://wiki.filezilla-project.org/Howto
I see this is an old post, but I just ran into this issue. I have been using an app that has the same issue for years, my solution was to use Bitvise Tunnelier (http://www.bitvise.com/tunnelier) it allows you to connect to ssh with your key pair and it will proxy FTP to localhost on whatever port you set. So in Dreamweaver you connect to localhost at that port with regular FTP. It's secure enough for most cases because Tunnelier will not accept connections from anything but local.
The download page on their site can be a pain to find, it is here: http://www.bitvise.com/download-area . You will want "Download Bitvise SSH Client (Tunnelier)".
You may simply allow password authentication on your EC2 instance (which is disabled by default) by looking at the following instructions
http://bensnotepad.com/enable-password-access-to-your-amazon-ec2-linux-instance