Server Admin 10.5.3, SSH Tunnel to OSX Server 10.3.9.....

Similar Messages

• Using portal admin console through an ssh tunnel?

  I'm trying to login on the portal admin over an established ssh connection:
  - profile server listen on hostname.subdomain.domain, port 8080
  - an ssh tunnel (via portforwarding through a firewall) from client port
  10000 to profile server 8080
  - connect from webbrowser to http://localhost:10000/console
  that won't work: internal server errors. If i change my hosts file:
  localhost 127.0.0.1 hostname.subdomain.domain
  it works. But this is ugly and conflicts with DNS.
  So, how can i configure the profile server to accept connections over an ssh
  tunnel? Anyone any idea?
  regards, Jordi

  Hello,
  Does any one in BEA have an answer to this. I was stumped when asked by a client. Any response will be great.
  C

• Netbackup 6.0 admin console ssh tunnel to osx X11 server

  Hey guys, I have been attempting to use the built in xfree X server included with OSX, I have no problems using the ssh -X command to tunnel to the netbackup media server. I run the jnbpa java administration console, and the window opens on the mac, it is titled correctly, but none of the text or functions come over. (I know its all working, I have a linux session under parallels that exports the admin console with no problems). At first I thought it might be fonts or something, since the box pops up, shows the menubar on it, its just a grey scquare where the username/password/server should be. I then found out that the whole instance is actually frozen up. I cant close the grey box ethier. I have to xkill from another xterm or actually close the entire X11 server to close the attempt? Any help would be greatly apperciated.
  Thanks in advance, its a real pain having to Virtual a Linux session just to export a X window. Talk about a waste of resources.
  Thanks again.
  John

  Common, there has to been some "real" sys admins out there using mac's, its bsd for pete's sake. Maybe this bump will bring this back to the top where someone can maybe offer some insight. I've been reading about darwin ports, maybe xfree86 running as the XServe will help. But apple's X11 server should work as well. HELP...
  Thanks

• Using ssh tunneling to admin OS X server on a far-away LAN

  My Mac OS X Server 10.4 box is behind a gateway (dns, dhcp, nat, ipfw) box on a LAN. My workstation (the one I will be administering from) is on a different LAN. I don't want to open holes in my firewall, but I have an account on the firewall (I am the admin). I want to use ssh tunneling to administer the server. I have successfully done this with my old webstar box (which the OSX Server is replacing).
  Is it as simple as adding a port designation when I "Add Server" to the Server Admin and Workgroup Server? example:
  localhost:8331 or localhost:8625
  (8331 is the local end of the tunnel which ends up as 331 to the OSX server, and same for 8625) The OSX server doesn't care because it see the connections from the ports that it expects. I'm just wondering about configuring the admin apps which are on a different LAN.

  How do I bring up the file shares in a GUI
  You don't.  Not with Putty or an SSH connection.  Just share a folder from the PC and access it via SMB from the Mac to access it.
  http://support.apple.com/kb/HT1568

• SSH Tunnel to an Oracle SQL Server

  Hi all,
  I am attempting to set up an ssh tunnel from my local machine to an Oracle SQL server operating on a remote computer, and use it to run a perl script to extract things from that database.
  My question is, do I need to have an SQL client on the local machine for this to work? The remote computer does not have the Oracle DBD installed, while the local machine does (hence running the script on the local computer), but will the DBD hand of requests correctly through the ssh tunnel to the SQL server on the remote machine without a client on the local one?
  Thanks!

  The data access is all happening on the Oracle machine right? Then no, all your local machine needs is an ssh client - that's it. After that all processing is running on the server.

• Using Workgroup Manager via SSH tunnel

  Hi all,
  I'm attempting to use the Workgroup Manager app to remotely administer a OS X Tiger Server box. The server sits inside my company's LAN behind a firewall, which only allows traffic to the server on ports 21 (ftp), 22 (ssh), 80 (http) and 311 (server admin with SSL, I believe). All services on those ports work fine.
  My research on the net indicates that the Workgroup Manager app uses port 625, but since the hardware firewall is blocking traffic on that port to the server, I'd like to create an SSH tunnel to access it. I've tried the following command on my local machine (i.e., not the server):
  $ sudo ssh -L 625:localhost:625 [email protected]
  and am able to set up the tunnel with no problem. However when I try to connect Workgroup Manager (on the local machine) to localhost, it won't let me connect. So I tried telnetting to localhost port 625 (on the local machine) to see what's up, and received the following error:
  $ telnet localhost 625
  Trying ::1...
  Connected to localhost.
  Escape character is '^]'.
  Connection closed by foreign host.
  Am I missing something? I was under the impression that the SSH tunnel would allow me to access port 625 on the server via port 22. The software firewall is disabled on both machines, so it's not that. I'm not experienced with SSH tunnelling, so I could be totally wrong about the way this is supposed to work.
  Thanks in advance!

