I have question about ssh tunnel in VS code. I am using for connecting to remote machine Remote - SSH extension. My setup now is: putty for connecting to server, in Putty after it is created Tunnel to next point.
PUTTY -> someIP -> polaris:22 (tunnel)
Putty create tunnel to polaris on localhost:4000. After it, I can use VS code with remote SSH to localhost:4000 and it working fine.
Is in this extension some possibility to create SSH tunnel directly without using putty? :)
I got the answer from https://superuser.com/questions/1528212/vscode-ssh-with-multiple-hops
In my case I'm using VSCode in windows to connect to several linux machines from the organization net and from outside the organization via an ssh tunnel.
In my configuration file remoteSsh.configFile I have the following configuration.
Host machineName1 (to connect from inside organization)
HostName [machineName1.organization_internal_extension]
Port [portNumber for ssh]
User [Username]
IdentifyFile [local path to ssh key]
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
Host machineName2 (to connect from inside organization)
HostName [machineName2.organization_internal_extension]
Port [portNumber for ssh]
User [Username]
IdentifyFile [local path to ssh key]
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
Host tunne_machineName1 (to connect from outside organization)
HostName [machineName1.organization_internal_extension]
Port [portNumber for ssh]
User [Username]
IdentifyFile [local path to ssh key]
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
ProxyJump machine_tunnel
Host tunne_machineName2 (to connect from outside organization)
HostName [machineName2.organization_internal_extension]
Port [portNumber for ssh]
User [Username]
IdentifyFile [local path to ssh key]
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
ProxyJump machine_tunnel
Host machine_tunnel( machine to jump)
HostName [machineName.organization_internal_extension]
Port [portNumber for ssh on tunnel machine]
User [Username]
IdentifyFile [local path to ssh key]
ForwardAgent yes
ForwardX11 yes
ForwardX11Trusted yes
The X11 forward is not mandatory.
Hope this helps
Put the following information into your local machine's /.ssh/config:
Host [1]
HostName [2]
User [3]
Port [4]
Substitute [1], [2], [3], and [4] with a host name you prefer, the IP address of the host, the user name you log in the remote server, and the localhost port assigned to you.
For example,
Host VM1000
HostName 123.45.678.9
User root
Port 4000
Then you can just click the Remote Explorer icon in VS Code and click the VM1000 entry to connect your local machine to the remote server.
Hope this resolve your connection problem.
Related
I'm trying to use ssh to connect vscode to a HPC. Unfortunately to connect I need to use a jump host which prompts for the forward connection.
ssh config
Host <JUMP_HOST_IP>
HostName <JUMP_HOST_IP>
User MYUSER
ControlMaster auto
ControlPath ~/.ssh/%r#%h:%p
Host <TARGET_IP>
Hostname <TARGET_IP>
ProxyJump <JUMP_HOST_IP>
User MYUSER
Attempting to connect then displays the prompt Enter host or service name: in the ssh output terminal but as vscode attempts to install I just get the following error: Enter host or service name: Bad format host name
I recently installed https://dbeaver.io/ on a Windows PC and wish to access a database on a remote Linux server from it.
My Linux username is my_username and I also have a system user psql_user. I also have two existing PostgreSQL databases with the same name as their respective user. Typically, only the psql_user is used and is access by a php-fpm pool listening to a Unix socket and running as user psql_user, and as such have configured /var/lib/pgsql/12/data/pg_hba.conf as:
# TYPE DATABASE USER ADDRESS METHOD
local all all peer
host all all 127.0.0.1/32 ident
host all all ::1/128 ident
local replication all peer
host replication all 127.0.0.1/32 ident
host replication all ::1/128 ident
With the above configuration, after ssh'ing onto the server, I can access the my_username database by executing psql and can also access the psql_user database by executing sudo -u psql_user psql and do not need to use a password for either.
But now, how to connect from the remote Windows PC?
To attempt to do so, I first created ssh keys without passphrases on the Windows PC for both my_username and psql_user and added the public key to each Linux user's authorized_keys (had to manually create /home/psql_user/ because it is a systems user). I can can successfully PuTTY to the server as either using the ssh keys.
Next, on the DBeaver connection settings SSH tab, I checked "Use SSH Tunnel", entered the username and private key location and the Test tunnel configuration successfully shows connected with the client version as SSH-2.0-JSCH-01.54 and server version as SSH-2.0-OpenSSH_7.4. I also made no changes to the Advanced portion of this tab such as local and remote hosts and ports, and have also left the "You can use variables in SSH parameters" at their default values.
Using my server IP in the main tab, Authentication "Database Native", and leave password empty, I test the connection but get The connection attempt failed. syslog reports that connection to the IP on port 5432 failed which makes sense because I am set up using Unix sockets.
