I work with several IBM i systems. One of them needs me to set an SSH connection before opening an 5250 session. I use the command: ssh -i Keys_rsa L 50023:localhost:23 USER#HOST and after open a 5250 session pointing to IP 127.0.0.1 and it works... But i have a java program that gets some data from the server that cant connect. I need an example of connecting and setting ports. I use JTOpen/JT400 AS400 object but i think i need to move to a SecureAS400 object... Can anyone help?
Related
I am having a aws server(10.10.10.1) which will act as a CISCO Router and it will port forward to another aws server(10.10.10.2). Now I am connecting a server in ssh using the following command.
ssh -i server.pem ec2-user#10.10.10.1 -p 2222
Then it will connect to the Server 10.10.10.2.
Now I need to run a socket program there and I need a client(Which will run in local) program to connect that.
I tried in many ways but I am not able to connect that.
I am new in socket programming please help me to sort out.
Below Answer Result:
I have tried to connect through the SSH tunnel and the tunnel is working for the router and it is not going to the aws server
Please see my tunnel command,
ssh -i server.pem -L 9080:10.10.10.2:8090 ec2-user#10.10.10.1
I also ran a Socket server code in 10.10.10.2 and the client code in my local machine.
Please help me to sort it out
This is your layout
DEV ---ssh---> PIVOT ---ssh---> SERVER
There's an SSH feature called port forwarding that allows the user to open a listening (server) socket on one end of the connection (-L for local, -R for remote) and proxy all socket reads and writes to another machine reachable from that end.
Since PIVOT can connect to SERVER you simply need a proxy on your DEV machine:
me#dev$ ssh -L 9005:server:80 pivot
And then when you talk to localhost:9005 on the development machine you are in fact talking to server:80 via the SSH channel.
Note: if host A can't directly connect to the server and you use it to ssh into B that can, you actually have to setup two forwards, one for each SSH bridge.
I have a play application connecting to a database at 1.2.3.4 but for some reason Play! (and other java apps too) cannot connect to it.
I did try editing the hosts file and setting a name for the IP like app01 1.2.3.4 however it only worked on the box where the DB was hosted and it didn't work for external machines. I can confirm that the right port is open in iptables and I've tried restarting it, too.
If I ping postgres at port 4567 at 1.2.3.4 from the same box, it works. But setting the same IP address in my java apps fail. What's wrong? Is it permissions or iptables issue? Thanks.
Stack trace:
Caused by: java.net.NoRouteToHostException: No route to host
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:327)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:193)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:384)
at java.net.Socket.connect(Socket.java:546)
at java.net.Socket.connect(Socket.java:495)
at java.net.Socket.<init>(Socket.java:392)
at java.net.Socket.<init>(Socket.java:206)
at org.postgresql.core.PGStream.<init>(PGStream.java:62)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:76)
... 35 more
Can you connect to your DB via pgadmin (http://www.pgadmin.org/)?
Can you telnet from your machine on to the DB Server on the given port (telnet 1.2.3.4 4567)?
If you cannot telnet maybe the DB Server is blocking your connections?
Have you set any proxy server either only for java or only for rest of the system?
From the exception it seems more of a networking issue than anything with java...
Can you check firewall settings on the db server. You can try by telnet to check whether you are able to connect or not.
If you're behind a router you WILL BE ABLE to ping it from another local machine (usin the local IP), but you might not be able to ping from the outside if you are not port-forwarding correctly (You can configure this from your router).
Another thing to take in mind is that you CAN'T ping your own external IP from within the network, that means that you can ping 192.168.1.100 (Server) from 192.168.1.xx (Client), but you can't ping 72.15.xx.xx (port-forwarded to 192.168.1.100) from 192.168.1.xx (Client).
In order to do this you have to use an external tool, there are many webs that can do this for you, here's the one that I use:
http://www.yougetsignal.com/tools/open-ports/
If it says the port is open then it is open and it should work now, if it shows closed then you should double check that your firewall is allowing the data, maybe shut it down temporary to see it thats the prob.
