Patrick Debois
Independent IT-consultant
Currently bridging the gap between projects and operations
by using Agile techniques both in development,project management and system administration.
availability: January 2010
Just Enough Documented Information
SSH access to your Vmware machines behind NAT
In our virtual test lab, we have only one official internal IP and we use NAT for our virtual Machines. As described in "using apache as a reverse proxy to access tomcat in virtual-machines" , it is easy to setup an http proxy to have access to the web services on the virtual machines as well. But developers need more then http access, they want to ssh into their virtual machine.
Vmware standard solution is to map the ssh ports behind the NAT to ports on the Vmware Server machine using the NAT.conf in /etc/vmware/vmnet8/nat/nat.conf . While this works, for each machine you need to remap this nat file and also have to restart vmware to reread this file. Here we propose another solution using apache as proxy for SSH access.
Our setup look like this: developers have putty, winscp and want to connect to the Virtual Machine1 and 2
Vmware standard solution is to map the ssh ports behind the NAT to ports on the Vmware Server machine using the NAT.conf in /etc/vmware/vmnet8/nat/nat.conf . While this works, for each machine you need to remap this nat file and also have to restart vmware to reread this file. Here we propose another solution using apache as proxy for SSH access.
Our setup look like this: developers have putty, winscp and want to connect to the Virtual Machine1 and 2
Developers ----> Vmware Server ----> Virtual Machine 1
Putty, Winsp Apache SSHD (ip-vm1)
with ----> Virtual Machine 2
Mod_Proxy SSHD (ip-vm2)
(ip-server)
To setup apache as reverse proxy you need to have mod_ssl installed.
# yum install mod_sslCreate a file ssh-proxy.conf in /etc/httpd/conf.d/
<virtualhost *:443>
ServerAdmin webmaster@localhost
ProxyRequests On
ProxyVia On
#Add ports you want to be able to connect to through your proxy here
AllowCONNECT 22
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
ErrorLog /var/log/httpd/proxy-error.log
TransferLog /var/log/httpd/proxy-transfer.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel notice
</virtualhost>
Activate the proxy_module and proxy_connect module in your /etc/httpd/httpd.conf
LoadModule proxy_balancer_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.soNow you can restart your apache and it should be running now
# apachectl restartTo use it with putty: (as described in http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter4.html#config-proxy
- Create a connection as usual to connect to ip-vm1
- Set the proxy for this connection to , type = HTTP, proxy = ip-server, port = 443
- Create a connection as usual to connect to ip-vm1
- Set the proxy for this connection to , type = HTTP, proxy = ip-server, port = 443
- compile it with : ./configure -host=apple; make ; make install
- adapt your .ssh file:
- Hostname namefor-ip-vm1
- Host ip-vm1
- ProxyCommand /usr/local/bin/corkscrew ip-server 443 %h %p