  A quick tcpdump here indicates that Workgroup Manager uses both 311 and 625 when establishing a connection to the server. It may be the lack of port 311 tunneling that's causing your problem.
  $ sudo ssh -L 625:localhost:625 -L 311:localhost:311 [email protected]

• SSH Tunnel to other SSH servers?

  I'm not sure how this can be done, with or even without an SSH tunnel.
  Here's my scenario:
  PowerBook@Work --> Firewall --> INTERNET --> Linksys Router/Firewall with port forwarding to Mac mini home server --> Mac mini --> Other Mac clients
  Obviously I can SSH into my Mac mini server from my PowerBook at work:
  ssh [email protected]
  However, what I want to do is, to ssh to the Other Mac client on my home LAN from my Work LAN. So far I accomplish this by SSH'ing into my Mac mini server and then SSH'ing from there to my other Mac clients (which all have static 192.168.X.X addresses).
  I have tried the following and it's doesn't seem to work:
  ssh -N -p 22 [email protected] -R 2110/example.com/22
  With port 2110 forwarded from my Linksys to my Other Mac client. Doesn't work.
  I know this is one of those scenarios where I "can't see the forest through the trees". Meaning, there must be an easier way? Any help?

  Paul,
  sorry for my mistake. I forgot the "yes" in the commandline.
  I wouldn't put all the different ssh connections into aliases of my .bashrc. SSH offers the use of a config file. Put everything there. It's easier to maintain and the recommended way for ssh.
  Create a plain text file in ~/.ssh/config (for example with vi). And put the following stuff in there.
  Host nicknameforyourhost
  Hostname hostname.example.com
  User yourusername
  In Addition you might want to add one of these:
  Port 22
  Protocol 2
  Compression yes
  ForwardX11 yes
  You can even put portforwardings, reflections etc. in there.
  LocalForward 10548 127.0.0.1:548 To tunnel AFP on the server.
  LocalForward 10080 127.0.0.1:80 To tunnel to an webserver running on the host that is blocked by the firewall.
  To tunnel ServerAdmin, Workgroup Manager and Server Monitor Connections to the host (if it's running Mac OS X Server)
  LocaLForward 311 127.0.0.1:311
  LocalForward 625 127.0.0.1:625
  LocalForward 687 127.0.0.1:687
  You then connect your admin apps to localhost. This one has to be done as root, as you're forwarding privileged ports.
  To forward an http connection to the webinterface of your router through the tunnel. Provided your LAN Range is 192.168.1.0 and your router is located at 192.168.1.1.
  LocalForward 10080 192.168.1.1:80
  You then connect your browser to http://localhost:10080/ and it will go through the tunnel, and be reflected from the host you connected to via SSH directly to the router. That way you could access your routers config pages without activating remote administration which is of course a lot more secure.
  For your particular problem:
  Create one Host entry with the actual machine that you connect to.
  Host myserver
  Hostname myserver.example.com
  User yourusername
  Protocol 2
  Port 22
  Compression yes
  LocalForward 10080 192.168.1.1:80 see example with router above
  LocalForward 10022 192.168.1.100:22 to create a ssh portreflector for host 192.168.1.100
  This config will allow you to connect to your server and access your router like I described above and also create a tunnel for another ssh connection to 192.168.1.100. To access that machine, create a second config in that file just a few lines below.
  Host myothermac
  Hostname localhost
  User yourusername
  Protocol 2
  Port 10022
  To use all that you enter into your terminal:
  $ ssh myserver
  Password:
  and from a second terminal:
  $ ssh myothermac
  Password:
  You're directly taken to the othermac. You can put as many options in ther as you like. See the man page for SSH what else you can put into a config file. I hope by now is clear why not to use aliases in your .bashrc. Do some experimenting, you cannot hurt anything.
  You could also do that from a screen session or just background the first SSH session from the terminal but that would make things unnecessarily more complex for the examples given.
  Hope that helped.
  Regards MacLemon

• Ssh tunnel how to set up in SL?

