Connect to Oracle Cloud with SSH and VNC
If you’ve new to Oracle Cloud Infrastructure, one of the first tasks is to connect to the hosts you’ve created in OCI. In this post I’ll cover two methods for connecting via SSH, and how to create a VNC connection.
I’ll also discuss how to solve issues I encountered when creating a VNC connection.
SSH with a Key
The first (and probably easiest) way to connect is with SSH. For this you’ll need:
The public RSA key used when the instance was created
The IP address of the host, either public or private
Navigate to the directory where your public and private keys are stored and make sure the permissions on the private key are set to 400:
chmod 400 id_rsaNow issue an SSH command to connect to the host. We’ll use the -i switch to provide a path and file name for the private key, and the -l switch to identify the user. For an Oracle Enterprise Linux image the user is opc; for an Ubuntu image, the user is ubuntu.
ssh -i /home/oci/rsa_id -l opc 1.2.3.4Congratulations! You’re connected! From here, you can sudo su - to become root and begin working with the instance.
SSH to a Console
SSH with a key is fine when users are trusted administrators, but the previous method relies on the private RSA key and allows unlimited administrative access to your host. Key based authentication doesn’t require users to enter credentials because the key is the credential.
What if you want to allow untrusted/non-administrative users to gain access and force them to login with a username and password? The answer is a console connection.
OCI includes extensive security that would make building a console connection difficult. Fortunately, OCI makes it easy for administrators to generate connection strings to distribute to users.
Create a Console Connection
In OCI, navigate to your instance. In the lower left you’ll notice the Resources menu. Choose the Console Connections option.
This brings up the Console Connections dialog. Click on the “Create Console Connection” button to create a new connection. You’ll see the connection being provisioned and created.
At this point look to the far right of the connection and notice three dots. Hover over them to reveal the connection options. You’ll see Connect with SSH and Connect with VNC listed.
Connect with SSH
Choose Connect with SSH. This will bring up a new dialog box where you’ll select the client type, either Linux/Mac or Windows. Make the appropriate choice and click on the Copy option.
Paste the command into a terminal session (Linux/Mac) or Powershell window (Windows).
If you’re lucky it will work. If you’re like me, it didn’t. I got an error:
bind: Cannot assign requested addressI did a little troubleshooting by adding the -v switch to my SSH command, which revealed SSH was trying to connect to an IPv6 address:
Authenticated to ocid1.instance.oc1.redacted (via proxy).
debug1: Local connections to localhost:5900 forwarded to remote address ocid1.instance.oc1.redacted:5900
debug1: Local forwarding listening on 127.0.0.1 port 5900.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on ::1 port 5900.
bind: Cannot assign requested address
debug1: Entering interactive session.
debug1: pledge: procI forced an IPv4 address by simply adding the -4 switch to my SSH command, like so:
ssh -4 -o ProxyCommand…According to the plink documentation, the same flag works and Windows users should probably be able to modify their command to include the same switch, as so:
Start-Job { Echo N | plink.exe -4 -i…I don’t have a Windows machine to confirm this; if I’m wrong, please let me know!
After adding the -4 switch the command worked and I received the expected console login:
Oracle Linux Server 7.7
Kernel 4.14.35-1902.7.3.el7uek.x86_64 on an x86_64
myhost login: oracle
Password:
[myhost ~]$You can share this connection string with users that need non-administrative access to your OCI instance.
Connect with VNC
For users that need a graphical connection to the host, use VNC. The steps to establish a VNC connection are the similar to those for connecting to SSH. Create a connection and hover over the three dots at the far right of the connection. Here, choose Connect with VNC. A very similar dialog box appears, with similar choices for selecting Linux/Mac or Windows.
Again, copy the connection string.
This command is slightly different. Rather than creating a connection, it builds an SSH tunnel to OCI by adding an additional option to the SSH command in the middle:
-N -L localhost:5900:ocid1.instance.oc1.redacted:5900Without going into too much detail, (-N) tells SSH not to run a command; and (-L) redirects (forwards) traffic sent to port 5900 on the local host to port 5900 on the OCI host. Edit these values If VNC is running on a different port either locally or remotely.
When you run this command it won’t appear to do anything. That’s normal. It’s actively tunneling traffic as long as it’s running. Ctl-C will return control of the session but any VNC session running locally will be lost.
As before, I had to add the -4 switch to the command to get it to work in my environment.
Go forth and connect!
