| Excerpt | ||
|---|---|---|
| ||
This guide explains how to access instances with ssh beyond the Jumpserver. |
As we explained in Quickstart , only the jump server can be accessed directly from the internet. All the other instances are only accessible through that jump server. The following explains how to configure your ssh client to make that possible.
Preconditions
You do have a key created via Create an OpenSSH SSH Key and its is provisioned by root360 to the requested environment.
The permissions on the file of your secret ssh key must be set so that only the owner can read them. For example in Linux with rights "600".
Username of Project User
The ssh username is of the format "project-environment". You can get the name of your project with us through our Orbiter dashboard on my.root360.cloud: The listed environments always have the format "company-project-environment".
IP to connect to
You need to connect to the jumpserver, also known as the bastionhost or natgw. You can get its public IP through our Orbiter dashboard of the environment you want to connect to → in Instances → project-environment-natgw → Public IP.
Linux/macOS
On your local machine (eg e.g. workstation or enterprise-internal jump server) add your secret ssh key to your ssh-agent with ssh-add and use ssh -A to use the ssh-agent. This is needed to connect to your application instances from the jumpserver:
| Code Block |
|---|
ssh-add /path/to/privatekey ssh -A ProjectUser@IPProjectUser@Jumpserver-ip |
The most likely path to your secret ssh key is ~/.ssh/id_rsa. You can check your currently loaded keys with ssh-add -l.
Windows (Putty)
Putty Agent pageant.exe must be active and have the appropriate key loaded. You can download it at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
In the configuration of Putty, the AgentForwarding must be activated under Category> Connection > SSH> Auth.
Under Category> Connection> Data, the ProjectUser is stored.
Commands on the Jump Server / Bastion Host
On Jump Server you can make use of
r3 --helpTo Jump to an instance use
ssh [WebInstanceIP]
Known Issues
If you haven't added your private key to your ssh agent the following error occur:
| Code Block |
|---|
ProjectUser@[company]-[project]-[environment]-natgw-i-xxxxxxxxxxx:~$ ssh 10.**.**.** Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.rwrewrwere": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.WZkeireirj": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.IOWJjijiwe": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ioejriweEf": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ijejpirksf": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.PomwmkwWdx": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.Alkkeepwww": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.klklowkeko": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.Kksmd887we": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.1kopopweko": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.1kpookpeWd": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ophwkowm23": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.jowjojnmmw": invalid format ProjectUser@10.**.**.**: Permission denied (publickey). |
Related tutorials
| Filter by label (Content by label) | ||||||
|---|---|---|---|---|---|---|
|
Related components
| Filter by label (Content by label) | ||||||
|---|---|---|---|---|---|---|
|
| Status | ||||
|---|---|---|---|---|
|
| Table of Contents | ||
|---|---|---|
|
| Filter by label (Content by label) | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|