question:
Is there any way to tunnel all outgoing ssh connections in vscode (including those established by the remote-ssh plugin) through my on-site workstation? I have full control over the firewall for that machine and can open ports on ufw as needed for off-site access.
background:
I use vscode remote-ssh to connect to a research computing cluster when on-site.
For remote work, I would like to avoid using cisco anyconnect as a vpn in mac os 11.6, as routing and other os features behave unexpectedly.
Turns out in mac os, it's sufficient to edit the ~/.ssh/config file by specifying an on-site proxy host that I control within the ProxyCommand option:
Host clusterNode
ProxyCommand ssh me#my_accessible_ssh_host nc %h %p
HostName <firewalled node ip address>
User my_cluster_username
Related
I have a few endpoints that I would like to connect to over SSH for things like Powershell Remoting so that I can run scripts for automation.
How could I centralize access?
Endpoints would connect over SSH to a central server
Endpoints would keep this SSH connection open
I would need to create universal access over SSH to the endpoints that are terminating at the server. By universal access, I mean devices on the same network would ideally be able to utilize these open SSH connections for whatever SSH purpose.
I am a bit confused about step 3.
Would I only be able to perform remote actions and connect over SSH by running Powershell, PuTTY, Remote Desktop etc. on the central server?
Would I be able to 'bring in' the SSH connections via this SSH server onto the general network, such that devices on the same network can connect to the systems over SSH through the central server?
Is there a better way to have multiple endpoints connect over SSH to a central server for running Powershell, running Remote Desktop or other SSH items from devices on the same network?
Devices could be Windows or Linux
I'm guessing:
Each of the endpoints from multiple remote networks connect over SSH to the SSH server on Lan X
Devices on Lan X would need to SSH into the SSH Server on Lan X
Once SSHed into the SSH Server, the devices on Lan X could now run Powershell scripts and other SSH items on the endpoints
I have started an ubuntu instance on AWS EC2
e.g. [ec2-user#ip-XXX-XX-XX-XX ~]$
Inside this instance, I am running a socket program for sending the data to my local system.
The program is running properly, but not able to connect to my local IP.
I am trying to ping my local system also from AWS ec2 user, but it is also not working.But I am able to ping google(8.8.8.8).
e.g. [ec2-user#ip-xxx-xx-xx-xx ~]$ ping xxx.xxx.xx.xx(my local IP)
I have set all security groups(inbound), like All Trafic,All TCP and so on.
Sorry for bad English.
Thank You
Your computer (PC) cannot be pinged from an AWS hosted machine
This is probably because the VM on your computer is using NAT outbound to talk to the LAN, which goes to an Internet router, which sends the packets to AWS
The reverse route (inbound to your PC) does not exist so starting a ping echo request from a AWS machine will not work
It is possible to get around this by opening a pass through on your router but generally this is not a great idea
However if you want to make a socket connection securely there is a way
First, start a ssh session with remote port forwarding. In the Linux ssh client this is using the -R option.
For example, if your local system is running a listening service on port 80 and your remote system has the address of 54.10.10.10 then
ssh -R 8080:localhost:80 ec2-user#54.10.10.10
Will establish a circuit such that connections to the "localhost" on the remote ec2 server on port 8080 are connected to the "localhost" on port 80 of your local machine
If you are not using a ssh cli program, most ssh clients have a facility of this sort.
Note that it is necessary to keep the ssh session open to be able to use the connections
I'm trying to open a port on Windows Azure, and I have already:
Open a port on Azure portal using NSG
Open a port on Linux virtual machine (iptables)
The port is open for all machines in the Windows Azure LAN network
I can't telnet from my remote host to Azure VM on PgSQL port (5432)
I have the same rule on iptables for 22 port and 8080 and those two rules are working...from my remote host..
I have also try to use tcpdump but I can't capture any packages for 5432 port when I try do telnet this port form my remote host...
No, my ISP don't block this port
I'm running out of ideas... if Azure is blocking the port, what will be point of setting NSG in the first place?
I have solved this problem some time ago, maybe it will be useful for someone. EnyĆej, when creating rules for azure firewall the numbers are very important:
if you have:
1000 allow-default-ssh
2000 allw-default-sth
don't create a rule with numbers like 1100 allow-smtp, start with a higher number like 2100.
Hi I am trying to set up a ipython notebook server at a machine at my school and access from outside the network
I can ssh to the machine after connecting to the school VPN.
I set up the ipython notebook to listen to all the ip address. I can open chrome/firefox to connect to it within the network.
The IPython Notebook is running at: http://[all ip addresses on your system]:9999/
But I can't access the notebook from outside the network (even with VPN)?
Try adding [all ip addresses on your system] to your VPN whitelist, typically is 127.0.0.1 or localhost. If this still does not work, check if you are using global mode of your VPN which might overlook the whitelist config.
I have PostgreSQL 9.4 running on a Linux VPS, and I need to be able to connect to it over SSH from both Linux and Windows clients. (I will later need to connect to multiple servers, and so that all clients use the same port numbers, I'm forwarding to port 5551 for the first server, then I will use 5552, 5553, etc.)
From a Linux client I just run ssh -fNg -L 5551:localhost:5432 user#remote1.com and connect to localhost:5551 with PGAdmin3 or any other client app. Works great.
On Windows, I'm using PuTTY and Pageant. I got the connection to user#remote1.com via terminal working, then I went to the SSH Tunnels and added L5432 localhost:5551. Terminal connection still works, but when I try to connect with PGAdmin3 to localhost:5551 I get an error:
could not connect to server: Connection refused (0x0000274AD/10061) Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5551?
I resolved it. Like many things, this is obvious in hindsight. I had things backward in the SSH Tunnels setup in PuTTY. It needs to be L5551 remote1.com:5432