Versions Compared

Old Version 25

changes.mady.by.user Steffen Drya

Saved on

compared with

New Version Current

changes.mady.by.user Steffen Drya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Warning

You have tried to access an archived page. Please go to the new https://root360.atlassian.net/wiki/spaces/KB to find more documents.

...

This guide explains how to access instances with ssh beyond the jump server.

Table of Contents

Background information

As we explained in (Archived) Quickstart, only the jump server can be accessed directly from the internet. All the other instances are only accessible through that jump server. The following explains how to configure your ssh client to make that possible.

Preconditions

  • The permissions on the file of your secret ssh key must be set so that only the owner can read them.

     For

     For example in linux with rights "600".

  • New keys can be created both under Linux and under Windows.

  • ssh key generation guide

Username of Project User

The ssh username is of the format "project-environment". You can get the name of your project with us through our Orbiter dashboard on my.root360.cloud: The listed environments always have the format "company-project-environment".

IP to connect to

You need to connect to the  jump server, also known as the bastion host or natgw. You can get its public IP our Orbiter dashboard of the environment you want to connect to → Instances → project-environment-natgw → Public IP.

Linux/macOS

On your local machine (eg workstation or enterprise-internal jump server) add your secret ssh key to your ssh-agent:

Code Block
linenumbers
languagebashtrue
ssh-add /path/to/privatekey
ssh -A ProjectUser@IP

The most likely path to your secret ssh key is ~/.ssh/id_rsa.

Windows (Putty)

  • (warning)

    (warning) Putty Agent pageant.exe must be active and have the appropriate key loaded. You can download it at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

  • In the configuration of Putty, the AgentForwarding must be activated under Category> Connection > SSH> Auth. 

    Image Modified

  • Under Category> Connection> Data, the ProjectUser is stored.

    Image Modified

Commands on the Jump Server / Bastion Host:

Known Issues:

If you haven't added your private key to your ssh agent the following error occur:

ecdsa
Code Block
languagebashtitleecdsa
ProjectUser@[company]-[project]-[environment]-natgw-i-xxxxxxxxxxx:~$ ssh 10.**.**.**
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.rwrewrwere": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.WZkeireirj": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.IOWJjijiwe": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ioejriweEf": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ijejpirksf": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.PomwmkwWdx": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.Alkkeepwww": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.klklowkeko": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.Kksmd887we": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.1kopopweko": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.1kpookpeWd": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ophwkowm23": invalid format
Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.jowjojnmmw": invalid format
ProjectUser@10.**.**.**: Permission denied (publickey).

...