SSH Jelastic Cloud Access

    A distinctive feature of Jelastic can be considered a convenient UI, which allows you to manage many processes in your environment without much difficulty. The main features are available in the control panel, but sometimes the user needs to dive deeper to make additional settings in a particular container, in order to customize, improve performance, etc. Therefore, we provided the ability to access containers through SSH. In this article, we will talk about this feature and its use in the Jelastic cloud.

    image

    Overview


    SSH (Secure Shell) is a protocol used to securely connect to a remote container and perform actions on it. SSH commands are encrypted and protected: the client / server connection is authenticated using a digital certificate, and passwords are also encrypted.

    To provide SSH access to Jelastic, we have added a new infrastructure component - SSH Gateway (SSH gateway) . It accepts user connections from the Internet and transfers them to the desired container over the internal network.

    image

    The authentication procedure in the Jelastic SSH gateway is divided into two independent parts:
    • connecting the end user to the gateway (external authentication)
    • connecting the gateway to the user container (internal authentication)

    Both stages are based on the standard SSH protocol and use a cryptographic pair (public and private keys).

    Using the Jelastic SSH gateway, you can easily access:

    • to the entire account , with the ability to move between your environments and containers without additional authentication using the interactive menu

    image
    • directly to individual containers , working with them remotely using specific tools (such as Capistrano), or using the SFTP and FISH protocols

    image
    When accessing containers via SSH, the user gets all the necessary permissions and can additionally manage the main services using the following types of sudo commands (and others):

    sudo /etc/init.d/jetty start
    sudo /etc/init.d/mysql stop
    sudo /etc/init.d/tomcat restart
    sudo /etc/init.d/memcached status
    sudo /etc/init.d/mongod reload
    sudo /etc/init.d/nginx upgrade
    sudo /etc/init.d/httpd help


    Note : if you deploy any application, change the configuration or integrate additional functionality into your environment through SSH, this will not be displayed on the Jelastic control panel.

    In addition, Jelastic supports SFTP (Secure File Transfer Protocol), thanks to the introduction of a streaming daemon to handle SFTP connections. This allows you to access, manage and transfer files directly to the container through the SSH gateway, which ensures complete data security.

    Another secure network protocol is FISH (Files transferred over Shell protocol). It is supported by a number of popular FTP clients and file managers, such as Midnight Commander Konqueror, lftp, Krusader and others. FISH provides the user with secure access and management of the container file system.

    Below we describe how you can:

    • generate an SSH key;
    • add SSH key;
    • access containers and environments.


    SSH key generation


    The procedure for generating an SSH key depends on the operating system you are using:
    • Linux / MacOS
    • Windows

    For Linux / MacOS


    Generate a new SSH key (DSA or RSA) using the ssh_keygen tool :

    1. Generate using the following command:

    $ ssh-keygen -t dsa

    2. To get the key, go to id_dsa.pub

    ~ $
    ~ / .ssh $ cat
    id_dsa id_dsa.pub known_hosts
    ~ / .ssh $ cat id_dsa.pub


    3. Copy the generated SSH key.
    Note : in the example above we generated a key of type DSA, but you can also use RSA type. To generate such a key, perform the same operations, replacing the dsa value with rsa in the command.

    For windows


    1. Download and run your preferred utility for generating SSH keys, for example, PuTTYgen :

    image

    2. Specify the following parameters:
    • select key type (SSH-2 RSA or SSH-2 DSA)
    • enter the desired number of bits (e.g. 2048)

    Click Generate .

    image

    3. Copy the generated key from the output field at the top of the window.

    image


    Adding SSH Key


    Now you can add the generated SSH key to your Jelastic account.

    1. Open the Jelastic control panel and click the Settings button in the upper right corner.

    image

    2. In the Account settings tab that opens, go to the SSH Access section .

    image

    3. Click the Add SSH Key button and copy the pre-generated key into the Key field . The Title field will be filled in automatically if your key already has a name.

    image

    Click Add Key .

    4. As a result, the added SSH key will appear in the list.

    image

    In the same way, you can add multiple keys or delete them if they are not needed.
    Note : the added SSH key is attached to your entire account, and not just to a separate environment.


    SSH access to Jelastic account


    Now let's see how you can access your Jelastic account with all its environments and containers via SSH.

    Open Jelastic and go to the top toolbar. Click on the Settings button .

    image

    In the Account settings tab that opens, go to SSH Access .

    To open your SSH gateway, follow the link in the note. As a result, you will automatically access Shell Handler through the console.

    Or just copy the specified command line and run it through the console (SSH client).

    image

    The following steps to gain SSH access to your account depend on your operating system:
    • Linux / MacOS
    • Windows

    For Linux / MacOS


    1. Open a terminal and enter the SSH connection string from the Settings tab of the SSH Access panel .

    Note : To avoid access / connection errors, all commands must be executed from the account of the same user of the local computer that was used during the generation of the SSH key pair.

    image

    2. As a result, you will see a list of environments available on your account.
    To select the desired environment, enter its number in the list.

    Note : You can access only the running environment.

    image

    3. After that, a list of containers of the selected environment will open .

    Next to each container is a node ID identifier and LAN IP address. To access the container, enter its serial number.

    image

    4. Now you can begin to configure the necessary configurations.

    image

    Access to the command shell is associated with certain risks, as You may accidentally damage your application. Therefore, please be careful when performing any operations from within the container.

    For windows


    To establish an SSH connection for the Windows operating system, your local machine must have a private key that corresponds to the public key previously added to the Jelastic control panel. Therefore, follow these steps:

    1. Save the private version of your SSH key (we use PuTTY utilities as an example)

    image

    2. Download and run the PuTTY SSH agent (called Pageant ). In the window that opens, click the Add key button and select your local file with a private SSH key.

    image

    3. After that, you can click the Close button . Pageant will be minimized to the taskbar. Do not close this program until your SSH session is completed, otherwise the connection will be interrupted.

    4. Download and start your SSH client (for example, PuTTY ). Click the Session tab in the list on the left.

    5. In the Host Name (or IP address) field, type the SSH connection string from the Settings> SSH Access tab of the Jelastic control panel. Also enter the port number - 3022 .

    image

    Click the Open button .

    6. You will see a console with a list of environments available to your account. Further steps are similar to instructions for Linux / MacOS.


    Direct SSH container access


    You can also go directly to the required container by skipping the steps for choosing the environment and server.

    To do this, you need to know the ID of the required container. It can be obtained using the previously described SSH access method through an interactive menu. There you can see a list of available containers and their ID (values ​​in the nodeid column).

    image

    To enter the container you need, use its nodeid value in the following command:

    ssh {nodeid} - {uid} @ {SSH_gateway} -p 3022

    The values ​​of the {uid} and {SSH_gateway} parameters can be found in the Jelastic control panel ( Settings> SSH Access ) .

    For example, to access the MySQL-5.5.34 container of our current environment, you need to enter the following command:
    ssh 6481-97@gate.jelastic.com -p 3022

    This feature can be useful when working with tools for deploying applications and configuring remote containers (e.g. Capistrano).


    conclusions


    We hope this information will be useful for those of you who would like to understand the wide possibilities of the Jelastic platform in more depth. More details can be found in the additional documentation .

    Also popular now: