=> VCN CIDR : 192.168.40.0/24
=> Subnet CIDR : 192.168.40.0/27
=> Target private instance IP : 192.168.40.20
=> Navigate to Identity & Security => Bastion => Click on Create Bastion
Select target compute instance VCN and Subnet and give 0.0.0.0/0 under CIDR block allowlist to allow all IP's to connect to target instance through bastion and click on Create Bastion
=> Bastion gets created in few minutes
=> Click on Bastion name and Click on Create Session
=> For Session Type, select SSH port forwarding session
Select connect to target host by using instance name option and select the target instance.
Upload public key to login to bastion.
Click on Create Session
The session will expire in 3 hours by default. You can increase this duration in advance settings.
=> Add an Ingress rule in compute instance subnet to allow SSH connections from bastion and source IP's. Here I am adding 0.0.0.0/0 to allow connection from any IP.
Subnet => Security Lists => Default Security List => Ingress Rule
=> Copy the SSH command from bastion session
=> Update the private key and local port and run the ssh command in a terminal / PowerShell in Windows. If the command is successful it will show "debug1: pledge: network" at the end. Command will not exit, do not cancel the session.
=> Connecting from a linux terminal
[opc@ebs-demo-instance-001 keys]$ ssh -v -i private-test.pem -N -L 8001:192.168.40.20:22 -p 22 ocid1.bastionsession.oc1.ap-hyderabad-1.amaaaaaaaklvx7yay3nxqvyyctewnqs3xm2xxs4ppm7hymsuslpiyg36zg2q@host.bastion.ap-hyderabad-1.oci.oraclecloud.com
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "host.bastion.ap-hyderabad-1.oci.oraclecloud.com" port 22
debug2: ssh_connect_direct: needpriv 0
.
.
.
debug1: Entering interactive session.
debug1: pledge: network
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug2: resolving "host.bastion.ap-hyderabad-1.oci.oraclecloud.com" port 22
debug2: ssh_connect_direct: needpriv 0
.
.
.
debug1: Entering interactive session.
debug1: pledge: network
=> Open duplicate session and connect to target instance using below command
[opc@ebs-demo-instance-001 keys]$ ssh -i private-test.pem -p 8001 opc@localhost
The authenticity of host '[localhost]:8001 ([::1]:8001)' can't be established.
ECDSA key fingerprint is SHA256:9uLAy1pB0UhgvOf1SE4ighunQIbKJIh2bvh1V/DE96E.
ECDSA key fingerprint is MD5:d9:dc:c5:ec:12:e5:7e:bc:02:d1:93:d7:1a:d4:98:e9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:8001' (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket
[opc@private-001-instance-20221030-2120 ~]$ hostname
private-001-instance-20221030-2120
[opc@private-001-instance-20221030-2120 ~]$ hostname -i
192.168.40.20
[opc@private-001-instance-20221030-2120 ~]$
The authenticity of host '[localhost]:8001 ([::1]:8001)' can't be established.
ECDSA key fingerprint is SHA256:9uLAy1pB0UhgvOf1SE4ighunQIbKJIh2bvh1V/DE96E.
ECDSA key fingerprint is MD5:d9:dc:c5:ec:12:e5:7e:bc:02:d1:93:d7:1a:d4:98:e9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:8001' (ECDSA) to the list of known hosts.
Activate the web console with: systemctl enable --now cockpit.socket
[opc@private-001-instance-20221030-2120 ~]$ hostname
private-001-instance-20221030-2120
[opc@private-001-instance-20221030-2120 ~]$ hostname -i
192.168.40.20
[opc@private-001-instance-20221030-2120 ~]$
=> Connecting from Power Shell
PS C:\Users\CHARAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\keys> ssh -v -i ssh-key-2022-10-22.key -N -L 8001:192.168.0.214:22 -p 22 ocid1.bastionsession.oc1.ap-hyderabad-1.amaaaaaaaklvx7yafzvst7cnfwy4oml2gzcpolfm4znkrbubnx4qcnihtzyq@host.bastion.ap-hyderabad-1.oci.oraclecloud.com
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to host.bastion.ap-hyderabad-1.oci.oraclecloud.com [129.148.134.189] port 22.
