Hi Dave, I think the first command establishes the tunnel to a port on your localhost.
So enter the last command in a separate terminal window on your machine instead of in the tunneling window, which does not accept commands.
On Wed, Sep 28, 2016 at 6:53 PM, David T. Lewis lewis@mail.msen.com wrote:
Thanks Tobias,
I am not able to connect with variant (1). Probably I am doing something wrong, as I have little experience with ssh tunneling. This is what I see:
lewis@lewis-Gazelle-Pro:~$ ssh -p1022 -lssh 104.130.6.82 restrict shell, no commands # restrict shell, no commands # ssh -AN -L22221:10.176.197.150:22 -p1022 -lssh 104.130.6.82 restrict shell, no commands # ssh -ldavidlewis -p22221 localhost restrict shell, no commands # ls restrict shell, no commands #
Can you tell what I am doing wrong?
Thanks, Dave
On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
Dear all
[ACTIONS AT END]
with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace. Here's the overview:
======================================================================================================================= Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29 alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8 adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56 andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222 dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150 ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111 david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45 scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169 =======================================================================================================================
Currently, Levente and me have sudo on all these machines. Users with * also do.
Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies. How to login?
Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping. I have installed the Public keys from most of you for the 'ssh' user on ian.
Please verify by ssh -p1022 -lssh 104.130.6.82 you should see restrict shell, no commands # (you get out with crtl-d, ctrl-c, or killing ssh)
How to reach the other servers? Example for 'andreas'
variant (1): Do a local forward by ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82 and then ssh -lYOURNAME -p22221 localhost (-N maybe optional, but then you see 'restrict shell, no commands #')
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 LocalForward 222221 10.176.200.8:22 Host andreas.squeak.org User YOURNAME Hostname localhost Port 222221 And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
variant (2): (a) You have OpenSSH >= 7.3 Do a Jump with ssh -J ssh@104.130.6.82:1022 YOURNAME@10.176.200.8
Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyJump ian.squeak.org And then say 'ssh andreas.squeak.org' (b) You have OpenSSH >= 5.4 Do a Jump via ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME@10.176.200.8 Or in your .ssh/config you can put Host ian.squeak.org User ssh Hostname 104.130.6.82 Port 1022 Host andreas.squeak.org User YOURNAME Hostname 10.176.200.8 ProxyCommand ssh -W %h:%p ian.squeak.org And then say 'ssh andreas.squeak.org' (c) You have OpenSSH < 5.4 Use variant (1)
We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
[ACTION REQUIRED]
- Who needs access to which servers?
- Do we need Jenkins anymore?
As always, questions appreciated.
Best regards -Tobias