Skip to content

Nested (Nested (Nested SSH) SSH)) SSH

There are occasions where I need to reach a server via SSH that is only reachable through multiple bastions. Sometimes this is because of security reasons and other times it is because the machines are on different networks with no direct route. One can of course SSH to the first bastion, then from there to the next, and so forth, but that is annoying to have to type each time. We can do this from the command line as well as in the SSH config.

An example from the command line (for scripting, not typing) using strung together commands:

ssh -t user@host1 ssh -t user@host2 ssh -t user@host3 … ssh user@destination


The ‘-t’ flag tells SSH to use a pseudo terminal on the remote machine. This is required if you intend on running a command, such as SSH itself, that expects to be executed in a terminal instead of as a detached/background process. The final SSH command doesn’t need the ‘-t’ flag if you are aiming for a remote shell such as bash.

An example from the command line (again, for scripting) using jumphost flag:

ssh -J user@host1,user@host2,user@host3,… user@destination


Okay so that’s pretty cool, but what if we want to make it a permanent setting in our SSH config? Well, we can do that too by adding these lines to our ~/.ssh/config:

# host1
host host1
HostName host1.fqdn
User user

# host2
host host2
HostName host2.fqdn
User user
ProxyJump host1

# host3
host host3
HostName host3.fqdn
User user
ProxyJump host2

# destination
host destination
HostName destination.fqdn
User user
ProxyJump host3


Now we can use ‘ssh destination’ and SSH will handle the rest for us.

That covers the basics and should give you a glimpse of how chill SSH is with being nested, strung together, and so on.

Using AWS S3 as Primary Storage on Nextcloud

I have been testing/using Nextcloud for the last couple of months in hopes of getting rid of Dropbox, Google Drive, etc. I recently experimented with having external storage connected to it. That’s all fine and dandy, but then I wondered if an external storage could be used as the primary storage? A little searching revealed I wasn’t the first person to think of that. In fact it is supported by Nextcloud and is documented. To get started create a bucket with the desired settings and create an IAM user that has access.

The official Nextcloud documentation gives this example:

‘objectstore’ => array(
‘class’ => ‘OC\\Files\\ObjectStore\\S3’,
‘arguments’ => array(
‘bucket’ => ‘nextcloud’,
‘autocreate’ => true,
‘key’ => ‘EJ39ITYZEUH5BGWDRUFY’,
‘secret’ => ‘M5MrXTRjkyMaxXPe2FRXMTfTfbKEnZCu+7uRTVSj’,
‘hostname’ => ‘example.com’,
‘port’ => 1234,
‘use_ssl’ => true,
‘region’ => ‘optional’,
// required for some non amazon s3 implementations
‘use_path_style’=>true
),
),


Based on my experience using AWS S3 as an external storage device, I ended up with this as my config:

‘objectstore’ => array(
‘class’ => ‘OC\\Files\\ObjectStore\\S3’,
‘arguments’ => array(
‘bucket’ => ‘’,
‘key’ => ‘’,
‘secret’ => ‘’,
‘use_ssl’ => true,
‘region’ => ‘,
// required for some non amazon s3 implementations
‘use_path_style’=>true
),
),


Specifically, I found it necessary to specify the region (i.e. us-west-2) and SSL otherwise I got errors.

I have been running this for a few days now and have not seen any issues.

Nextcloud, Docker, and upgrades

I have been running Nextcloud via a Docker image for a few months and recently a new version of Nextcloud was released. This seemed like the perfect opportunity to test out upgrading to a newer Nextcloud Docker image and keeping my data. Since I mount a volume to keep the configuration data in, it will be a fairly easy to upgrade.

First step is to make sure we have backups and verify their integrity. The Nextcloud backups page details these instructions pretty well, but just to cover the basics you need to backup your data and database at a minimum. I also went ahead and grabbed a copy of the config.php by itself and stored it outside of the container. Tip: I didn’t initially know which volume store was the right one, so I entered the container by loading bash and created a temporary file named ‘findmehere’ that I could search for from the host.

Next we will stop the existing container by issuing a ‘docker stop ’ where is the container id listed in the output of ‘docker ps’. Then we will start a new docker image using the same command we did the first time. For me this looked like ‘docker run -d -v nextcloud:/var/www/html -p 8181:80 nextcloud’ but YMMV.

The occ script should detect the new version of Nextcloud and start the upgrade. Check the status by visiting your Nextcloud web page. Since we used a volume to keep our data in we should be all set!