If you need help adding a port exception to your firewall or forwarding a port from your router just tell me which distro/routerModel you're using and I'll try to dig some more info for you.
I'm trying to ssh into ubuntu using exec, but for some reason when I execute from the code I get the error
port 22: Connection refused
In the code I use concat to put the strings together, but I know they're put together properly because I print them out and if I copy and paste them into the command line then it will ssh properly.
My code tries:
p1= Runtime.getRuntime().exec(run1);
p1.waitfor();
where
run1 = "ssh -o StrictHostKeyChecking=no -v -i key " + "ubuntu#"+ DNS + " sudo mke2fs -F -j "+device;
Any ideas?
You are initiating the connection, so for it to be refused it means that the machine you are attempting to ssh into is denying you ssh access.
Log into that machine by whatever means you have and verify that the ssh server is running. If it is, then verify that the firewall is not blocking port 22; because, sometimes the ssh server is running but the firewall won't allow network access to the ssh server due to a port blocking rule.
--- Edited after question in comments ---
Is there a difference between ssh in the command line and using exec? Because I can
connect to the server through the command line, which I assume is still using port 22.
So if I can ssh that way does that mean port 22 is working?
There are a few possibilities. Java comes with a Security Manager which only serves to deny programs access to machine resources. This is why it is possible to safely run applet code, which is downloaded from remote servers, as the Security Manager denies permission to access the hard drive or make connections to other machines. In the applet sandbox, it does allow connections back to the originating web server (to download more code and images).
However, the lack of a security exception directs the suspicion away from the Security Manager. The fact that the message uses the words "Connection refused" is a strong indicator that the SSH server you are connecting to won't accept a connection from you.
Perhaps by operating on the command line, the ssh command is using a different environment or configuration. I would see if the command is aliased, of if the ssh connection makes some assumption about key pairs. If nothing seems to be out of line with the command, I would check that your program is connection with ssh version 2 (version 1 is not allowed by many due to a security hole).
Then I would also hunt around for possible differences in name resolution. You might be resolving the hostname in the command line differently than you are resolving it from the Java program. This could mean that the Java program is attempting connection to a different machine, one which doesn't have a secure shell server running.
Either way, it seems that you'll have to do a bit of debugging to isolate if it is a true coding problem or an environmental issue.
If you are getting Connection refused, the SSHD is not running or you are being blocked by Firewall (or similiar).
I am currently developing a java application that uses JDBC inorder to connect to MySQL on a computer running Mac OS 10.6.7. The server that I connect to suddenly decided to use SSH. I've managed to connect to the database using MySQLWorkbench so there is nothing wrong with the connection.
My next attempt was to start the terminal and type ssh username#sshserver.com -L 3305:databaseserver:3306 and then start Eclipse and run my application. The terminal prompted me for my password but JDBC could not connect. I tried SSH Tunnel Manager with the following settings: http://imageshack.us/photo/my-images/146/sshb.jpg/ and it also prompts me for the password and then gives a green light. Still no success. The application worked fine before when i just connected without SSH. I would be very grateful for any help, I googled and tested every suggestion I found but nothing worked.
Two issues to keep in mind using tunnels:
Remember that when you use a tunnel, your JDBC client should connect to localhost port 3305 (or 3306, whatever you're actually using). It shouldn't continue trying to connect directly to the remote host.
SSH will tunnel the connection to the remote end and try to connect to "databaseserver" port 3306 from there. If ssh on the remote host can't resolve the hostname that you gave it, it won't be able to make the connection. Since you are tunneling to the database server, you could try connecting to "localhost" or "127.0.0.1" instead.
I have a lot of experience with jconsole.exe and JVisualVM.exe , in the JDK1.6 and have connected thousands of times from a Windows JVM over to a Windows JVM on another machine via JMX.remote but it fails when I try to monitor a java instance that is running on a Linux host (from a Windows host and I tried JMX listener on redhat and SUSE at Amazon EC2). I also tried using jconsole.exe and get a similar error.
