I have a list of IPs for server on my network, I need to check if they are running ssh or not from within node. How can I go about this?
Depends how deep you want this check to run. You could simply check if the port 22 is open, if you want to see if something is running there, or perhaps you have to try to connect to establish it's really ssh protocol, and maybe portscan all ports for it or whatever.
There are ssh client libs like ssh or more general network scanners like netty.
Do npm search ssh client or npm search port scanning or npm search nmap for extended selection of libs that can do that.
Related
I am installing chef-server on this VPS that my friend let me borrow.
I was able to install chef and run chef-server-ctl reconfigure successfully.
I ran into problems because I need to change the iptable rules and I discovered that I cannot find chef-server running on any port or as a service.
When I run chef-server-ctl it seems to pass all the tests, so I know its API is working.
Where can I find that chef is running?
I need to change my iptables so that I can use knife to communicate with chef-server.
First off it sounds like you installed Chef Server, not Chef, important distinction :) Second, there is no specific process called chef-server. The frontend routing is handled by nginx which binds on port 443 and 80 (80 is just a redirector to 443 and can be blocked or disabled if desired). Internally we have a bunch of different smaller services like oc_erchef, bifrost, oc_id, etc. These all listen on localhost and are reached via Nginx.
You have installed Chef server and have reconfigured the server, you can't find a chef-server.
you can run below commands to check all the services that are running chef server
$ chef-server-ctl service-list
bookshelf*
nginx*
oc_bifrost*
oc_id*
opscode-chef-mover*
opscode-erchef*
opscode-expander*
opscode-solr4*
rabbitmq*
redis_lb*
postgresql*
To update the port number you need to update
/etc/chef-server/chef-server.rb - in Chef 11
/etcopscode/chef-server.rb - in Chef 12
nginx['non_ssl_port'] = portnumber
And also how are using knife command? Do you want ssl check to be passed then you need to add a line in knife.rb file
ssl_verify_mode: verify_none
'
In a linux-based system¹, I would like to be able to log on using ssh. I need to launch two (or possibly three) different executables, ideally by connecting to different ports.
Ideally I would like to open a couple of different ports, and have sshd launch different executables² depending on which port. How do I set this up? I have looked through the sshd_config, but without finding anything that looks applicable.
Another alternative that came up was to set up different users, and set up the different applications I want to launch as their respective shells.
(What I do not want to do is to have the remote user specify the executable, as in ssh user#host executable.)
Or have I missed any obvious solution?
¹It's a BuildRoot-based embedded system, running on fairly meager resources, but it's a fully-fledged recent Linux kernel and I have a working ssh connection.
²They are interactive CLI-based programs.
Most linux systems use the OpenSSH server. It looks like you can get this behavior using the Match directive. Documentation for the SSH server configuration file is here.
First, you have to make sshd listen for connections on the additional ports that you want to use. You can do this through either the Port or ListenAddress directives.
Port 22 -- Listen on the normal port 22
Port 42 -- Also listen on port 42
ListenAddress 1.2.3.4:62 -- Also listen on address 1.2.3.4, port 62
Then, you can use the Match and ForceCommand directives to take special actions for users connecting to a particular port:
Match LocalPort 42
ForceCommand /usr/local/bin/the-42-app
Match LocalPort 62
ForceCommand /usr/local/bin/the-62-app
For people who don't want to set the ssh server to listen on multiple ports, there are two other ways to make the server run "canned" apps depending on how the the user connects.
Subsystems
A subsystem is a command that's pre-configured into the server. Clients request to run the subsystem by name, and the server runs the command associated with the subsystem. This avoids the client having to know the exact command to run.
You configure subsystems in sshd by adding a line like this to sshd_config:
Subsystem someApp /usr/local/bin/someApp
Then the client calls it like this:
ssh user#host -s someApp -- "-s" means to request a subsystem
Forced Commands on Keys
For key-based authentication, sshd permits you to force a particular command to run when a particular key is used. This is done in the authorized_keys file which is documented here.