  I have a server running SL with the firewall activated.  I want to tunnel in to it from outside my own network, while on the road.  I have used SSH Tunnel Manager to do so in the past (like for 4 years) but can not get it to work today.
  On my SL Server 10.6.8 I can not find anywhere to open ports, but I understand that if I activate File Sharing and Remote Management it will open port 22.  Correct? 
  On my router I opened port 3283 and 5900.  Correct?
  Where I get stuck is what to put in to SSH Tunnel Manager.  I can not find any clear novice instructions for it anywhere.  And I am confused as to what to put where.
  Can anybody help?  Thanks.

  Thanks Bob, it is raining cats and dogs so good time to check.
  I got it all up and running. 
  I am testing from a real slow connection (on purpose as this what I have often being on the road) and the screen update is (too) slow.  I tried all your methods and can not see any different in speed (read slowness).
  BobHarris wrote:
  The reason I do this is because Chicken allows me to use reduced colors (like 8-bit colors), and the Vine Server both honors my reduced color request and it actually plays nice with reduced colors (the Mac OS X Screen Sharing server does not alway play nice with anything less then 32-bit colors, which needs a lot more bandwidth).
  Where or how do you implement this?  I can not find it anywhere.  I am on 10.6.8 btw.
  And what is more my connection over Mac's Screen Sharing client, having Vine Server server turned on or not on the remote Mac makes also no difference.  I can get in either way and speed is the same.
  Here is the setting of my remote Mac just in case I should not turn both, the last two, on:
  Than there is an other problem.
  I suppose this is not a problem as I am tunnelling in over SSH, but would like to make sure.
  I also tried to follow the instructions on the alert screen, but no such settings are to be found on the remote computer.  Must be an out of date message text.  Or am I blind?
  Looking forward to your wisdom.
  Message was edited by: ChangeAgent. 
  Had an external link for the images as they refused to upload.  Sometimes, when this happens, you can upload images after you post.  That worked so removed links.

• SSH tunneling to connect to remote computer

  Hi,
  I have to connect to my remote database(RHEL box) from a windows using SSH tunnel
  1. I have set up the SSH tunneling(with outgoing tunnel)
  2. I have made a entry in the TNSnames.ora file
  3. I establish connection to the remote server using SSH client and when i do tnsping
  i do get connection. Even when i change the host name to some unkown name i do get a tnsping but iam not able to connect to the database. do iam wrong anywhere
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
  -04)(PORT = 1523)) (CONNECT_DATA = (SID = ora1022b)))
  OK (800 msec)
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
  -04)(PORT = 1523)) (CONNECT_DATA = (SID = blablabla)))
  OK (800 msec)
  even when i change my sid name i get a tnsping. can anybody explain

  Hi,
  Looking for this schema below and see if help you:
             Secure Connection
     +---->-------[SSH]-------->-----+
     |                               |
     |                               |
     ^                               |
     |       Insecure Connection     v
  CLIENT---->--------------------> ORACLE
  ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                      |          |                |
                      |          |                |
                 A  LOCAL        |                |
                 B       INTERNAL IP ORACLE       |
                 C                       EXTERNAL IP (GATEWAY)
                                                       C                             B
        | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
        | Gateway |                                 |Gateway |                 192.148.1.251:1521
             .                                     200.10.11.12                                  
       A     .
     |Oracle Client|
     (TNSNAMES.ORA)
       <SERVICE> =
         (DESCRIPTION =
           (ADDRESS_LIST =                     
             (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
           (CONNECT_DATA =
             (SID = <SID>)
         )Cheers

• Jconsole - remote connection thru ssh-tunnel

  Hi all,
  I need to start jconsole on my windows-box and connect to a remote tomcat-server thru an ssh-tunnel.
  I have walked thru various posts and blogs, but finally couldn't get it running.
  On the linux-server, I have set the following JAVA_OPTS:
  export JAVA_OPTS='-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8888 -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.useLocalHostname=true -Dcom.sun.management.jmxremote.authenticate=false -Djava.rmi.server.hostname=myserver'myserver is the server-name that is resolved by the hostname-command. I also tried using localhost instead.
  On the client I run the following ssh-command to create the tunnel:
  ssh tomcat@myserver -L8888:myserver:8888 -N -vWhen I try to create a remote connection with jconsole using localhost:8888, I see the following output by ssh:
  debug1: Connection to port 8888 forwarding to myserver port 8888 requested.
  debug1: channel 1: new [direct-tcpip]
  debug1: channel 1: free: direct-tcpip: listening port 8888 for myserver port 8888, connect from 127.0.0.1 port 1618, nchannels 2It looks not too bad to me, but unfortunately, jconsole runs into a timeout after about 2 mins.
  On the server I see the following using netstat:
  tcp        0    168 myserver:ssh    mywindowsbox:3381  VERBUNDEN  
  tcp        0      0 myserver:ssh    mywindowsbox:1317  VERBUNDEN  
  tcp        0      0 myserver:44625  myserver:8888   TIME_WAIT  
  tcp        0      0 *:8888                      *:*                         LISTENIt appears to me that the tomcat-server is listening correctly on port 8888 for all incoming hosts (although localhost should be enough).
  Furthermore, it seems that the ssh-tunnel has been establised.
  Why the hell, jconsole still can't connect?

