SSH access to Jelastic cloud
A distinctive feature of Jelastic can be considered a convenient UI, which allows you to manage many processes in your environment without much difficulty. The main features are available in the control panel, but sometimes the user needs to dive deeper to make additional settings in a particular container in order to customize, improve performance, etc. Therefore, we have provided the ability to access containers through SSH. In this article we will talk about this feature and its use in the Jelastic cloud.
SSH (Secure Shell) is a protocol used to securely connect to a remote container and perform operations on it. SSH commands are encrypted and secure: the client / server connection is authenticated using a digital certificate, and passwords are also protected by encryption.
To provide SSH access to Jelastic, we added a new infrastructure component - SSH Gateway (SSH gateway) . It accepts user connections from the Internet and transfers them to the desired container over the internal network.
')
Authentication procedure in Jelastic SSH gateway is divided into two independent parts:
Both stages are based on the standard SSH protocol and use a cryptographic pair (public and private keys).
Using Jelastic SSH Gateway, you can easily access:
When accessing containers through SSH, the user obtains all necessary permissions and can additionally manage basic services using the following type of sudo commands (and others):
sudo /etc/init.d/jetty start
sudo /etc/init.d/mysql stop
sudo /etc/init.d/tomcat restart
sudo /etc/init.d/memcached status
sudo /etc/init.d/mongod reload
sudo /etc/init.d/nginx upgrade
sudo /etc/init.d/httpd help
In addition, Jelastic supports SFTP (Secure File Transfer Protocol), thanks to the introduction of a streaming daemon to handle SFTP connections. This allows you to access files, manage them and transfer them directly to the container through an SSH gateway, which ensures complete data security.
Another secure network protocol is FISH (Files transferred over Shell protocol). It is supported by several popular FTP clients and file managers such as Midnight Commander Konqueror, lftp, Krusader, and others. FISH provides the user with secure access and control of the container file system.
Below we will explain how you can:
The procedure for generating an SSH key depends on the operating system you are using:
Generate a new SSH key (DSA or RSA) using the ssh_keygen tool:
1. Generate using the following command:
$ ssh-keygen -t dsa
2. To get the key, go to the id_dsa.pub file .
~ $
~ / .ssh $ cat
id_dsa id_dsa.pub known_hosts
~ / .ssh $ cat id_dsa.pub
3. Copy the generated SSH key.
1. Download and run the preferred utility for generating SSH keys, for example, PuTTYgen :
2. Specify the following parameters:
Click Generate .
3. Copy the generated key from the output field at the top of the window.
Now you can add the generated SSH key to your Jelastic account.
1. Open the Jelastic control panel and click the Settings button in the upper right corner.
2. In the Account settings tab that opens, go to the SSH Access section.
3. Click on the Add SSH Key button and copy the previously generated key into the Key field. The Title field will be filled in automatically if your key already has a name.
Click Add Key .
4. As a result, the added SSH key will appear in the list.
In the same way, you can add multiple keys or delete them if they are not needed.
Now let's see how you can access your Jelastic account with all its environments and containers via SSH.
Open Jelastic and go to the top toolbar. Click on the Settings button.
In the Account settings tab that opens, go to SSH Access .
To open your SSH gateway, click the link in the note. As a result, you will automatically access Shell Handler through the console.
Or simply copy the specified command line and launch it via the console (SSH client).
The following steps to get SSH account access depend on the operating system you are using:
1. Open a terminal and enter the SSH connection string from the Settings tab of the SSH Access panel.
2. As a result, you will see a list of environments available on your account.
To select the desired environment, enter its number in the list.
3. After that the list of containers of the selected environment will open.
Next to each container is the node ID identifier and the LAN IP address. To access the container, enter its sequence number.
4. Now you can start setting up the necessary configurations.
Access to the command shell is associated with certain risks, since You may accidentally damage your application. Therefore, please be careful when performing any operations from inside the container.