Each line of an authorized_keys file normally starts like this:
ssh-rsa AAAAB3N...
You can prepend an options field to the line. One of the options you can specify is a command to run when the key is used to authenticate:
command="/usr/local/bin/someApp" ssh-rsa AAAAB3N...
When that key is used to authenticate, the server will ignore whatever command the client requests to run, and run the specified command instead.
You can configure SSH server to listen on multiple ports. Just add additional ports in sshd_config like this:
Port 22
Port 1111
Port 2222
I'd like to copy my config.yml file from my local django app directory to my heroku server, but I'm not sure how to get the user#host.com format for heroku.
I've tried running 'heroku run bash'
scp /home/user/app/config.yml
I'm not sure how I can get it in the
scp user#myhost.com:/home/user/dir1/file.txt user#myhost.com:/home/user/dir2'
format
As #tamas7 said it's firewalled, but your local machine is probably also firewalled. So unless you have a private server with SSH accessible from the Internet, you won't be able to scp.
I'm personally using transfer.sh free and open source service.
Upload your config.yml to it:
$ curl --upload-file ./config.yml https://transfer.sh/
https://transfer.sh/66nb8/config.yml
Then download it back from wherever you want:
$ wget https://transfer.sh/66nb8/config.yml
According to http://www.evans.io/posts/heroku-survival-guide/ incoming connections are firewalled off. In this case you need to approach your local machine from the Heroku server.
heroku run bash
scp user#mylocalmachine:/home/user/dir/file.txt .
This is a bit late to answer this question, but I use services like localtunnel - https://localtunnel.github.io/www/ to copy files from local machine to heroku.
First, run a python HTTP server in the directory where the file is located.
cd /path/to/file
python3 -m http.server
This starts a server in port 8000. Configure localtunnel to connect to that port.
lt -s mylocal -p 8000
Now from your heroku machine, you can fetch the file via curl.
curl -XGET http://mylocal.localtunnel.me/myfile.txt > myfile.txt
You could also use a service like https://ngrok.com/ to open up a TCP tunnel into your local machine.
You will need to enable Remote Login as in simlmx answer.
On your local machine open the TCP tunnel just like this:
$ ngrok tcp 22
And then, on the Heroku console, just use SCP with the PORT and HOST that Ngrok provided.
$ scp -P [PORT] username#[HOST]:~/path/to/file.ext .
If you need to download your entire repo, for example to recover an app that you no longer have locally, use heroku git:clone -a myapp. Docs.
Expanding on tamas7's answer:
You can connect to your computer from the heroku server.
If your computer is behind a router, you'll also need to forward the connection to your computer.
1. You computer must accept ssh connections
On my mac it was as simple as enabling it in the Preferences / Sharing panel.
2. Your router needs to forward the connection to your computer.
Go to your router's settings page in your browser (typically 192.168.0.1 but varies depending on the router). Find the port forwarding section and forward some port to your computer on port 22.
This is how it looked on my tp-link:
Here I am making sure that port 22000 is forwarded to my computer (192.168.0.110) on port 22.
3. Find your external IP
Simply google "what is my IP".
4. Scp your file from heroku
heroku run bash
scp -P 22000 your_user#your_external_IP:/path/to/your/file .
5. Undo everything!
Once you're done it's probably good practice to disable the port forwarding and remote login.
i've got another question for you.
I have Amazon EC2 instance with mondodb installed.
It works great except one thing - i can't access (connect to) it from outside (my PC).
I think the problem with Security Groups. It's some sort of default firewall.
Does anyone know how to configure EC2 instance to have access to mongodb?
Thanks in advance.
Think carefully before doing this. If you open the ports, make sure you restrict the IP numbers that can access it, otherwise anyone will be able to access your database. You can enable authentication in MongoDB, but it's not particularly safe, just a username and password. You should not have your database open to the internet, it is not a good idea.
A better way than opening up ports in the EC2 firewall is to open an SSH tunnel an forward the port, this makes sure that only you can access the database, and only while the SSH tunnel is active.
