Access an environment via OpenSSH or Putty

As we explained in https://root360.atlassian.net/wiki/spaces/KB/pages/2014353119 , only the jump server can be accessed directly from the internet. All the other instances are only accessible through that jump server. The following explains how to configure your ssh client to make that possible.


Preconditions

Username of Project User

The ssh username is of the format "project-environment". You can get the name of your project with us through our Orbiter dashboard on my.root360.cloud: The listed environments always have the format "company-project-environment".

IP to connect to

You need to connect to the  jumpserver, also known as the bastionhost or natgw. You can get its public IP through our Orbiter dashboard of the environment you want to connect to in Instances → project-environment-natgw → Public IP.

Linux/macOS and OpenSSH

On your local machine (e.g. workstation or enterprise-internal jump server) make sure that you have ssh-agent running. You will get this response if no agent is running or your current shell is not aware of it:

1 2 ssh-add -l Could not open a connection to your authentication agent.

Start an agent and export its environment variables into your current shell:

1 eval $(ssh-agent)

(see for example https://wiki.archlinux.org/title/SSH_keys#SSH_agents for further information about ssh agents and how to automate this process)

Add your secret ssh key to your ssh-agent with ssh-add and use ssh -A to use the ssh-agent. This is needed to connect to your application instances from the jumpserver:

1 2 ssh-add /path/to/privatekey ssh -A ProjectUser@Jumpserver-ip

The most likely path to your secret ssh key is ~/.ssh/id_rsa. You can check your currently loaded keys with ssh-add -l.

When you have connected to the jumpserver you can use r3 instance list to get a list of internal IPs of your application instances. You can connect to them simply with ssh <internal-ip>, ssh -A is not necessary for these internal connections.

Windows (Putty)

  • (warning)

    Putty Agent pageant.exe must be active and have the appropriate key loaded. You can download it at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

  • In the configuration of Putty, the AgentForwarding must be activated under Category> Connection > SSH> Auth. 

  • Under Category> Connection> Data, the ProjectUser is stored.

Commands on the Jump Server / Bastion Host

  • On Jump Server you can make use of
    r3 --help

  • To Jump to an instance use
    ssh [WebInstanceIP]

Known Issues

If you haven't added your private key to your ssh agent the following error occur:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ProjectUser@[company]-[project]-[environment]-natgw-i-xxxxxxxxxxx:~$ ssh 10.**.**.** Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.rwrewrwere": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.WZkeireirj": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.IOWJjijiwe": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ioejriweEf": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ijejpirksf": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.PomwmkwWdx": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.Alkkeepwww": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.klklowkeko": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.Kksmd887we": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.1kopopweko": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.1kpookpeWd": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.ophwkowm23": invalid format Load key "/tmp/ssh.tmp.ewekoMceec/ssh.tmp.jowjojnmmw": invalid format ProjectUser@10.**.**.**: Permission denied (publickey).

 

Related tutorials

Related components