Using ssh tunneling to admin OS X server on a far-away LAN

Similar Messages

• SSH Tunnel to an Oracle SQL Server

  Hi all,
  I am attempting to set up an ssh tunnel from my local machine to an Oracle SQL server operating on a remote computer, and use it to run a perl script to extract things from that database.
  My question is, do I need to have an SQL client on the local machine for this to work? The remote computer does not have the Oracle DBD installed, while the local machine does (hence running the script on the local computer), but will the DBD hand of requests correctly through the ssh tunnel to the SQL server on the remote machine without a client on the local one?
  Thanks!

  The data access is all happening on the Oracle machine right? Then no, all your local machine needs is an ssh client - that's it. After that all processing is running on the server.

• Remote printing problem using ssh tunnel in Leopard

  Haho,
  I've recently installed Leopard, and I have unexpected difficulties with setting up remote printing to the printers of my University via ssh tunneling. The following procedure worked (and still works) under Tiger, but for some reason it doesn't work with Leopard (not just for me, but other friends also have the same issue as I do). The question is what could be the source of the problem and how could I get around it?
  So, I have the same short user name on my home Mac as my login name in the University system. Then, I set up the proper printers (IP printer, LPD protocol, Address: localhost, the appropriate queue and printer type etc.). Whenever I want to print from home to the University, I would open a Terminal window, and sudo ssh -L515:XXX.XXX.XXX.XXX:515 [email protected] . This is supposed to channel the printing which is sent to a localhost printer to the printers which can be reached through the University IP address.
  This method worked and works well under the latest version of Tiger, but not under Leopard (10.5, 9A581). I get no error messages, the printing seems to go through (at least no error seems to occur during spooling or logging in to the University with the terminal), but it simply doesn't prints out on the other end.
  I have no firewall or any other new network tools running which I'm aware of, and I'm not aware of any differences in the set-ups besides the change in the OS. The issue might be that of compatibility with the University printing system, but help in what exactly changed on the Mac side (something obviously did change) would help me a lot, especially since I don't think that the University technical crew would be very keen on (or competent in, for that matter) troubleshooting.
  Thanks in advance for your help!

  Had the same issue with MS Terminal Server printing over vpn tunnel.
  what kind of internet connection do you have? one which adds extra headers like pppoe ?
  for me ...
  sysopt connection tcpmss
  helped
  default is 1380 (1380 data + 20 TCP + 20 IP + 24 AH + 24 ESP_CIPHER + 12 ESP_AUTH + 20 IP = 1500 bytes)

• Crashes when using SSH tunnel

  Anyone have a workaround for Safari crashing when tunneling over ssh. I'm using an SSH tunnel when working at coffee shops and Safari keeps on crashing. I'm doing a:
  ssh [email protected] -D 8080
  to set up my tunnel. Is there a fix, perhaps using another port?
  Cheers
  Richard

  Leopard fixes the problem! Horrrahhh!

• In a Sharepoint 2013 Server farm how far away can the backup of failover cluster servers be located away from the primary servers

  Hello Community
      When you setup a Sharepoint 2013 Server farm
  if you want to provide failover clustering, can
  the servers that the Sharepoint 2013 Server farm
  failover to be located off-site in a different
  location (i.e. how far away can the servers the
  the primary server in the Sharepoint 2013 Server
  farm be away from the failover cluster of backup
  Sharepoint 2013 Server farm servers in distance?
      Thank you
      Shabeaut

  Hiya,
  this article describes in detail the different aspects of creating a highly available SharePoint 2013 server farm.
  Create a high availability architecture and strategy for SharePoint 2013
  http://technet.microsoft.com/en-us/library/cc748824%28v=office.15%29.aspx

• Ssh tunnel how to set up in SL?

  I have a server running SL with the firewall activated.  I want to tunnel in to it from outside my own network, while on the road.  I have used SSH Tunnel Manager to do so in the past (like for 4 years) but can not get it to work today.
  On my SL Server 10.6.8 I can not find anywhere to open ports, but I understand that if I activate File Sharing and Remote Management it will open port 22.  Correct? 
  On my router I opened port 3283 and 5900.  Correct?
  Where I get stuck is what to put in to SSH Tunnel Manager.  I can not find any clear novice instructions for it anywhere.  And I am confused as to what to put where.
  Can anybody help?  Thanks.

