How to create a Serial Console Connection to your VM DB System

Introduction

A serial console connection to bare metal or virtual machine DB system allows you to manage and troubleshoot your system in single-user mode using an SSH connection, e.g. if the boot volume becomes full causing a standard SSH connection to fail with permission denied errors.

In this blog post, we will demonstrate step-by-step guidance to create the connection and connect to the DB system.

The Environment

  • Virtual Machine DB System in OCI
  • SSH client (Git Bash) on my local Windows notebook.

Create Console Connection

Step 1: Create Console Connection

From your DB System details page, under “Resources” on the left side, click on “Console Connections”, then “Create Console Connection”.

Upload or paste your SSH key and click on “Create Console Connection”.

Establish the Connection

Step 2: Copy the SSH String

Once the Console Connection got created, click on the dotted menu on the very right side, then on “Copy SSH String”.

Step 3: Connect to the Console

Paste the SSH String from the previous step in a terminal window, e.g. Git Bash on your local computer.

ssh -o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.eu-frankfurt-1.antheljsrbhecuicgjziyrlc6k4mhrp76s44d3hxvlqyq6drd25fgttugkya@instance-console.eu-frankfurt-1.oci.oraclecloud.com' ocid1.instance.oc1.eu-frankfurt-1.antheljsrbhecuicvge5ap2mftr2t24x7xtyo2a7ydchjwbxuog7ivcwy54q

If you are not using the default SSH key, then modify the SSH Sting by including the -i flag to specify the SSH key location.

ssh -i /your/ssh/key/location/id_rsa -o ProxyCommand=...

Hit Enter again to activate the console.

Step 4: Reboot your Node

From the DB System details page, under “Resources” on the left side, click on “Nodes”. Click on the dotted menu on the very right side, then on “Reboot”.

Confirm rebooting the node.

Switch back to your console connection and you will see restart messages start to appear in the window.

As soon as you see the boot menu appear, use the up/down arrow keys to stop the automatic boot process.

Step 5: Enter the Boot Menu

As indicated in the menu, press “e” to edit the boot entry.

Use the down arrow key to scroll down through the entries until you reach the line that starts with “linuxefi” for instances running Oracle Linux 7.x (or “kernel for Oracle Linux 6.x”).

Add the following at the end of that line.

init=/bin/bash

You are already in the edit mode, so just use the left/right arrow keys to place the cursor at the end of the line and start typing.

Step 6: Start the Instance

As indicated in the menu, press “Ctrl-x” to start.

Now your machine is in maintenance mode and you can start troubleshooting.

Step 7: Delete the Console Connection

Once you are done, delete the console connection. Click on the dotted menu on the very right side, then on “Delete.

Confirm with “OK”.

Conclusion

Serial Console Connections provide a simple way to connect to your DB System machines as user root for troubleshooting even though a standard SSH connection is not possible due to issues on that machine.

 

Please find out all of our articles send us the Invitation or Follow us:

Ramkumar’s LinkedIn: https://www.linkedin.com/in/ramkumardba/
LinkedIn Group: https://www.linkedin.com/in/ramkumar-m-0061a0204/
Facebook Page: https://www.facebook.com/Oracleagent-344577549964301
Ramkumar’s Twitter: https://twitter.com/ramkuma02877110
Ramkumar’s Telegram: https://t.me/oracleageant
Ramkumar’s Facebook: https://www.facebook.com/ramkumarram8

How to use OCI Bastion Service to connect to your Private Resources

Introduction

Databases and even application servers in the Cloud are usually provisioned in a private subnet that is not accessible from the internet. End users will access applications via a load balancer. To log in to the private machines for management purposes, customers will have to set up their private connection to Oracle Cloud via VPN or FastConnect. However, when you start a PoC and that connection is not yet set up and you are ambitious to start trying things out, you’ll need a way to connect to those private instances, where application servers or databases. Another use case is when you are outside of your organization’s network and need access to private resources.

One way to do so is to provision a compute instance in a public subnet and use it as a jump server. However:

  • Creating an instance with a public IP might violate your organization’s security rules.
  • You have to create and maintain further resources: public subnet, Internet Gateway, Security List, etc.
  • You have to take care of securing the jump sever instance adding more administrative work.

OCI Bastion service eliminates the need for deploying public subnets or jump servers and provides an easy way to build SSH connections to private resources in OCI. The private resources could be Compute VM instances, databases using the virtual or bare metal DB systems, or Exadata Cloud Service virtual machines.

The Environment

  • Exadata Cloud Service virtual machine in OCI with a private IP (10.0.2.2). This could be any other private resource in OCI with a private IP.
  • SSH client (Git Bash) on my local Windows notebook.
  • Database client (SQL Developer) on my local Windows notebook.

Preparation

Step 1: Create a Bastion Service

From the Cloud Console, search for “Bastion” and click on the “Bastion” service in “Identity & Security”.

Click on “Create Bastion”, provide a name for your Bastion Service, select the target VCN and subnet, provide a CIDR block that you want to allow to connect to the target resources, and create the Bastion.

In this case, for simplicity, I’m allowing access from everywhere (0.0.0.0/0)

Step 2: Create a Connection in your Bastion

After the Bastion got created, click on the Bastion name to access the Bastion details page.

Click on “Create Session”. For session type, select “SSH port forwarding session”. Provide a session name. Choose “IP Address” to connect to the target and provide your target IP address. Enter port 22. Choose or paste your SSH public key and create the session.

Create SSH Connection

Step 3: Copy the SSH Command

After the session got created in step 2, click on the dotted menu on the very right side of the session, then click on “Copy SSH Command”.

Paste the SSH command in your favorite text editor and adjust the values for the private key and local port.

ssh -i <privateKey> -N -L <localPort>:10.0.2.2:22 -p 22 ocid1.bastionsession.oc1.phx.amaaaaaahjb7ffias2yie3rfxltbtrshko3df5njw2dopjsr5zza3uh3ohra@host.bastion.us-phoenix-1.oci.oraclecloud.com
ssh -i /c/Users/SPETRUS/.ssh/id_rsa -N -L 22:10.0.2.2:22 -p 22 ocid1.bastionsession.oc1.phx.amaaaaaahjb7ffias2yie3rfxltbtrshko3df5njw2dopjsr5zza3uh3ohra@host.bastion.us-phoenix-1.oci.oraclecloud.com

Step 4: Establish the SSH Connection

Execute the command from step 3 in your terminal session. Here, I’m using Git Bash on my Windows notebook.

The SSH tunnel is established. Keep this session active and open a second terminal window to connect to your private resource.

ssh -i /c/Users/SPETRUS/.ssh/id_rsa opc@localhost

That’s it! We are connected to the target private host in OCI.

Connect to a Database

If case you want to connect to a database directly instead of connecting to the database host, then create a new Bastion session using target port 1521, establish the SSH tunnel, and connect to your database using a database client, e.g. SQL Developer.

Conclusion

The Bastion Service enables you to access private resources in OCI without deploying and maintaining a public subnet and a jump server, which eliminates the hassle and potential attack surface from remote access. Security posture is improved by using identity-based permissions and centralized, audited, and time-bound SSH sessions.

 

Please find out all of our articles send us the Invitation or Follow us:

Ramkumar’s LinkedIn: https://www.linkedin.com/in/ramkumardba/
LinkedIn Group: https://www.linkedin.com/in/ramkumar-m-0061a0204/
Facebook Page: https://www.facebook.com/Oracleagent-344577549964301
Ramkumar’s Twitter: https://twitter.com/ramkuma02877110
Ramkumar’s Telegram: https://t.me/oracleageant
Ramkumar’s Facebook: https://www.facebook.com/ramkumarram8

 

How to Create SSH Keys Using Oracle Cloud Shell

The SSH (Secure Shell) protocol is a method for secure remote login from one computer to another. SSH enables secure system administration and file transfers over insecure networks using encryption to secure the connections between endpoints. SSH keys are an important part of securely accessing Oracle Cloud Infrastructure compute instances in the cloud.

Oracle always recommend you use the Oracle Cloud Shell to interface with the OCI compute instance you will create. Oracle Cloud Shell is browser-based, does not require installation or configuration of software on your laptop, and works independently of your network setup.

To use the Cloud Shell machine, your tenancy administrator must grant the required IAM (Identity and Access Management) policy.

  • To start the Oracle Cloud shell, go to your Cloud console and click the cloud shell icon at the top right of the page.

  • Once the cloud shell has started, Choose the key name, This will be the keyname you will use to connect to any compute instances you create. Press Enter twice for no passphrase.
mkdir .ssh
cd .ssh
ssh-keygen -b 2048 -t rsa -f <<sshkeyname>>

Please find the below notes which I has done.

osamaobama@cloudshell:~ (us-phoenix-1)$ mkdir .ssh
osamaobama@cloudshell:~ (us-phoenix-1)$ cd .ssh
osamaobama@cloudshell:.ssh (us-phoenix-1)$ ssh-keygen -b 2048 -t rsa -f cloudshellkey
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in cloudshellkey.
Your public key has been saved in cloudshellkey.pub.
The key fingerprint is:
SHA256:VJLFZbU6v2PHzCJtWKHNEgV8UH7RGpFXny63PvXDatM osamaobama@5e3feabe028c
The key's randomart image is:
+---[RSA 2048]----+
| .+oo==+++|
| .o....=.*|
| . oo=o|
| . ..+. |
| S o* + |
| oo* o|
| =+=o|
| ooBE*|
| .=+=o|
+----[SHA256]-----+
osamaobama@cloudshell:.ssh (us-phoenix-1)$ ls
cloudshellkey cloudshellkey.pub
osamaobama@cloudshell:.ssh (us-phoenix-1)$ cat cloudshellkey.pub 
ssh-rsa AAAAB3NzaC1yc**********************************************
osamaobama@cloudshell:.ssh (us-phoenix-1)$

Thank you for giving your valuable time to read the above information.
If you want to be updated with all our articles send us the Invitation or Follow us:
Ramkumar’s LinkedIn: https://www.linkedin.com/in/ramkumardba/
LinkedIn Group: https://www.linkedin.com/in/ramkumar-m-0061a0204/
Facebook Page: https://www.facebook.com/Oracleagent-344577549964301
Ramkumar’s Twitter : https://twitter.com/ramkuma02877110
Ramkumar’s Telegram: https://t.me/oracleageant
Ramkumar’s Facebook: https://www.facebook.com/ramkumarram8