debug1: Connection established.
debug1: identity file ssh-key-2022-10-22.key type -1
debug1: identity file ssh-key-2022-10-22.key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version Go
debug1: no match: Go
debug1: Authenticating to host.bastion.ap-hyderabad-1.oci.oraclecloud.com:22 as 'ocid1.bastionsession.oc1.ap-hyderabad-1.amaaaaaaaklvx7yafzvst7cnfwy4oml2gzcpolfm4znkrbubnx4qcnihtzyq'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256-etm@openssh.com compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:/8PTP1QCDr0NFSib8f5T6lzPQekHJjn0B4GLveAgw3w
debug1: Host 'host.bastion.ap-hyderabad-1.oci.oraclecloud.com' is known and matches the RSA host key.
debug1: Found key in C:\\Users\\CHARAN/.ssh/known_hosts:2
debug1: rekey out after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: ssh-key-2022-10-22.key explicit
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: ssh-key-2022-10-22.key
debug1: Authentication succeeded (publickey).
Authenticated to host.bastion.ap-hyderabad-1.oci.oraclecloud.com ([129.148.134.189]:22).
debug1: Local connections to LOCALHOST:8001 forwarded to remote address 192.168.0.214:22
debug1: Local forwarding listening on ::1 port 8001.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8001.
debug1: channel 1: new [port listener]
debug1: Entering interactive session.
debug1: pledge: network
.
.
=> Open duplicate session and connect to target instance using below command
ssh -v -i 'C:\Users\CHARAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\keys\ssh-key-2022-10-22.key' -p 8001 opc@localhost
OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2
debug1: Connecting to localhost [127.0.0.1] port 8001.
debug1: Connection established.
debug1: identity file C:\\Users\\CHARAN\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\keys\\ssh-key-2022-10-22.key type -1
debug1: identity file C:\\Users\\CHARAN\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\keys\\ssh-key-2022-10-22.key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.0
debug1: match: OpenSSH_8.0 pat OpenSSH* compat 0x04000000
debug1: Authenticating to localhost:8001 as 'opc'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:bBP2qtAW57rwdne9D6u3Ldtb5RlZEoQ8JBUlRu6aaIc
debug1: checking without port identifier
debug1: read_passphrase: can't open /dev/tty: No such file or directory
The authenticity of host '[localhost]:8001 ([127.0.0.1]:8001)' can't be established.
ECDSA key fingerprint is SHA256:bBP2qtAW57rwdne9D6u3Ldtb5RlZEoQ8JBUlRu6aaIc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:8001' (ECDSA) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\CHARAN\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\keys\\ssh-key-2022-10-22.key explicit
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: C:\\Users\\CHARAN\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\keys\\ssh-key-2022-10-22.key
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:8001).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: ENABLE_VIRTUAL_TERMINAL_INPUT is supported. Reading the VTSequence from console
debug1: ENABLE_VIRTUAL_TERMINAL_PROCESSING is supported. Console supports the ansi parsing
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /home/opc/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
Activate the web console with: systemctl enable --now cockpit.socket
[opc@instance-001-20221108-1050 ~]$
[opc@instance-001-20221108-1050 ~]$
[opc@instance-001-20221108-1050 ~]$
[opc@instance-001-20221108-1050 ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 300M 0 300M 0% /dev
tmpfs 341M 0 341M 0% /dev/shm
tmpfs 341M 4.9M 336M 2% /run
tmpfs 341M 0 341M 0% /sys/fs/cgroup
/dev/mapper/ocivolume-root 36G 5.0G 31G 14% /
/dev/mapper/ocivolume-oled 10G 107M 9.9G 2% /var/oled
/dev/sda2 1014M 324M 691M 32% /boot
/dev/sda1 100M 5.0M 95M 6% /boot/efi
tmpfs 69M 0 69M 0% /run/user/0
tmpfs 69M 0 69M 0% /run/user/1000
[opc@instance-001-20221108-1050 ~]$ sudo su - root
[root@instance-001-20221108-1050 ~]#
No comments:
Post a Comment