  Thanks Bob, it is raining cats and dogs so good time to check.
  I got it all up and running. 
  I am testing from a real slow connection (on purpose as this what I have often being on the road) and the screen update is (too) slow.  I tried all your methods and can not see any different in speed (read slowness).
  BobHarris wrote:
  The reason I do this is because Chicken allows me to use reduced colors (like 8-bit colors), and the Vine Server both honors my reduced color request and it actually plays nice with reduced colors (the Mac OS X Screen Sharing server does not alway play nice with anything less then 32-bit colors, which needs a lot more bandwidth).
  Where or how do you implement this?  I can not find it anywhere.  I am on 10.6.8 btw.
  And what is more my connection over Mac's Screen Sharing client, having Vine Server server turned on or not on the remote Mac makes also no difference.  I can get in either way and speed is the same.
  Here is the setting of my remote Mac just in case I should not turn both, the last two, on:
  Than there is an other problem.
  I suppose this is not a problem as I am tunnelling in over SSH, but would like to make sure.
  I also tried to follow the instructions on the alert screen, but no such settings are to be found on the remote computer.  Must be an out of date message text.  Or am I blind?
  Looking forward to your wisdom.
  Message was edited by: ChangeAgent. 
  Had an external link for the images as they refused to upload.  Sometimes, when this happens, you can upload images after you post.  That worked so removed links.

• SSH tunneling to connect to remote computer

  Hi,
  I have to connect to my remote database(RHEL box) from a windows using SSH tunnel
  1. I have set up the SSH tunneling(with outgoing tunnel)
  2. I have made a entry in the TNSnames.ora file
  3. I establish connection to the remote server using SSH client and when i do tnsping
  i do get connection. Even when i change the host name to some unkown name i do get a tnsping but iam not able to connect to the database. do iam wrong anywhere
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
  -04)(PORT = 1523)) (CONNECT_DATA = (SID = ora1022b)))
  OK (800 msec)
  Used TNSNAMES adapter to resolve the alias
  Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = ISIL-PRJ
  -04)(PORT = 1523)) (CONNECT_DATA = (SID = blablabla)))
  OK (800 msec)
  even when i change my sid name i get a tnsping. can anybody explain

  Hi,
  Looking for this schema below and see if help you:
             Secure Connection
     +---->-------[SSH]-------->-----+
     |                               |
     |                               |
     ^                               |
     |       Insecure Connection     v
  CLIENT---->--------------------> ORACLE
  ssh2 -l oracle -L 1521:192.148.1.251:1521 200.10.11.12
                      |          |                |
                      |          |                |
                 A  LOCAL        |                |
                 B       INTERNAL IP ORACLE       |
                 C                       EXTERNAL IP (GATEWAY)
                                                       C                             B
        | Firewall| . . . . .|INTERNET| . . . . . . |Firewall| . . . . . . . . . . |ORACLE|
        | Gateway |                                 |Gateway |                 192.148.1.251:1521
             .                                     200.10.11.12                                  
       A     .
     |Oracle Client|
     (TNSNAMES.ORA)
       <SERVICE> =
         (DESCRIPTION =
           (ADDRESS_LIST =                     
             (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.1)(PORT = 1521))
           (CONNECT_DATA =
             (SID = <SID>)
         )Cheers

• Set up SSH Tunneling

  I am new to setting up SSH tunneling on my Mac server. I understand the idea behind tunneling but how would I go about setting it up, on both my client Mac and server Mac? I am running Mavericks Server on my Mac btw.
  Thanks!

