Transparent Multi-hop SSH

Doing It Manually

Generate keys on local desktop:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Append public key to server “kvm-example-server.com” as user@kvm-example-server.com:~/ssh/authorized_keys
Then repeat this to create connection from user@kvm-example-server.com to internal account: root@192.168.122.13

Not you can access root@192.168.122.13 from desktop over kvm-example-server.com in one cmd:

ssh -A -t user@kvm-example-server.com  ssh -A root@192.168.122.13 
  • -A to enable agent forwarding
  • -t to force a pseudo-tty to be allocated.

A Better Way

vim ~/.ssh/config

and add lines:

Host server-kvm
  HostName kvm-example-server.com

Host server-internal
  ProxyCommand ssh -q server-kvm nc -q0 192.168.122.13  22

Now that the proxy command is set up, you can connect to the ‘aoraki’ host simply by typing:

ssh server-internal

Configure static guest IP on KVM

List all machines to get their names:

virsh list --all
 Id    Name                           State
----------------------------------------------------
 12    vps-1                  running
 ...

Get machine mac address:

VPS_NAME='vps-1'
virsh  dumpxml  $VPS_NAME | grep 'mac address'
<mac address='xx:xx:xx:xx:xx:xx'/>

Then edit the network

virsh  net-list
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              active     yes           yes

NETWORK_NAME='default'     # Probably "default"
virsh  net-edit  $NETWORK_NAME

Edit xml config of network

virsh net-dumpxml default > default.xml
vim default.xml

Change section:
– restrict the dynamic IP range
– host entries for your VPS

<dhcp>
  <range start='192.168.122.101' end='192.168.122.254'/>
  <host mac='xx:xx:xx:xx:xx:01' name='vps-1' ip='192.168.122.11'/>
  <host mac='xx:xx:xx:xx:xx:02' name='vps-2' ip='192.168.122.12'/>
  <host mac='xx:xx:xx:xx:xx:03' name='vps-3' ip='192.168.122.13'/>
</dhcp>

Restart network service:

virsh net-destroy default
virsh net-define default.xml
virsh net-start default

RDC access to remote VirtualBox guest

First need to install Oracle Extension package:
Goto: https://www.virtualbox.org/wiki/Downloads
and download VirtualBox 5.1.2 Oracle VM VirtualBox Extension Pack ex: “Oracle_VM_VirtualBox_Extension_Pack-5.0.26-108824.vbox-extpack”

VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.0.26-108824.vbox-extpack

You can also do it with GUI: Menu -> Settings -> Extensions

Setting VBox guest remote display

I use port range: 5100-5120

VBNAME='example-vbox-name'
VBoxManage modifyvm "${VBNAME}" --vrde on
VBoxManage modifyvm "${VBNAME}" --vrdeauthtype external
VBoxManage modifyvm "${VBNAME}" --vrdeport 5100-5120
VBoxManage modifyvm "${VBNAME}" --vrdemulticon on

Check machine settings:

VBoxManage showvminfo "${VBNAME}" | grep 'VRDE:'
# VRDE:            enabled (Address 0.0.0.0, Ports 5100-5120, MultiConn: on, ReuseSingleConn: off, Authentication type: external)

Start it headless:

VBoxManage startvm "${VBNAME}" --type headless

Running machine should use first port for VRDE

netstat -ntlp |  grep VBoxHeadless
# tcp        0      0 0.0.0.0:5100            0.0.0.0:*               LISTEN      3967/VBoxHeadless

Connecting:

I use apt-get install remmina or krdc
Use your remote host user and password, its your ssh user if remote system is on Linux/

IOTOP

Usefull IO monitoring commands:

iotop
pidstat -d 5 
13:53:12      UID       PID   kB_rd/s   kB_wr/s kB_ccwr/s iodelay  Command
13:53:17        0      1655      0,00      0,80      0,00     453  jbd2/dm-0-8
13:53:17     4031      5986      0,00      0,80      0,00       0  VBoxHeadless
13:53:17       33     12126      0,00      0,80      0,00       0  apache2
13:53:17     4031     25320    406,50      0,00      0,00       0  VBoxHeadless
13:53:17      111     28478      6,40    162,40      0,00       0  mysqld
iostat -d 5