reverse tunnel with Windows - reverse

PC_A is behind NAT/Firewall, it runs Windows.
PC_B is Debian server with public IP and with OpenSSH.
I want to access files on PC_A from any PC_C.
On PC_A I execute this:
plink.exe -R 12345:localhost:22 root#PC_B
From PC_B I run:
ssh -p 12345 localhost
plink.exe supports reverse tunneling, but does would it work without openssh server?

solved. Needed to install SSH server on PC_A (win7). plink.exe is just a client.

Related

Unable to access my off site MYSQL DB via a VSCode extension when it is running under WSL2

I'm running Windows 11. I have my dev environment in Debian running via WSL2.
I have this VSCode extension installed (although I have tried multiple SQL VSCode extensions and they all act the same)
If I have a VSCode window open in a WSL2 instance I am unable to connect to my DB but if I have a normal VSCode window open I am able to use any extension to access my DB.
In both instances the DB connection details are identical.
I need to use a program called ScaleFT to create a secure tunnel to the DB, I'm assuming this is the cause of the issue in part.
I am able to connect to my local dev MYSQL DB running in docker from both a WSL and normal VSCode window.
I've found that WSL's network sharing with the host system seems to run into trouble a lot with VPN and Ad-Hoc tunnel sharing with the Windows host.
What worked best for me was just to install an independent client for the WSL host. I use Ubuntu personally but I bet this will be a drop-in for your Debian setup, too.
Add the ScaleFT Repo to apt:
echo "deb http://pkg.scaleft.com/deb linux main" | sudo tee -a /etc/apt/sources.list
Add the ScaleFT signing keys to your local keyring:
curl -fsSL https://dist.scaleft.com/pki/scaleft_deb_key.asc | gpg --dearmor | sudo tee /usr/share/keyrings/scaleft-deb-key.gpg
Pull package list and install the Linux tools:
sudo apt update && sudo apt install -y scaleft-client-tools scaleft-url-handler
That should leave you with a ready copy of the sft client tool. You can test with:
sft --version
From there, you can enroll your new WSL client and those connections should start working for you but, of course, your mileage may vary!

how to retrieve the ip of openshift private docker registry when started through minishift and accessed from machine where minishift is present

I have installed openshift through minishift on mac. I am able to run the command docker login -u developer -p <pass> 172.30.1.1:5000 from the shell where openshift is running. However I need to run the same login command from host mac machine and don't know the ip to use.
The openshift console can be accessed from https://192.168.64.3:8443.
The command minishift openshift registry returns an error.
I can run the oc commands from mac host machine.
I think you better login to docker daemon: https://docs.okd.io/latest/minishift/using/docker-daemon.html instead that login to the internal registry directly. Once you've done you can use docker client as it is bound to your minishift environment.

Laravel Docker Container not connecting to local mysql

I have an issue connecting to mysql running in the local machine in my DockerFile i have mentioned
FROM php:7
RUN apt-get update -y && apt-get install -y openssl zip unzip git
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer
RUN docker-php-ext-install pdo mbstring pdo_mysql
WORKDIR /home
COPY . /home
RUN composer install --ignore-platform-reqs
CMD php artisan serve --host=0.0.0.0 --port=8081
EXPOSE 8081
and this in my .env configuration
DB_HOST=localhost
DB_DATABASE=databasename
DB_USERNAME=root
DB_PASSWORD=testpassword
I have very less clue about where it is failing. Do i need to install mysql for Docker container also?
A much simpler solution (for Mac OSX & Docker for Windows) is to replace the host address from localhost
to host.docker.internal
DB_HOST=host.docker.internal
DB_DATABASE=databasename
DB_USERNAME=root
DB_PASSWORD=testpassword
Basically the DNS namehost.docker.internal will resolves to the internal IP address used by the host.
NB: If you have changed your address to host.docker.internal but you still receive connection refused error, it’s most probably because MySQL is currently configured to only listen to the local network.
To resolve that, please update the value of the bind_address to 0.0.0.0 in your my.cnf configuration file.
you are trying to connect to mysql in localhost, which is (surprisingly) the reference to the local host. since its a relative address, inside the container it is being resolved as the container own address, and no mysql is awaiting you there...
so to solve it - just give it your real host ip instead of localhost or 127.0.0.1.
step 1 - fix .env file:
DB_HOST=<your_host_ip> #run `ifconfig` and look for your ip on `docker0` network
DB_DATABASE=databasename
DB_USERNAME=laravel_server #not root, since we are going to allow this user remote access.
DB_PASSWORD=testpassword
step 2 - create dedicated user:
open your mysql: mysql -u root -p, give your root password, and run the following:
CREATE USER 'laravel_server'#'%' IDENTIFIED BY 'testpassword';
GRANT ALL PRIVILEGES ON databasename.* TO 'laravel_server'#'%';
FLUSH PRIVILEGES;
we created the user and gave it the permissions.
step 3 - open mysql to remote access:
we have to make it listening on all interfaces and not just localhost and therefore we run:
sudo sed 's/.*bind-address.*/bind-address=0.0.0.0/' /etc/mysql/mysql.conf.d/mysqld.cnf
(you will be prompted for password. this command is just replacing the line in mysql configuration file)
step 4 - updating:
in the project directory: php artisan config:cache
service mysql restart
then docker build and run a new container again. it should work for you.
I see two options -
Use the private IP of your docker host i.e where mysql server is running.
Use the host network mode while running container in case you want to use localhost.
docker container --net=host ...
In my case (Ubuntu 20.04 Desktop), I had MariaDB already running and using port 3306. So when the app inside the docker container was trying to start MySQL that was inside the container it failed because it was trying to listen to an already used port. I switched off the already-running MariaDB using the command below :
sudo systemctl stop mariadb.service
Then tried starting the docker app. It ran successfully because port 3306 was now free and used by MySQL inside the container. But since I intend to use both of them, a much more permanent solution would be to configure either of the Database systems i.e the one inside the docker container or the one outside the docker container to use a different port other than the default 3306.