To establish an SSH connection for the Windows operating system, there must be a private key on your local machine that corresponds to the open one previously added to the Jelastic control panel. Therefore, complete the following steps:
1. Save the private version of your SSH key (we use PuTTY utilities as an example)
2. Download and run the PuTTY SSH agent (it's called Pageant ). In the drop-down window, click the Add key button and select your local file with a private SSH key.
3. After that, you can click Close . Pageant will be minimized to the taskbar. Do not close this program until your SSH session is completed, otherwise the connection will be terminated.
4. Download and run your SSH client (for example, PuTTY ). Click the Session tab in the list on the left.
5. Type in the Host Name (or IP address) field the SSH connection string from the Settings> SSH Access tab of the Jelastic control panel. Also enter the port number - 3022 .
Click the Open button.
6. You will see a console with a list of environments available to your account. Further steps are similar to the instructions for Linux / MacOS.
You can also go directly to the required container, skipping the steps of selecting the environment and server.
To do this, you need to know the ID of the required container. It can be obtained using the previously described method of SSH access through an interactive menu. There you can see a list of available containers and their IDs (values in the nodeid column).
To enter the correct container, use the value of its nodeid in the following command:
ssh {nodeid} - {uid} @ {SSH_gateway} -p 3022
The values of the parameters {uid} and {SSH_gateway} can be found in the Jelastic control panel ( Settings> SSH Access ).
For example, to access the MySQL-5.5.34 container of our current environment, enter the following command:
ssh 6481-97@gate.jelastic.com -p 3022
This feature can be useful while working with tools for deploying applications and setting up remote containers (for example, Capistrano).
We hope this information will be useful for those of you who would like to understand the wide possibilities of the Jelastic platform deeper. More details can be found in additional documentation .
Overview
SSH (Secure Shell) is a protocol used to securely connect to a remote container and perform operations on it. SSH commands are encrypted and secure: the client / server connection is authenticated using a digital certificate, and passwords are also protected by encryption.
To provide SSH access to Jelastic, we added a new infrastructure component - SSH Gateway (SSH gateway) . It accepts user connections from the Internet and transfers them to the desired container over the internal network.
')
Authentication procedure in Jelastic SSH gateway is divided into two independent parts:
- connection of the end user to the gateway (external authentication)
- connection of the gateway to the user container (internal authentication)
Both stages are based on the standard SSH protocol and use a cryptographic pair (public and private keys).
Using Jelastic SSH Gateway, you can easily access:
- to the entire account , with the ability to navigate between your environments and containers without additional authentication, using the interactive menu
- directly to individual containers , working with them remotely using certain tools (for example, Capistrano), or using SFTP and FISH protocols
When accessing containers through SSH, the user obtains all necessary permissions and can additionally manage basic services using the following type of sudo commands (and others):
sudo /etc/init.d/jetty start
sudo /etc/init.d/mysql stop
sudo /etc/init.d/tomcat restart
sudo /etc/init.d/memcached status
sudo /etc/init.d/mongod reload
sudo /etc/init.d/nginx upgrade
sudo /etc/init.d/httpd help
Note : if you deploy any application, change the configuration or integrate additional functionality into your environment via SSH, this will not be displayed on the Jelastic control panel.
In addition, Jelastic supports SFTP (Secure File Transfer Protocol), thanks to the introduction of a streaming daemon to handle SFTP connections. This allows you to access files, manage them and transfer them directly to the container through an SSH gateway, which ensures complete data security.
Another secure network protocol is FISH (Files transferred over Shell protocol). It is supported by several popular FTP clients and file managers such as Midnight Commander Konqueror, lftp, Krusader, and others. FISH provides the user with secure access and control of the container file system.
Below we will explain how you can:
- generate SSH key;
- add ssh key;
- get access to containers and environments.
SSH key generation
The procedure for generating an SSH key depends on the operating system you are using:
- Linux / MacOS
- Windows
For Linux / MacOS
Generate a new SSH key (DSA or RSA) using the ssh_keygen tool:
1. Generate using the following command:
$ ssh-keygen -t dsa
2. To get the key, go to the id_dsa.pub file .
~ $
~ / .ssh $ cat
id_dsa id_dsa.pub known_hosts
~ / .ssh $ cat id_dsa.pub
3. Copy the generated SSH key.
Note : In the example above, we generated a DSA type key, but you can also use the RSA type. To generate such a key, perform the same operations, replacing the dsa value with rsa in the command.