  I'm going to infer that you're (also) not familiar with VPNs in the following.
  Generic sequence: open up the necessary ports and protocols at your firewall for tunnel or VPN pass-through, and configure the tunnel or VPN server, and configure the VPN or tunnel client.  
  Here's a list of the ports, and make sure you distinguish TCP ports, UDP ports, and protocols; those three are all different, when you're configuring a firewall. 
  ssh uses TCP port 22 by default, though other ports can be selected.
  With OS X and OS X Server, L2TP via IPSec and PPTP VPN clients and servers are available, and are very common choices.
  Or yes, you can go old-school, and use ssh tunneling if you really want to.  There's an overview of that process here. 
  If you're into using the command line (I happen to be), then straight ssh (and sometimes ssh tunneling) can be handy, but most folks with OS X will probably want to use an L2TP VPN — I use that regularly, too.  Based on the way you're asking this question, I'd probably guess you'll want to use L2TP/IPSec via NAT VPN passthrough in whatever box you're using as a gateway, and skip the ssh tunneling for now.  (This configuration and this approach would be more common than ssh tunneling in general, though there are cases where you might want or need to use ssh tunneling or some other alternaitve to L2TP/IPSec.)

• Ssh tunneling and .Mac

  Hi:
  My employer has cut off all access to external POP and IMAP accounts and has advised me to use ssh tunneling to access my .Mac email account and xs4all.nl account from within the institute where I work. Is it at all possible to access my .Mac account using ssh tunneling? If so, could anyone point me to some sort of protocol? Thanks in advance.
  Kinds regards,
  Bas
  15" PowerBook G4 @ 1.67 GHz   Mac OS X (10.3.9)   I also look after a clamshell iBook G3 SE and an iMac Graphite SE

  Hi Tim:
  SSH tunneling is straightforward once you know the
  correct ports of the service you wish to use.
  I have found this hint at
  macosxhints which shows you how to use pop and imap
  over ssh.
  Once again, thanks. I am now able to make a tunnel using my POP account of XS4ALL. However, do you or anyone else know whether it is at all possible to get it to work with my .Mac mail account? So far no luck.
  Kind regards,
  Bas
  15" PowerBook G4 @ 1.67 GHz   Mac OS X (10.3.9)   I also look after a clamshell iBook G3 SE and an iMac Graphite SE

• Netbackup 6.0 admin console ssh tunnel to osx X11 server

  Hey guys, I have been attempting to use the built in xfree X server included with OSX, I have no problems using the ssh -X command to tunnel to the netbackup media server. I run the jnbpa java administration console, and the window opens on the mac, it is titled correctly, but none of the text or functions come over. (I know its all working, I have a linux session under parallels that exports the admin console with no problems). At first I thought it might be fonts or something, since the box pops up, shows the menubar on it, its just a grey scquare where the username/password/server should be. I then found out that the whole instance is actually frozen up. I cant close the grey box ethier. I have to xkill from another xterm or actually close the entire X11 server to close the attempt? Any help would be greatly apperciated.
  Thanks in advance, its a real pain having to Virtual a Linux session just to export a X window. Talk about a waste of resources.
  Thanks again.
  John

  Common, there has to been some "real" sys admins out there using mac's, its bsd for pete's sake. Maybe this bump will bring this back to the top where someone can maybe offer some insight. I've been reading about darwin ports, maybe xfree86 running as the XServe will help. But apple's X11 server should work as well. HELP...
  Thanks

• Server Admin 10.5.3, SSH Tunnel to OSX Server 10.3.9.....

  I used to connect to my 10.3.9 server using Server Admin + an SSH tunnel that forwarded tcp port 311 from my localhost to the 10.3.9 server.
  Since Software Update upgraded the Server Admin tool to 10.5.3, I've been unable to connect to my 10.3.9 server. The Tunnel works fine, but the Admin Tool won't connect to the server. (Says there's no server at the address I entered.)
  Any ideas?

  Hi
  I could be wrong but I'm surprised you can even connect let alone admin a 10.3 server with 10.5 Admin tools? See:
  http://support.apple.com/kb/HT1822
  Specifically: "Mac OS X 10.5 admin tools only work with Mac OS X Server 10.4.11 or later." and "To administer a Mac OS X 10.3 server, you can use either Mac OS X 10.3 or 10.4 admin tools."
  http://docs.info.apple.com/article.html?artnum=301254
  Tony

• Using portal admin console through an ssh tunnel?