  Hiya.
  JMX connections use two ports. You need the RMI Registry and the RMI Stub. This first one you bound to port 8888, but the other one is probably still bound to a random port. You need to be able to access that one through SSH as well.
  Trouble is that the second port uses a random port and most application servers can't statically configure this one. See this article for possible solutions (be sure to read the follow ups as well) : http://blogs.sun.com/jmxetc/entry/connecting_through_firewall_using_jmx
  Cheers,
  Hugp

• Remote printing problem using ssh tunnel in Leopard

  Haho,
  I've recently installed Leopard, and I have unexpected difficulties with setting up remote printing to the printers of my University via ssh tunneling. The following procedure worked (and still works) under Tiger, but for some reason it doesn't work with Leopard (not just for me, but other friends also have the same issue as I do). The question is what could be the source of the problem and how could I get around it?
  So, I have the same short user name on my home Mac as my login name in the University system. Then, I set up the proper printers (IP printer, LPD protocol, Address: localhost, the appropriate queue and printer type etc.). Whenever I want to print from home to the University, I would open a Terminal window, and sudo ssh -L515:XXX.XXX.XXX.XXX:515 [email protected] . This is supposed to channel the printing which is sent to a localhost printer to the printers which can be reached through the University IP address.
  This method worked and works well under the latest version of Tiger, but not under Leopard (10.5, 9A581). I get no error messages, the printing seems to go through (at least no error seems to occur during spooling or logging in to the University with the terminal), but it simply doesn't prints out on the other end.
  I have no firewall or any other new network tools running which I'm aware of, and I'm not aware of any differences in the set-ups besides the change in the OS. The issue might be that of compatibility with the University printing system, but help in what exactly changed on the Mac side (something obviously did change) would help me a lot, especially since I don't think that the University technical crew would be very keen on (or competent in, for that matter) troubleshooting.
  Thanks in advance for your help!

  Had the same issue with MS Terminal Server printing over vpn tunnel.
  what kind of internet connection do you have? one which adds extra headers like pppoe ?
  for me ...
  sysopt connection tcpmss
  helped
  default is 1380 (1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes)

• Using launchd to create "on demand" ssh tunnel

  Hello,
  I've setup 2 LaunchAgents in my ~/Library/LaunchAgents/ directory, in order to provide 2 apps with an ssh tunnel connectivity "on demand".
  One of the plist is like this :
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>Debug</key>
  <false/>
  <key>Disabled</key>
  <false/>
  <key>Label</key>
  <string>my.ssh.tunnel</string>
  <key>ProgramArguments</key>
  <array>
  <string>/usr/bin/ssh</string>
  <string>-l</string>
  <string>mylogin</string>
  <string>-N</string>
  <string>-L</string>
  <string>port:final-server:port</string>
  <string>mylogin@ssh-gateway</string>
  </array>
  <key>Sockets</key>
  <dict>
  <key>Listeners</key>
  <dict>
  <key>Bonjour</key>
  <false/>
  <key>SockServiceName</key>
  <string>port</string>
  <key>SockType</key>
  <string>stream</string>
  </dict>
  </dict>
  <key>StandardErrorPath</key>
  <string>/tmp/mytunnel.err</string>
  <key>StandardOutPath</key>
  <string>/tmp/mytunnel.out</string>
  <key>inetdCompatibility</key>
  <dict>
  <key>Wait</key>
  <false/>
  </dict>
  <key>onDemand</key>
  <true/>
  </dict>
  </plist>
  When I launch the application that makes a tcp request on localhost:port, the tunnel is created, this part is OK. But, the application is unable to use it. I have to quit and restart it so that it can use the ssh tunnel.
  Any idea why it behaves like this ? Any workaround ?
  PowerMac G5 2*2GHz   Mac OS X (10.4.6)  