For windows
1. Download and run the preferred utility for generating SSH keys, for example, PuTTYgen :
2. Specify the following parameters:
- select key type (SSH-2 RSA or SSH-2 DSA)
- enter the desired number of bits (for example, 2048)
Click Generate .
3. Copy the generated key from the output field at the top of the window.
Adding SSH key
Now you can add the generated SSH key to your Jelastic account.
1. Open the Jelastic control panel and click the Settings button in the upper right corner.
2. In the Account settings tab that opens, go to the SSH Access section.
3. Click on the Add SSH Key button and copy the previously generated key into the Key field. The Title field will be filled in automatically if your key already has a name.
Click Add Key .
4. As a result, the added SSH key will appear in the list.
In the same way, you can add multiple keys or delete them if they are not needed.
Note : The added SSH key is attached to your entire account, not just to a particular environment.
SSH access to Jelastic account
Now let's see how you can access your Jelastic account with all its environments and containers via SSH.
Open Jelastic and go to the top toolbar. Click on the Settings button.
In the Account settings tab that opens, go to SSH Access .
To open your SSH gateway, click the link in the note. As a result, you will automatically access Shell Handler through the console.
Or simply copy the specified command line and launch it via the console (SSH client).
The following steps to get SSH account access depend on the operating system you are using:
- Linux / MacOS
- Windows
For Linux / MacOS
1. Open a terminal and enter the SSH connection string from the Settings tab of the SSH Access panel.
Note : To avoid access / connection errors, all commands must be executed from the account of the same user of the local computer that was used during the generation of an SSH key pair.
2. As a result, you will see a list of environments available on your account.
To select the desired environment, enter its number in the list.
Note : You can only access the running environment.
3. After that the list of containers of the selected environment will open.
Next to each container is the node ID identifier and the LAN IP address. To access the container, enter its sequence number.
4. Now you can start setting up the necessary configurations.
Access to the command shell is associated with certain risks, since You may accidentally damage your application. Therefore, please be careful when performing any operations from inside the container.
For windows
To establish an SSH connection for the Windows operating system, there must be a private key on your local machine that corresponds to the open one previously added to the Jelastic control panel. Therefore, complete the following steps:
1. Save the private version of your SSH key (we use PuTTY utilities as an example)
2. Download and run the PuTTY SSH agent (it's called Pageant ). In the drop-down window, click the Add key button and select your local file with a private SSH key.
3. After that, you can click Close . Pageant will be minimized to the taskbar. Do not close this program until your SSH session is completed, otherwise the connection will be terminated.
4. Download and run your SSH client (for example, PuTTY ). Click the Session tab in the list on the left.
5. Type in the Host Name (or IP address) field the SSH connection string from the Settings> SSH Access tab of the Jelastic control panel. Also enter the port number - 3022 .
Click the Open button.
6. You will see a console with a list of environments available to your account. Further steps are similar to the instructions for Linux / MacOS.
Direct SSH Container Access
You can also go directly to the required container, skipping the steps of selecting the environment and server.
To do this, you need to know the ID of the required container. It can be obtained using the previously described method of SSH access through an interactive menu. There you can see a list of available containers and their IDs (values in the nodeid column).
To enter the correct container, use the value of its nodeid in the following command:
ssh {nodeid} - {uid} @ {SSH_gateway} -p 3022
The values of the parameters {uid} and {SSH_gateway} can be found in the Jelastic control panel ( Settings> SSH Access ).
For example, to access the MySQL-5.5.34 container of our current environment, enter the following command:
ssh 6481-97@gate.jelastic.com -p 3022
This feature can be useful while working with tools for deploying applications and setting up remote containers (for example, Capistrano).
findings
We hope this information will be useful for those of you who would like to understand the wide possibilities of the Jelastic platform deeper. More details can be found in additional documentation .
Source: https://habr.com/ru/post/241197/
All Articles