NRPE remote host setup on amazon ec2 - linux

I have been trying to monitor a remote server using Nagios-Nrpe.
The remote host is the Amazon Ec2 instance where I have installed npre daemon on xinetd.
I have added my nagios server IP to "only-from" property in /etc/xinet.d/nrpe file.
I have added the entry in /etc/services.
I have made changes in iptables also.
I have added an entry for TCP port 5666 in my security group too.
These commands work properly:
$ netstat -at | grep nrpe
$usr/local/nagios/libexec/check_nrpe -H localhost
I have setup the nagios server and nrpe_check plugin on my local machine.
But whenever I am doing:
/usr/local/nagios/libexec/check_nrpe -H <"amazon-ec2-IP-address">
I get the following error:
connect to address <"amazon-ec2-IP-address"> port 5666: Connection refused ......
connect to host <"amazon-ec2-IP-address"> port 5666: Connection refused
I have tried making the nrpe client on another linux on my LAN and the command worked, but not for Amazon Ec2.
If anyone has the solution for this issue, please do share ASAP.

Make sure you have,
Opened up port 5666 in the Security Group linked to the EC2-instance.

Related

Is it possible to install GitLab server on virtual machine with a invalid IP address?

I have installed GitLab server on a virtual machine (VMWare). GitLab IP address is 192.168.1.4 . I can see GitLab from browser. I generated ssh-key and added to GitLab server.
When I run ssh -T git#192.168.1.4 I got this error:
ssh: connect to host 192.168.1.4 port 22: Connection refused
Not only you need to run SSHD in your GitLab server (type netstat -l -t -n to check that it listens on port 22, as in here).
But you also need to check for:
firewall rules
port mapping (in your VMWare configuration)

Docker Postgresql can't connect remotely

I can connect my docker postgresql in my local server windows via ip or localhost. When I try to connect it remotely from my personal windows I have timeout error. Thinking about 5432 port is blocked or not listening.
I have changed pg_hba.conf & postgresql.conf files for remote connection and also checked for firewall but it was disabled.
Answer is I should have checked my server's firewall conf also, just dockerVM is not enough :)

Port forwarding on Spinnaker

I am doing a port forwarding to connect my local machine to Spinnaker.
Step1: -> Localhost to AWS instance
ssh -A -L 9000:localhost:9000 -L 8084:localhost:8084 -L 8087:localhost:8087 ec2-user#<aws-instance-ip>
Step2: -> Aws instance to Spinnaker cluster
ssh -L 9000:localhost:9000 -L 8084:localhost:8084 -L 8087:localhost:8087 ubuntu#10.100.10.5
This works fine when i do http://localhost:9000
However, instead of port forwarding from local machine I want to setup a tunnel from another aws instance (Eg: 55.55.55.55) and access via http://55.55.55.55:9000 . So that other team members can i directly access Spinnaker UI.
I have tried following the above steps from 55.55.55.55 host and then tried
http://55.55.55.55:9000 however it didnt work.
What should i change to make it resolve on 55.55.55.55 host?
Port forwarding is bound to the IP you give to ssh. If you give localhost (default), it will be accessible only on localhost (127.0.0.1). If you want to access it from outside, you need to give the 55.55.55.55 address instead.
You will also need a -g switch to ssh, which will allow remote hosts to connect to your locally forwarded ports.

How to access a host port (bind with ssh -R) from a container?

Using Docker 1.12.1, I face a strange behaviour trying to access a host port created with ssh -R.
Basically I try to access a service running on port 12345 on my local machine from a docker container running on a server.
I opened a ssh connection with ssh -R *:12345:localhost:12345 user#server to open a port 12345 on server that forwards to port 12345 on my local machine.
Now when I try curl https://172.17.42.1:12345 inside the container (172.17.42.1 is the IP to access the docker host from the docker container) I get :
root#f6873fe1109b:/# curl https://172.17.42.1:12345
curl: (7) Failed to connect to 172.17.42.1 port 12345: Connection refused
But on server the command curl http://localhost:12345 succeeds (eg. no Connection refused)
server$ curl http://localhost:12345
curl: (52) Empty reply from server
I don't really understand how the port binding done with ssh differs from a test with nc on server (it works) :
# on server
nc -l -p 12345
# inside a container
root#f6873fe1109b:/# curl http://172.17.42.1:12345
curl: (52) Empty reply from server
NB: the container was started with docker run -it --rm maven:3-jdk-8 bash.
What can I do to allow my container to access the host port corresponding to a ssh binding ?
From man ssh:
-R [...]
... Specifying a remote bind_address will only succeed if the server's GatewayPorts option is enabled
And man sshd_config:
GatewayPorts
Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd(8) binds remote port forwardings to the loopback address. This prevents other remote hosts from connecting to forwarded ports. GatewayPorts can be used to specify that sshd should allow remote port forwardings to bind to non-loopback addresses, thus allowing other hosts to connect. The argument may be “no” to force remote port forwardings to be available to the local host only, “yes” to force remote port forwardings to bind to the wildcard address, or “clientspecified” to allow the client to select the address to which the forwarding is bound. The default is “no”.
This means that a default sshd server installation only allows to create forwards that bind to the local interface. If you want to allow forwards to other interfaces then loopback, you need to set the GatewayPorts option to yes or clientspecified in your /etc/ssh/sshd_config

Connect to a VNC inside a docker which is on remote server

I have an Amazon Linux AMI server on AWS EC2, i have deployed "selenium docker" on it "https://github.com/elgalu/docker-selenium", the docker have a VNC running inside it.
Now how i could access this VNC?
I did some google search but did not found anything, also i tried to connect to the server ip and give the VNC display number but it gives connection refused.
I have added the VNC port as a rule on the server security rules.
Thanks.
Since you have already specified the firewall rules for your VNC server the problem is most likely in VNC port listening.
first, make sure that VNC is running on localhost run
nc localhost 5901
nc = netcat (you may need to install the package)
change 5901 to your port no
you can also view the running VNC instances by :
vncserver -list
now if everything seems to be working run this command to show the port stats
sudo netstat -ntpl | grep 5901
change 5901 to your portname.
if something like
127.0.0.1:5901 is assigned to tcp then that's the problem , we need to make sure VNC is running on
0.0.0.0:5901
which means it should accept all the traffic and not just localhost !
finally kill the vncserver by running vncserver -kill :1 (display name), run the command :
vncserver -localhost no
P.S its an old question but may help future answer seekers.

Resources