stackoom
  简体   繁体   中英

Create an SSH tunnel on the server that needs to access the remote application port

 原文  2015-09-09 07:40:01       linux/ node.js/ unix/ ssh/ rethinkdb

Question

I am developing Node.js application. And also new Linux systems. I installed RethinkDB to Google Compute Engine instance. I can access to 28015 driver port locally. But I cannot access to the driver port (28015) so that it cannot be accessed from the outside world. So I did it below commands. But I got some errors. 

test@rethinkdbserver:~$ sudo iptables -A INPUT -i eth0 -p tcp --dport 28015 -j DROP
test@rethinkdbserver:~$ sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 28015 -j ACCEPT
test@rethinkdbserver:~$ ssh -L 28000:localhost:28015 100.100.63.63
The authenticity of host '100.100.63.63 (100.100.63.63)' can't be established.
ECDSA key fingerprint is cc:21:56:de:f1:72:j3:64:50:k4:0b:42:e2:5f:db:63.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '100.100.63.63' (ECDSA) to the list of known hosts.
Permission denied (publickey).

I get this error:

The authenticity of host '100.100.63.63 (100.100.63.63)' can't be established. ECDSA key fingerprint is cc:21:56:de:f1:72:j3:64:50:k4:0b:42:e2:5f:db:63. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '100.100.63.63' (ECDSA) to the list of known hosts. Permission denied (publickey).

RethinkDB manual document

Using SSH tunneling First, protect the driver port so that it cannot be accessed from the outside world. On unix-based systems, you can use iptables to block the port as follows: 

sudo iptables -A INPUT -i eth0 -p tcp --dport 28015 -j DROP 
sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 28015 -j ACCEPT

Note: You may have to replace eth0 and 28015 above if you are using another interface or not using the default driver port. Now create an SSH tunnel on the server that needs to access the remote RethinkDB driver port: 

ssh -L <local_port>:localhost:<driver_port> <ip_of_rethinkdb_server>

Where,

local_port is the port you are going to specify in the driver - It can be any available port on your server.

driver_port is the RethinkDB driver port (28015 by default).

ip_of_rethinkdb_server is the IP address of the server that runs the RethinkDB server.

You can now connect to your RethinkDB instance by connecting to the host localhost and port local_port:

Full document https://rethinkdb.com/docs/security/

Please help

1 answers

solution1
 1 ACCPTED  2015-10-16 16:24:29

By default if you don't supply a username, SSH will assume you are using the username on your local machine. In this case test . You should change your SSH tunnel command to:

ssh -L 28000:localhost:28015 user_name@100.100.63.63

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Kill port on remote server with ssh SSH tunnel, port forwarding and services How to create a “Nested ssh tunnel”? Reverse ssh tunnel not exposing the port on ec2 ssh access to remote server without password - Windows ssh tunnel for local (not remote) command execution SSh remote tunnel, am I missing something? SSH tunnel: local => gateway => MySQL server How to create a repository with ssh:// access on a server MySQL ODBC - How to connect Access 2016 to remote server via SSH
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM