I have the following setup:
Machine 1: hosts a given svn repository and lives under a private network
Server: lives under the same network as Machine 1 (therefore having access to it), but is also open to outside ssh connections.
Machine 2: my personal computer which (when not under the same private network) can only access Server.
I would like to access Machine 1 directly so that I can interact with the repository that it hosts using subversive on Eclipse. I can ssh to Server and from there ssh to Machine 1 via terminal, but so far I haven't been able to figure out a way to do that on subversive.
Any suggestion is much appreciated!
Ps.: All systems run linux
Consider using stunnel for your tunneling in such cases.
It provides a proxy to connect to your host by localhost itself.
It works on linux very well
PS: we have a similar architecture, and we use the same.
Related
I want to connect to a locked (cannot be modified and I do not have permissions to log into) windows vm which is hosted in a linux machine. Until now these two machines were communicating via port 2277. However for security reasons, the port 2277 is only accessible via localhost (127.0.0.1).
The original proposed solution was to use ssh-tunneling. However since the hosted windows vm will always stay with the linux machine, so I was thinking something simpler.
This Windows virtual machine has ip 192.168.0.1 and the default gateway is 192.168.0.2. The later is the ip address that my linux machine can see.
After searching the internet I tried
socat TCP4:192.168.0.1:2277,reuseaddr,fork TCP4:127.0.0.1:2277
as well as some other random combinations without success.
My understanding is that this failed because for socat to work both sockets must be open.
However the first one is not open by default (checked with ss -ltn) as I need to run the windows service first (which it cannot run as it cannot communicate with iphost:2277)
Any ideas on how to proceed?
Socat provides the retry=N and forever options to handle situations like this. Thus, try something like this:
socat -d -d TCP4:192.168.0.1:2277,reuseaddr,fork,forever TCP4:127.0.0.1:2277
With the interval=<seconds> option you can specify how long Socat waits after each failed attempt.
It turns out that the command that I wanted was the following
socat tcp-listen:2277,bind=192.168.0.1,fork,reuseaddr tcp:127.0.0.1:2277
The retry=N and forever options could be also useful.
I know you can set up remote connection in Netbeans or as others have suggested, mount the remote file system locally and let Netbeans read that.
This current set-up I have to SSH into a remote server and then SSH again into another one.
Is it possible in Netbeans to access the filesystem on the 2nd server hop?
I think you can setup a SSH local port forwarding on your first remote server to archive what you want here. Once ssh connection established with the first server, it will be tunnel to second server. Also, will be much more convenient if using SSH public key as authentication method.
Run below command on your local (Need to keep this running)
ssh -NL 2222:server2.example.com:22 server1.example.com
Test connection with ssh locally
ssh localhost 2222
So in your case, Netbeans just need to connect to localhost port 2222.
Ref: https://www.ssh.com/ssh/tunneling/example
That isn't answer you expect, but to big to put it in comment.
I think best solution is configure autostart some service which will create tunnel to first server on your login and bind local port (let's say 2222) to second remote server ssh port. This is basical feature of ssh client. When you can configure Netbeans to connect to localhost:2222 and login right into second server. You might need to use keys authentication for first server.
Where are examples to make such thing. Like is underneath link on article
http://www.pc-freak.net/blog/start-ssh-tunnel-pc-boots-windows-alwaysup/
Since you can get ssh access via a daisy-chain, you can very likely use SSHFS:
https://github.com/libfuse/sshfs
Available in Debian (and therefore, likely many other distributions):
https://packages.debian.org/jessie/sshfs
As long as you have ssh keys set up properly on each server, you can daisy-chain mounting via SSHFS to the machine where your NetBeans app is running.
https://en.wikipedia.org/wiki/SSHFS
NOTE: There are some caveats, including that SSHFS expects that it is the only mechanism used to update the filesystem, and that there is only one writer at a time. Undesirable behavior can occur if you allow other mechanisms to change the files or directories on the target server, including data loss and/or corruption.
I will be sending a linux machine to a non technical customer overseas. After the customer has connected the machine to his LAN , which is also connected to the Internet, I want to be able to ssh into this machine without requiring the customer to do any router configuration (no port forwarding for instance).
The linux machine is connected to the internet through a router. It does not have a public ip address.
Is this possible using ssh configuration only?
If not then what is the simplest way to achieve this?
I used to work in a place where we had a setup that allowed for this, but unfortunately I can't remember the details - here is are the basics of the setup though.
The customers machine would connect using SSH to a machine with a known hostname using the -R option to ssh to setup a reverse port forward. We could then connect to the known machine and use the forwarded port to get to port 22 on the customers machine.
Sorry I can't remember more, but it worked absolutely perfect :)
If that linux system is directly connected with modem then it must have public ip address so you will able to access that linux system from anywhere . but make sure the remote system has static public ip address otherwise you need to do dynamic dns.
I have to occasionally work remotely. In order to do so, I have to connect to a gateway server, through which I can then connect to the development server. At work I can connect directly to the dev server. I use SSHFS to map the remote folder to a local one (in Ubuntu). My colleagues don't seem to mind using vim for all of their work, but I really prefer and IDE. I know that using just ssh I can tunnel through multiple connections (ssh -t server1 ssh -t server2), but I'd like to do the same with SSHFS. Does anyone know how this could be accomplished?
Yes, it can be done. For this, the remote server has to support local port forwarding (which might be disabled for security reasons). What you bascially do, you instruct the remote server to open a tunnel to a server in the other network for you:
ssh -fL 127.0.0.1:someport:host.in.the.remote.net:22 proxy.host
someport should be an unused port on your machine (for example 2222), host.in.the.remote.net should be the hostname or IP of the development machine you eventually want to connect to, from within the network of the proxy.host, which is the intermediate server you have to go through. -f instructs ssh to detach from the terminal after the connection is established.
You run this command, and after it is in the background, the remote machine's ssh port can be referred to as 127.0.0.1:someport and can be used as such by sshfs. I don't know of a way to automate this though, but you should easily be able to script it.
Make sure you clear this action with the remote administrator beforehands if you're unsure about the policies. You may need to change the 22 in the first command if the development machine serves ssh on a different port.
I created an EC2 Amazon Linux instance (yes, an amazon version of linux..)
it is launched but I can't connect using Remote Desktop...
am I trying to do something crazy here?
I got a message that Remote Computer is not available on the network
If you mean Windows RDP (Remote Desktop) that is your problem. Most likely you will need to use an SSH client to connect. I suggest Putty.
You should've received an SSH key when you setup your server. You will need to convert that key using PuttyGEN (same page as the Putty download) to convert it then use it with Putty to access the server.
Trying to walk you through the process of installing a GUI and VNC on the server is a bit much for here but give this video a shot. It seems pretty thorough and from skipping through it I saw no obvious errors in his process.
Try installing the vnc4server package. Then you can use a client such as TightVNC to connect from a Windows machine. You'll also need to open up port number 5900 in your firewall, which is the default for VNC.
You'll also have to have a desktop environment installed on your EC2 instance - by default you may only have the server packages which will not give you a GUI.
For your information, some folks posted remote desktop conf for EC2 instances.
http://activeintelligence.org/blog/archive/remote-graphical-linux-desktop-on-ec2/