Open up a new terminal and run this command (replacing user and host with the user you use when SSH'ing to your server and the name of the server):
ssh user#host -N -L 27017:127.0.0.1:27017
The command will forward the port 27017 on your computer to the same port on the server. To connect to the MongoDB instance simply run mongo in a terminal (if that doesn't work, try mongo --host 127.0.0.1 or even mongo --host 127.0.0.1 --port 27017).
If you run MongoDB on your local machine you will have to change the first port, since the local server is already using it. In that case run this command instead:
ssh user#host -N -L 27018:127.0.0.1:27017
and then connect with
mongo --port 27018
(possibly adding --host 127.0.0.1 if it doesn't work).
When you're done working with the database, exit mongo and press ctrl-C in the terminal with the SSH command.
You need to add a security group exception for the port 27017 if you are using default config for you to access it from outside. For security group configuration, please check the amazon EC2 documentation. And if you are using a different port on Mongo, change the security group port accordingly.
--Sai
Is your EC2 instance a Windows server by any chance? If so, in addition to EC2's Security Groups you also need to configure Windows Firewall to allow the incoming connection.
Go To Administrative Tools, Windows Firewall with Advanced Security, and configure a new Rule that allows incoming connections on port 27017 (the default mongo port) or whatever port you've chosen.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm on laptop (Ubuntu) with a network that use HTTP proxy (only http connections allowed).
When I use svn up for url like 'http://.....' everything is cool (google chrome repository works perfect), but right now I need to svn up from server with 'svn://....' and I see connection refused.
I've set proxy configuration in /etc/subversion/servers but it doesn't help.
Anyone have opinion/solution?
In /etc/subversion/servers you are setting http-proxy-host, which has nothing to do with svn:// which connects to a different server usually running on port 3690 started by svnserve command.
If you have access to the server, you can setup svn+ssh:// as explained here.
Update: You could also try using connect-tunnel, which uses your HTTPS proxy server to tunnel connections:
connect-tunnel -P proxy.company.com:8080 -T 10234:svn.example.com:3690
Then you would use
svn checkout svn://localhost:10234/path/to/trunk
Ok, this should be really easy:
$ sudo vi /etc/subversion/servers
Edit the file:
[Global]
http-proxy-host=my.proxy.com
http-proxy-port=3128
Save it, run svn again and it will work.
If you can get SSH to it you can an SSH Port-forwarded SVN server.
Use SSHs -L ( or -R , I forget, it always confuses me ) to make an ssh tunnel so that
127.0.0.1:3690 is really connecting to remote:3690 over the ssh tunnel, and then you can use it via
svn co svn://127.0.0.1/....
Okay, this topic is somewhat outdated, but as I found it on google and have a solution this might be interesting for someone:
Basically (of course) this is not possible on every http proxy but works on proxies allowing http connect on port 3690. This method is used by http proxies on port 443 to provide a way for secure https connections. If your administrator configures the proxy to open port 3690 for http connect you can setup your local machine to establish a tunnel through the proxy.
I just was in the need to check out some files from svn.openwrt.org within our companies network. An easy solution to create a tunnel is adding the following line to your /etc/hosts
127.0.0.1 svn.openwrt.org
Afterwards, you can use socat to create a tcp tunnel to a local port:
while true; do socat tcp-listen:3690 proxy:proxy.at.your.company:svn.openwrt.org:3690; done
You should execute the command as root. It opens the local port 3690 and on connection creates a tunnel to svn.openwrt.org on the same port.
Just replace the port and server addresses on your own needs.
when you use the svn:// URI it uses port 3690 and probably won't use http proxy
svn:// doesn't talk http, therefor there's nothing a http proxy could do.
Any reason why http doesn't work? Have you considered https? If you really need it, you probably have to have port 3690 opened in your firewall.
If you're using the standard SVN installation the svn:// connection will work on tcpip port 3690 and so it's basically impossible to connect unless you change your network configuration (you said only Http traffic is allowed) or you install the http module and Apache on the server hosting your SVN server.