Is there any reason anyone can think of , why this kind of JMX connection would have a problem. Any ideas I can try? Has anyone "actually" done this and can say it will work if I persevere?
The error I get from JVisualVM (on the remote connect attempt) is something like this:
"Cannot connect using service:jmx:rmi:///jndi/rmi://<jmx service ip>:8001/jmxrmi"
My remote JMX service config is like this:
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=8001
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.hostname=<jmx service ip>
Found a similar question at this link but it didn't answer my question.
I verified that "iptables" is not enabled as a service and is not on and so I don't imaging there is any sort of firewall blockage. Also, both the windows and linux machine are on a 10.0.0.0 private internal subnet together. I am able to telnet into the port 8001 to verify its there , and its listening (netstat -ap) on the linux machine.
See the system property java.rmi.server.hostname. On your Linux server JVM, set this system property to be the public IP of the host. Then use the public IP in you client JMX URL.
I think your problem is that the RMI implementation is kind of hard to work with through firewalls and such as it requires more than the port you specify to work. Things you typically wouldn't notice if you connect to your own machine or a machine on the same network.
This post describes the problems you will run into quite well
If I were you, I would try to setup jmxmp as an alternative protocol. To do so you need to add the jmxremote_optional.jar (free from Oracle, download "JMX Remote API 1.0.1_04 Reference Implementation" from here) to both the server and the jvisualvm classpath but it is worth it.
If you google for jmxmp you will find quite a few examples on how to set things up, one of my first hits are http://pub.admc.com/howtos/jmx/distributed-chapt.html#jmxmp-sect which may be a bit too code oriented but I add it here anyway because it explains the things like like most with jmxmp in a few good sentences.
How to define the server side endpoint is depending on what you are running. Most app servers will let you type in a jmxmp enabled jmx service url but if the server is written from scratch you might have to set it up yourself in code instead of using the -D switches to java you are used to.
Give it a try and return with more specific questions about it if you run into problems.
Edit:
After you have added the jar to the classpath, the only thing you have to do in your code (assuming you are not using a server app that already handles it for you) is the following (omitting declarations, exception handling and such as you will figure it out anyway):
url=new JMXServiceURL(jmxurl);
this.server = JMXConnectorServerFactory.newJMXConnectorServer(url, null, ManagementFactory.getPlatformMBeanServer());
this.server.start();
Have you tried creating an SSH tunnel to the Linux box from your Windows machine? http://oldsite.precedence.co.uk/nc/putty.html
Or if you have cygwin, just try ssh -f your-user#remote-server.com -L 7777:remote-server.com:123 -N where 7777 is the port on YOUR windows machine, and 123 is the port on the remote Linux box that listens to JMX commands.
With either of the above, you can use jconsole or visualvm on your Windows box and connect to localhost:7777.
I know iptables is disabled, but just confirm that JMX is working fine at that port by SSHing into the Linux box and trying to use commandline JMX mode of jconsole for localhost (on the Linux box).
I have actually just tackled this problem myself and figured it out.
I would wager that the problem is the RMI connections - you can't predict which ports it will use and so you can't get it to work with a firewall.
The workaround is to use an SSH proxy:
SSH to the box where your application is running but use the -D option like this:
ssh user#remoteHost -D 9999
As you are on Windows, you can use Cygwin to run the command above, or you can do the same thing with Putty through the GUI (guide here: http://blog.ashurex.com/2012/03/15/creating-ssh-proxy-tunnel-putty/)
This will start a socks proxy on your local machine on port 9999.
Open JVisualVM and in the preferences, under 'network' configure it to use a socks proxy at localhost, on port 9999.
If you do the above, you should then be able to connect to the remote machine as normal and since all the RMI traffic is now going over the SSH proxy, it is punched through the firewall and works nicely.
Good luck :-)