  I'm trying to login on the portal admin over an established ssh connection:
  - profile server listen on hostname.subdomain.domain, port 8080
  - an ssh tunnel (via portforwarding through a firewall) from client port
  10000 to profile server 8080
  - connect from webbrowser to http://localhost:10000/console
  that won't work: internal server errors. If i change my hosts file:
  localhost 127.0.0.1 hostname.subdomain.domain
  it works. But this is ugly and conflicts with DNS.
  So, how can i configure the profile server to accept connections over an ssh
  tunnel? Anyone any idea?
  regards, Jordi

  Hello,
  Does any one in BEA have an answer to this. I was stumped when asked by a client. Any response will be great.
  C

• Using Workgroup Manager via SSH tunnel

  Hi all,
  I'm attempting to use the Workgroup Manager app to remotely administer a OS X Tiger Server box. The server sits inside my company's LAN behind a firewall, which only allows traffic to the server on ports 21 (ftp), 22 (ssh), 80 (http) and 311 (server admin with SSL, I believe). All services on those ports work fine.
  My research on the net indicates that the Workgroup Manager app uses port 625, but since the hardware firewall is blocking traffic on that port to the server, I'd like to create an SSH tunnel to access it. I've tried the following command on my local machine (i.e., not the server):
  $ sudo ssh -L 625:localhost:625 [email protected]
  and am able to set up the tunnel with no problem. However when I try to connect Workgroup Manager (on the local machine) to localhost, it won't let me connect. So I tried telnetting to localhost port 625 (on the local machine) to see what's up, and received the following error:
  $ telnet localhost 625
  Trying ::1...
  Connected to localhost.
  Escape character is '^]'.
  Connection closed by foreign host.
  Am I missing something? I was under the impression that the SSH tunnel would allow me to access port 625 on the server via port 22. The software firewall is disabled on both machines, so it's not that. I'm not experienced with SSH tunnelling, so I could be totally wrong about the way this is supposed to work.
  Thanks in advance!

  A quick tcpdump here indicates that Workgroup Manager uses both 311 and 625 when establishing a connection to the server. It may be the lack of port 311 tunneling that's causing your problem.
  $ sudo ssh -L 625:localhost:625 -L 311:localhost:311 [email protected]

• Using launchd to create "on demand" ssh tunnel

  Hello,
  I've setup 2 LaunchAgents in my ~/Library/LaunchAgents/ directory, in order to provide 2 apps with an ssh tunnel connectivity "on demand".
  One of the plist is like this :
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>Debug</key>
  <false/>
  <key>Disabled</key>
  <false/>
  <key>Label</key>
  <string>my.ssh.tunnel</string>
  <key>ProgramArguments</key>
  <array>
  <string>/usr/bin/ssh</string>
  <string>-l</string>
  <string>mylogin</string>
  <string>-N</string>
  <string>-L</string>
  <string>port:final-server:port</string>
  <string>mylogin@ssh-gateway</string>
  </array>
  <key>Sockets</key>
  <dict>
  <key>Listeners</key>
  <dict>
  <key>Bonjour</key>
  <false/>
  <key>SockServiceName</key>
  <string>port</string>
  <key>SockType</key>
  <string>stream</string>
  </dict>
  </dict>
  <key>StandardErrorPath</key>
  <string>/tmp/mytunnel.err</string>
  <key>StandardOutPath</key>
  <string>/tmp/mytunnel.out</string>
  <key>inetdCompatibility</key>
  <dict>
  <key>Wait</key>
  <false/>
  </dict>
  <key>onDemand</key>
  <true/>
  </dict>
  </plist>
  When I launch the application that makes a tcp request on localhost:port, the tunnel is created, this part is OK. But, the application is unable to use it. I have to quit and restart it so that it can use the ssh tunnel.
  Any idea why it behaves like this ? Any workaround ?
  PowerMac G5 2*2GHz   Mac OS X (10.4.6)  