how to setup and configure mysql-proxy on ubuntu on amazon ec2

i am trying to setup mysql-proxy on ubuntu on amazon ec2
i have done following:
sudo apt-get install mysql-proxy --yes
vi /etc/default/mysql-proxy
i put following content on "/etc/default/mysql-proxy"
ENABLED="true"
OPTIONS="--proxy-lua-script=/usr/share/mysql-proxy/rw-splitting.lua
--proxy-address=127.0.0.1:3306
--proxy-backend-addresses=private_ip_of_another_ec2_db_server:3306,private_ip_of_another_ec2_db_server:3306"
also tied with "--proxy-address=private_ip_or_public_ip_of_proxy-server:3306 or 4040"
and "--proxy-backend-addresses=public_ip_of_another_ec2_db_server:3306,public_ip_of_another_ec2_db_server:3306"
after that i tried to connect proxy server from another pc using mysql like:
mysql -u some_user -pxxxxx -h proxy_server_ip
or
mysql -u some_user -pxxxxx -h proxy_server_ip -P 4040
but its not working
its showing error:
ERROR 2003 (HY000): Can't connect to MySQL server on 'ip' (10061)
i want to tell you can connect the db server remotely where i allowed remote connection to any host
i also tried /etc/init.d/mysql-proxy start or /etc/init.d/mysql-proxy restart but no result
just to inform you that /etc/init.d/mysql-proxy stop is showing failed
can anyone please help me to setup and configure mysql-proxy on ubuntu
===
Edit
i found some help from other question of stackoverflow and also according to a suggestion in the comments, have done following procedure. and it seems its working now.
i installed mysql-client and mysql-server locally(on proxy server)
then i tried to run mysql-proxy using following command:
mysql-proxy --proxy-backend-addresses=10.73.151.244:3306 --proxy-backend-addresses=10.73.198.7:3306 --proxy-address=:4040 --admin-username=root --admin-password=root --admin-lua-script=>/usr/lib/mysql-proxy/lua/admin.lua
then i tried to connect remotely to the proxy server and its working.
but it seems i need to run this command under screen because when i close the terminal proxy stops working.
Can you please tell me that do i need to run this command under screen or is there any other way to make it alive all time?
There is no need to install Mysql client or Mysql Server on your mysql-proxy.
Installing mysql-proxy does have "full daemon capabilities" compiled into it.
If your are running Ubuntu Server, you may wish to use an UPSTART service script.
This script can be copied into /etc/init/mysql-proxy.conf
# mysql-proxy.conf (Ubuntu 14.04.1) Upstart proxy configuration file for AWS RDS
# mysql-proxy - mysql-proxy job file
description "mysql-proxy upstart script"
author "shadowbq <shadowbq#gmail.com>"
# Stanzas
#
# Stanzas control when and how a process is started and stopped
# See a list of stanzas here: http://upstart.ubuntu.com/wiki/Stanzas#respawn
# When to start the service
start on runlevel [2345]
# When to stop the service
stop on runlevel [016]
# Automatically restart process if crashed
respawn
# Essentially lets upstart know the process will detach itself to the background
expect daemon
# Run before process
pre-start script
[ -d /var/run/mysql-proxy ] || mkdir -p /var/run/mysql-proxy
echo "starting mysql-proxy"
end script
# Start the process
exec /usr/bin/mysql-proxy --plugins=proxy --proxy-lua-script=/usr/share/mysql-proxy/rw-splitting.lua --log-level=debug --proxy-backend-addresses=private_ip_of_another_ec2_db_server:3306,private_ip_of_another_ec2_db_server:3306 --daemon --log-use-syslog --pid-file=/var/run/mysql-proxy/mysql-proxy.pid
In the above example I hard coded the AWS RDS server into script, instead of fiddling with defaults and config file
Install Upgraded version 0.8.5
Note:
apt repo does not have 0.8.5 so we need to download tar from mysql official site
Prerequisite :-
Create file /etc/default/mysql-proxy with following content
ENABLED="true"
OPTIONS="--defaults-file=/etc/mysql/mysql-proxy.cnf"
Installation Procedure :-
Download mysql-proxy 0.8.x
Untar in /usr/local
Update PATH environment with /usr/local/mysql-proxy-0.8.5-linux-debian6.0-x86-64bit/bin
vim /etc/environment (to update environment path)
cd /usr/local/mysql-proxy-0.8.5-linux-debian6.0-x86-64bit/bin
Run command sudo ./mysql-proxy --defaults-file=/etc/mysql/mysql-proxy.cnf
Sample mysql-proxy.cnf file
[mysql-proxy]
log-level=debug
log-file=/var/log/mysql-proxy.log
pid-file = /var/run/mysql-proxy.pid
daemon = true
--no-proxy = false
admin-username=ADMIN
admin-password=ADMIN
proxy-backend-addresses=RDS-ENDPOINT:RDS-PORT
admin-lua-script=/usr/lib/mysql-proxy/lua/admin.lua
proxy-address=0.0.0.0:4040
admin-address=localhost:4041
change host ip and port of RDS or mysql
connect to Mysql server via proxy with
mysql -h{proxy-host-ip} -P 4040 -u{mysql_username} -p