So, then I change the server IP on the main tab to 127.0.0.1 (or localhost) and try again but get FATAL: Ident authentication failed for user "my_username". Okay, a little closer, but not quite there.
I think it might be because DBeaver is passing the port so I attempt to disable this part by got to the Edit Driver tab and changing jdbc:postgresql://{host}[:{port}]/[{database}] to jdbc:postgresql://{host}/[{database}], but now get Connection to 127.0.0.1:5432 refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.
Not sure where to go next. When I PuTTY into the Linux machine, all is good but not when connecting remotely using DBeaver, and thought it would be the same if I am using SSH to connect DBeaver to the server. How can this be accomplished?
As pointed out in the other answer, DBeaver's SSH tunnel option doesn't support sockets currently. It is always TCP port based, so only connections using the host options in pg_hba.conf can be made (I've placed a feature request for SSH socket forwarding in DBeaver).
Here's how to set up forwarding of a local TCP port to a remote Unix socket. This allows you to use peer authentication over the Unix socket, so you don't have to provide a password for the PostgreSQL role:
ssh username#dbserver.example.com -L 5555:/var/run/postgresql/.s.PGSQL.5432 -fN
While I think that ssh tunnelling can be set up to connect to a unix socket rather than a port, I don't think dbeaver offers a way to do that, so you would have to set it up separately.
Although ident should also work if your server runs the identd service. I think most linux don't do that by default, but just apt install oidentd or whatever the equiv would be on your package manager should fix that.
The easier solution would be to just change the method from ident to md5 or scram, and assign a password (which dbeaver offers to memorize).
I have a Postgres instance under the private subnet, I don't have VPN configured to connect, even it's not allowed with my Bastion ( jump node ).
Is there any way to connect it through my local machine to testing for development?
The default port is 5432.
and I have ssh access to my application server through Bastion node.
Port Forwarding is a process where you can establish a connection from your computer (on the Internet) into the Bastion server, and then forward traffic to the database.
ssh -i key.pem ec2-user#BATION-IP -L 5432:DATABASE-DNS-NAME:5432
Then, in your SQL client, connect to the database via:
localhost:5432
When the SQL client goes to port 5432 on your local computer, the SSH connection will forward that traffic to the bastion server, which will then send it to: DATABASE-DNS-NAME:5432
(You can actually use any port number locally. For example, you could create multiple forwarding connections to different databases, each on a different port.)
As you have ssh access to your application server through Bastion.
Then you may create two-level ssh tunnel proxy. As Postgres is not allowed even though Bastion node, only allowed through the application server.
1: Create a tunnel from the Application Server to the bastion node.
ssh-add ~/.ssh/id_rsa ;ssh -oStrictHostKeyChecking=no -Att -l USER_NAME BASTION IP ssh -oStrictHostKeyChecking=no -Att -l USER_NAME APP_SERVER_IP -L 5432:AWS_POSTGRESS_END_POINT:5432
(keep open this terminal)
2: Create another tunnel from Bastion to local computer:
(open new terminal )
ssh-add ~/.ssh/id_rsa ;ssh -oStrictHostKeyChecking=no -Att -l USER_NAME BASTION_IP -L 5432:localhost:5432
(keep open this terminal)
3: use localhost or 127.0.0.1 with 5432 port in the connection string (to connect from local machine) instead of Postgress endpoint.
Note: replace correct ssh key path and your user name with boldly highlighted text. and keep open both terminal open to maintain the session.
I discover Visual Studio Code Remote Development Extension Pack. I wanted to try it, but my remote is on a 2222 port.
I can correctly connect with Putty and my port 2222, same on my Linux laptop with ssh command.
What is the correct config to use Code Remote via SSH with other port ?
Thanks
Host my-remote-connection
HostName mydomain.name
User myusername
Just add Port to your config like:
Host my-remote-connection
HostName mydomain.name
User myusername
Port 2222
I have the following environment configuration:
Client -> HOST_A (public IP address) -> HOST_B (private IP address)
That being said, to avoid connecting manually to HOST_A and then to HOST_B, I'm using the jump host configuration below in the .ssh/config file.
Host HOST_B
ProxyCommand ssh -q HOST_A nc -q0 HOST_B 22
This solution works well when I'm using a regular terminal, but it doesn't work when using "Remote Systems" in Eclipse IDE. I'm not sure if I have to enforce the config file or how to configure jump hosts in Eclipse.
Does anyone have an idea how to sort this out in Eclipse?
What about an ssh tunnel?
ssh -L 2222:HOST_B:22 -N HOST_A
Then you can use localhost:2222 to connect to HOST_B with ssh. You just need Eclipse to allow you to specify a port in the ssh configuration.