Comment on How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh by admin.
A useful tunneling is to create SSH tunnel to MySQL server on localhost so you can access it via mysql cli using some port lets say (3308):
ssh -T -N -L 3308:localhost:3306 myserver.example.com
Then access with mysql cli (assuming mysql cli is installed on localhost):
$ mysql -P 3308 -u USERNAME -pPASSWORD DATABASE
admin Also Commented
How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh
Another useful scenario is whether it is necessery to make ssh tunnel via multiple (server) hops:
There are 3 scenarios to tunnel ssh traffic via multiple servers:
-
Tunnel from
localhost
tohost1
:ssh -L 9999:host2:1234 -N host1
As noted above, the connection from
host1
tohost2
will not be secured. -
Tunnel from
localhost
tohost1
and fromhost1
tohost2
:ssh -L 9999:localhost:9999 host1 ssh -L 9999:localhost:1234 -N host2
This will open a tunnel from
localhost
tohost1
and another tunnel fromhost1
tohost2
. However the port9999
tohost2:1234
can be used by anyone onhost1
. This may or may not be a problem. -
Tunnel from
localhost
tohost1
and fromlocalhost
tohost2
:ssh -L 9998:host2:22 -N host1 ssh -L 9999:localhost:1234 -N -p 9998 localhost
This will open a tunnel from
localhost
tohost1
through which the SSH service onhost2
can be used. Then a second tunnel is opened fromlocalhost
tohost2
through the first tunnel.
Normally, I'd go with option 1.
If the connection from host1
to host2
needs to be secured, go with option 2.
Option 3 is mainly useful to access a service on host2
that is only reachable from host2
itself.
How to create ssh tunnels / ssh tunneling on Linux and FreeBSD with openssh
In corporate world it is also very useful to create and use SSH tunnel to Oracle Database. The same logic is in place:
ssh -T -N -L 1521:localhost:1521 mysoracleerver.example.com
C:Usersgeorgi>sqlplus mdinh/mdinh@127.0.0.1:1521/lax_db01
SQL*Plus: Release 11.2.0.1.0 Production on Mon Mar 11 00:00:14 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> select instance_name from v$instance;
INSTANCE_NAME
----------------
db01
SQL> select db_unique_name from v$database;
DB_UNIQUE_NAME
------------------------------
lax_db01
SQL> exit
Recent Comments by admin
Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
–rwo, –report-warnings-only
This option causes only warning messages to be displayed. This can be useful when rkhunter is run via cron. Other options may
be used to force other items of information to be displayed.
–sk, –skip-keypress
When the –check command option is used, after certain sections of tests, the user will be prompted to press the return key
in order to continue. This option disables that feature, and rkhunter will run until all the tests have completed.
Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet
As rkhunter check, can be pretty annoying and ask you to press keypresses multiple times and spit you a lot of unnecessery data a very good useful option arguments are:
–rwo and –sk
# rkhunter -c –rwo –sk
Warning: The SSH and rkhunter configuration options should be the same:
SSH configuration option 'PermitRootLogin': yes
Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
Sorry for really late reply.
perhaps you have to create it or rename the ifcfg-eno1 to ifcfg-eth1 or you have some old ifcfg-enp1s0f0 or ifcfg-eno still under /etc/sysconfig/network-scripts/ interfering
How to RPM update Hypervisors and Virtual Machines running Haproxy High Availability cluster on KVM, Virtuozzo without a downtime on RHEL / CentOS Linux
if you happen to be missing versionlock plugin and you need to get use of it
yum versionlock capabilities
You will have to install yum-utils package:
For example on CentOS 8 Linux, to enable the yum versionlock plugiun
yum install yum-utils.noarch
In case if by default log is not configured for snoopy,
these are default output locations on various Linux distributions:
Distribution | Snoopy output location | Notes |
---|---|---|
CentOS |
/var/log/secure
|
|
Debian |
/var/log/auth.log
|
|
Ubuntu |
/var/log/auth.log
|
|
(others) |
/var/log/messages
|
(potentially, could be elsewhere) |