  In fact, the idea of a wrapper script is not very appealing to me. The apps I launch use GUI. I could design an Applescript to "init" the tunnel then launch the true application, but I find it quite complicated and very unsatisfactory.
  Your telnet command succeed in activating the launchd item, but it returns nothing :
  $ echo "^]quit" | telnet localhost 1190
  Trying ::1...
  Connected to localhost.
  Escape character is '^]'.
  Connection closed by foreign host.
  $
  then, a `ps` shows the launchproxy process while it's opening the tunnel. This steps last for few seconds, the tunnel seems to be unavailable while launchproxy runs (in fact, launchproxy seems to run until the tunnel is fully established).
  The TCPKeepAlive option is not interesting in my context, I've monitored the ssh tunnel, once it's established, it won't close, even if the application supposed to be using it is not launched.
  I think my problem has no elegant solution. Such a solution could be for launchd/launchproxy to store the application queries, and to feed them into the tunnel once it is open. So, the app would just hang waiting for the tunnel to be fully established, and would get it's response after that. For now, the application hangs for ever. I have to force it to reissue it's network request so that it can reach the remote end of the tunnel.

• Error making an ssh tunnel

  I'm getting an error trying to create an ssh tunnel.
  *ssh –L 10548:localhost:548 [email protected]*
  returns
  *ssh: Error resolving hostname \342\200\223L: nodename nor servname provided, or not known*
  normal ssh works ok so the problem is with localhost. This only happens on one of my computers. the other one connects fine using the same internet connection.
  P.S. I just checked and this only happens on one user account. the rest are fine.
  Message was edited by: V.K.
  this thread is the continuation of [this one|http://discussions.apple.com/thread.jspa?messageID=7218912#7218912].
  Message was edited by: V.K.

  Very strange. I wonder what \342\200\223L means. You can create a tunnel to the same [email protected] from another account on the same client Mac?
  The localhost parameter is actually sent to the server, i.e. it means that sshd should connect port 548 on localhost. What if you put "10548:localhost:548" in quotes? Or try "*ssh –L 10548:my.computer.at.work:548 [email protected]*". You could also try moving or renaming your local ~/.ssh folder to make sure there are no local user settings that are confusing things.

• Attach ethernet port to SSH tunnel

  Anyone know if I can setup one ethernet port on a Mac Pro to provide DHCP/NAT and direct all traffic on that port to an SSH tunnel?
  What I want to be able to do is create an SSH tunnel to a proxy server and then have any device I plug into one of my ethernet ports go through that tunnel/proxy.
  I have the tunnel/proxy working by creating a network location with a SOCKS proxy server at 127.0.0.1 port 2001 and then doing ssh -D 2001, but not sure how/if I can connect it to the physical ethernet port plus provide DHCP/NAT as well.
  I have OSX Server 10.6.4 if that helps.

  Hin j.v.,
  It is possible to iChat Bonjour over a Virtual Private Network , yes.
  2:33 PM Thursday; May 4, 2006

• Why does my ssh tunnel drop when I switch on a system wide proxy

  The subject says pretty clearly what is puzzling me. After I establish a connection via ssh and initiate a tunnel for email access through a corporate firewall (using Apple Mail as the client and POP3 for the protocol), I find that enabling a system wide proxy (socks5, http, and https) via the same ssh tunnel causes the email to stop working. Upon switching, the http proxy (Safari) works fine -- e.g. the tunnel is healthy. This confuses me. The ssh link which hosts several tunnels is fine. I am forwarding local port 10025 and 10110 on the tunnel to a mail server behind the firewall. The socks5 proxy and http proxy are running on local ports 11080, 18080, and 18080, respectively. Why is Apple mail paying attention to the proxy settings at all? It would seem that since Apple Mail makes no attempt to connect (via the Activity window) that the link is dead, however, turning off the proxy brings the email tunnel back to normal. Wierd. Any advice? This is running on a normal 10.4 (not server), but I don't think there are any significant differences in behavior. I asked on the networking discussion, but got no response.

  Two things jump into my mind: poor WiFi signal strength on the desktop PC or a dirty OS installation on the desktop PC. I'm quite sure that this has nothing to do with the cisco VPN client itself.
  Assuming that you reach your remote workspace through the cisco VPN client it might also be that the remote part (the VPN concentrator) gets congested and drops your connection but than other employees would complain as well (can be checked with your ICT guys).
  The thing is: when you lose Internet connection on your laptop while surfing a web site and connection comes back again within no time you won't notice anything. If the same happens to a system constantly receiving encrypted packets and some are missing the VPN client will drop the connection. Completely different protocols (http/ipsec) that are differently prone to packet drops...