Public key setup issue in windows environment for scp

I am trying to configure a Hudson job to copy result of Hudson job (consists of multiple files) into a Hudson server for results consolidation from multiple slaves. My intention is to use scp. Unfortunately, I have difficulties setting up the SSH public key/private key in windows environment (both slave and Hudson server are windows environment). I cannot migrate to Linux because I am not the owner of those machines.
I use the following procedures to set up the SSH public/private keys.
Configure ssh server in Hudson machine by performing the following:
cd C:\Program Files\OpenSSH\bin
mkgroup -l >> ..\etc\group
mkpasswd -l >> ..\etc\passwd
mkpasswd -d -u test >> ..\etc\passwd (Note: test is the user id used for SSH)
Download cygintl-2.dll & cygwin1.dll from http://samanthahalfon.net/resources/cygwin_includes.zip. Copy those dll files to C:\Program Files\OpenSSH\bin.
You will need to replace cygwin1.dll.
cd C:\Program Files\OpenSSH\etc
..\bin\chown test *
..\bin\chmod 600 *
Edit C:\Program Files\OpenSSH\etc\sshd_config with the following configuration:
Port 22
Protocol 2
StrictModes no
PubKeyAuthentication yes
AuthorizedKeysFile /c/home/test/.ssh/authorized_keys
PasswordAuthentication no
UserPrivilegeSeparation no
To start it as Windows service by executing: net start opensshd
Configure ssh public key in Hudson machine, so that the test automation script will not be prompted for password:
In slave machine, using "ssh-keygen -t dsa" command to create key pairs.
By default the key pairs (files: id_dsa & id_dsa.pub) will be generated to C:\Documents and Settings\test.ssh\
Using "scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub" command to upload public key to Hudson Server.
i.e. scp id_dsa.pub test#XX.XX.XX.XX:.ssh/id_rsa_upload.pub
In Hudson server, go to directory C:\Program Files\OpenSSH.ssh, then execute "type id_rsa_upload.pub >>authorized_keys"
Exit and restart opensshd on Hudson server by executing "net stop opensshd" and "net start opensshd" now you can login ssh server without password.
In Hudson server, execute the following:
cd C:\Program Files\OpenSSH\
chown -R test .
chmod -R 700 .ssh
cd .ssh
chmod 600 authorized_keys
In slave machine, edit C:\Program Files\OpenSSH\etc\ssh_config. Specify "IdentityFile /c/home/test/id_dsa".
Test from your slave computer which SSH private key has been executed. In the slave machine, connect by executing:
ssh test#XX.XX.XX.XX (IP is Hudson server's IP)
Unfortunately, it still prompts for the pass phrase.
I looked into the following possibilities as workaround but the results are not positive:
a. shared drive in Hudson server mapped to a drive in slave machine - Hudson does not permit "copy result.html Y:"
b. sftp - it also requires public key
c. Found a proposed solution to overcome shared drive issue by using "copy result.html \XX.XX.XX.XX\test\" but I encountered access denied error as I have
no idea how to specify the user id and password using this method. Refer to: Hudson continuous integration server: how to see Windows mapped directories that are visible to Ant?
d: I have also looked into Hudson's plugin for any potential solution but could not find anything suitable or have no idea on the plugin usage.
It would be great if someone can spot my mistake in public key setup or propose an alternative solution for me to copy multiple files into Hudson server. Thanks
You need to identify what is wrong first -- server or client.
To verify server setup same key on any Linux/Mac client (which is much more transparent) and try to connect to the server.
To verify that ssh on your slave machine loads your dsa identity key try next:
ssh -i c:/home/test/id_dsa -v test#XX.XX.XX.XX
where -i would tell ssh where to get key and -v enables verbose mode which can help you to identify the problem.