  In fact, the idea of a wrapper script is not very appealing to me. The apps I launch use GUI. I could design an Applescript to "init" the tunnel then launch the true application, but I find it quite complicated and very unsatisfactory.
  Your telnet command succeed in activating the launchd item, but it returns nothing :
  $ echo "^]quit" | telnet localhost 1190
  Trying ::1...
  Connected to localhost.
  Escape character is '^]'.
  Connection closed by foreign host.
  $
  then, a `ps` shows the launchproxy process while it's opening the tunnel. This steps last for few seconds, the tunnel seems to be unavailable while launchproxy runs (in fact, launchproxy seems to run until the tunnel is fully established).
  The TCPKeepAlive option is not interesting in my context, I've monitored the ssh tunnel, once it's established, it won't close, even if the application supposed to be using it is not launched.
  I think my problem has no elegant solution. Such a solution could be for launchd/launchproxy to store the application queries, and to feed them into the tunnel once it is open. So, the app would just hang waiting for the tunnel to be fully established, and would get it's response after that. For now, the application hangs for ever. I have to force it to reissue it's network request so that it can reach the remote end of the tunnel.

• Not able to login to router using ssh when TACACS server is down

  When TACACS server is not reachable router is not allowing the local password to login using ssh. Router's SSH debug says authentication is successful but ssh client gets % Authorization failed meassage and disconnects.
  kindly see below debug output and config
  SSH server end:
  Sep 1 13:25:10.161: SSH1: starting SSH control process
  Sep 1 13:25:10.165: SSH1: sent protocol version id SSH-1.5-Cisco-1.25
  Sep 1 13:25:10.241: SSH1: protocol version id is - SSH-1.5-Cisco-1.25
  Sep 1 13:25:10.241: SSH1: SSH_SMSG_PUBLIC_KEY msg
  Sep 1 13:25:10.397: SSH1: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
  Sep 1 13:25:10.397: SSH: RSA decrypt started
  Sep 1 13:25:10.925: SSH: RSA decrypt finished
  Sep 1 13:25:10.925: SSH: RSA decrypt started
  Sep 1 13:25:11.165: SSH: RSA decrypt finished
  Sep 1 13:25:11.197: SSH1: sending encryption confirmation
  Sep 1 13:25:11.197: SSH1: keys exchanged and encryption on
  Sep 1 13:25:11.269: SSH1: SSH_CMSG_USER message received
  Sep 1 13:25:11.269: SSH1: authentication request for userid rao
  Sep 1 13:25:16.297: SSH1: SSH_SMSG_FAILURE message sent
  Sep 1 13:25:17.313: SSH1: SSH_CMSG_AUTH_PASSWORD message received
  Sep 1 13:25:17.317: SSH1: authentication successful for rao
  Sep 1 13:25:17.413: SSH1: requesting TTY
  Sep 1 13:25:17.413: SSH1: setting TTY - requested: length 25, width 80; set: le
  ngth 25, width 80
  Sep 1 13:25:17.525: SSH1: SSH_CMSG_EXEC_SHELL message received
  Sep 1 13:25:17.525: SSH1: starting shell for vty
  Sep 1 13:25:25.033: SSH1: Session terminated normally
  SSH Client end Log:
  % Authorization failed.
  [Connection to 10.255.15.2 closed by foreign host]
  COnfig:
  aaa authentication login default group tacacs+ line local
  aaa authentication login NO_AUTH line
  aaa authorization config-commands
  aaa authorization exec default group tacacs+ if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa authorization configuration default group tacacs+
  aaa accounting exec default start-stop group tacacs+
  aaa accounting connection default start-stop group tacacs+
  ip domain-name cbi.co.in
  crypto key generate rsa
  ip ssh time-out 60
  ip ssh authentication-retries 3
  line vty 0 4
  password xxxx
  transport input telnet ssh
  Kindly reply your views

  I believe that the key to understanding your problem is to recognize the subtle difference between authentication and authorization. The authentication process appears that it does succeed but the authorization process has failed according to your error message:
  % Authorization failed.
  I see that most of your authorization commands include the parameter if-authenticated. But this command does not:
  aaa authorization config-commands
  I would suggest that you add the if-authenticated parameter to this command and see if it does not fix your problem.
  HTH
  Rick