I have the following environment configuration:
Client -> HOST_A (public IP address) -> HOST_B (private IP address)
That being said, to avoid connecting manually to HOST_A and then to HOST_B, I'm using the jump host configuration below in the .ssh/config file.
Host HOST_B
ProxyCommand ssh -q HOST_A nc -q0 HOST_B 22
This solution works well when I'm using a regular terminal, but it doesn't work when using "Remote Systems" in Eclipse IDE. I'm not sure if I have to enforce the config file or how to configure jump hosts in Eclipse.
Does anyone have an idea how to sort this out in Eclipse?
What about an ssh tunnel?
ssh -L 2222:HOST_B:22 -N HOST_A
Then you can use localhost:2222 to connect to HOST_B with ssh. You just need Eclipse to allow you to specify a port in the ssh configuration.
Related
I am a networking novice trying to ssh from a RedHat 7 server through a proxy to GitHub and not getting anywhere.
The proxy allows ssh traffic through port 2288 to GitHub
The proxy server connection is : server.proxy.place.organisation.local:8080
I have tried commands such as:
ssh -o ProxyCommand="connect-proxy -S server.proxy.place.organisation.local:8080 %h %p" MyName#github.com
but no luck. I don't really understand how I divert ssh on port 22 through to port 2288 on the proxy - do I need to open port 2288 on the RHEL7 server to allow this to pass through? Or is there some part of the ssh command (or config) that takes care of that?
question:
Is there any way to tunnel all outgoing ssh connections in vscode (including those established by the remote-ssh plugin) through my on-site workstation? I have full control over the firewall for that machine and can open ports on ufw as needed for off-site access.
background:
I use vscode remote-ssh to connect to a research computing cluster when on-site.
For remote work, I would like to avoid using cisco anyconnect as a vpn in mac os 11.6, as routing and other os features behave unexpectedly.
Turns out in mac os, it's sufficient to edit the ~/.ssh/config file by specifying an on-site proxy host that I control within the ProxyCommand option:
Host clusterNode
ProxyCommand ssh me#my_accessible_ssh_host nc %h %p
HostName <firewalled node ip address>
User my_cluster_username
I discover Visual Studio Code Remote Development Extension Pack. I wanted to try it, but my remote is on a 2222 port.
I can correctly connect with Putty and my port 2222, same on my Linux laptop with ssh command.
What is the correct config to use Code Remote via SSH with other port ?
Thanks
Host my-remote-connection
HostName mydomain.name
User myusername
Just add Port to your config like:
Host my-remote-connection
HostName mydomain.name
User myusername
Port 2222
I'm trying to follow the digital ocean tutorial on configuring pgadmin4 in server mode, but damn it is long, and I have to first configure apache server, python and virtualenv (via other 2 tutorials).
I don't want to install so many dependencies in my server just to access postgres via pgamin 4.
How do you guys do it?
I'm running a go webserver via https listening on ports 443 and redirecting 80 to 443
Seeing your other answer I would like to offer a more secure alternative.
What's wrong with the current approach?
Your PostgreSQL instance is accessible from the internet. Generally you should try to limit access only where it is required. Especially if you are not using SSL to connect to PostgreSQL, an open port like this is a target for traffic interception and brute force attacks.
Alternative
Seeing that you are you using JetBrains IDE's you only need one other step to access your data - setting up a SSH tunnel.
This encrypts with SSH all your connections between development host and server without exposing PostgreSQL to the outside world.
In the connection settings for your database in the Jetbrains IDE select the SSH/SSL tab and "Use SSH tunnel". Input the information of your server and the SSH user + password/SSH key (use SSH keys for better security) into the relevant input fields.
Undo the settings changes you did to open the firewall and configure PostgreSQL to listen to all nodes.
Connections to your database are now possible over encrypted tunnels without exposing your database to any unwanted attacks.
So this is what I did to achieve connection from my laptop to my ubuntu VPS, via webstorm (I suppose any intellij works also should work with other IDE's)
0 login to your server
1. Locate postgresql.conf usually under /etc/postgresql/10/main
2. sudo nano postgresql.conf
3. Locate and change line at connections
listen_addresses = '*'
Then in same dir edit: sudo nano pg_hba.conf
#TYPE DATABASE USER ADDRESS METHOD
host all all 0.0.0.0/0 md5
Md5 means I connect with user and his password
5 Dont forget to allow ufw (firewall)
sudo ufw allow 5432/tcp
Open webstorm > Database (tab) > click + to add PostgtresSQL source (fill relevant info, user name, password, database name, host and port, etc...)
jdbc:postgresql://example.com:5432/my_database_name
Press on schemas and synchronize OR press:
Source > Settings > Schemas tab > [check] All Databases > refresh
I have an Ubuntu server running Tomcat, and I want to connect my Eclipse EE to it so I can work with JSP.
I have no problem connecting to a similar Tomcat service when it's installed on my machine (not a server), but whenever I try to connect to the remote server I don't seem to have the option of choosing a Tomcat service.
Is there some guide you can recommend (I didn't find one), or is there something I did wrong?
The "remote" Tomcat (or more generally the app server) must be configured to permit such connection.
Did you start the remote server with these parameters:
-Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n
Alternatively you can add the word jpda at the end of the startup.sh (or .bat) script just when calling the catalina.sh script.
Everything is documented on the Apache Tomcat Wiki.
After enabling those options, you have also another task to do: enabling the network connection to the configured port (8000 in the above options). It depends which firewall is installed on the server but usually it is iptables.
Example of iptables command to enable connection to port 8000:
sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
If your server have a GUI installed, one easiest way is to use the "ufw" – short for 'uncomplicated firewall' as explained in this site which is just a graphical way to configure the iptables.
One way to test the connectivity to the server (if the port is open) is to use telnet from your computer like this:
telnet your.distant.host 8000
and if the command opens, the port is accessible, if the telnet command times out, the port is closed.