Oracle Cloud Infrastructure Compute service provides console connections that enable a user to remotely troubleshooting malfunctioning instances using:

  • Serial Console Connections
  • VNC Console Connections

In this post, I am going to focus on VNC console connections. 

The VNC console connection uses SSH port forwarding to create a secure connection from your local system to the VNC server attached to your instance’s console.

Use Cases

  • Add or reset SSH Keys for the OPC user
  • Edit system configuration files
  • An imported or customized image that does not complete a successful boot (such as DD another image)
  • A previously working instance that stops responding

Linux Topology

Pre-requisites for Creating VNC Console Connection

1. Install VNC Viewer on client machine from : https://ift.tt/3Cwq7Gr

2. On Linux Server for SSH Tunneling

2.1 Generate SSH Key using ssh-keygen command. Press enter until completed.

2.2 Copy  /root/.ssh/id_rsa.pub content, which is the public key we will paste it into Oracle cloud platform instance’s VNC console connection.

2.3 Stop Linux firewall or add an firewall rule to allow VNC traffic

# systemctl status firewalld
# service firewalld stop
OR
# systemctl stop firewalld


Linux

In OCI, navigate to your instance. In the lower left you’ll notice the Resources menu. Choose the Console Connections option.

This brings up the Console Connections dialog. Click on the “Create Console Connection” button to create a new connection. You’ll see the connection being provisioned and created.


At this point look to the far right of the connection and notice three dots. Hover over them to reveal the connection options. You’ll see Connect with SSH and Connect with VNC listed.

For users that need a graphical connection to the host, use VNC. The steps to establish a VNC connection are the similar to those for connecting to SSH. Create a connection and hover over the three dots at the far right of the connection. Here, choose Connect with VNC. A very similar dialog box appears, with similar choices for selecting Linux/Mac or Windows.

Again, copy the connection string.

This command is slightly different. Rather than creating a connection, it builds an SSH tunnel to OCI by adding an additional option to the SSH command in the middle:

ssh -o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.ca-toronto[email protected]instance-console.ca-toronto-1.oci.oraclecloud.com' -N -L localhost:5900:ocid1.instance.oc1.ca-toronto-1.an2g6ljrj7xw6qyczmpx2ntlkwbnzgnx2ekxwwbqfnr7narfaeeydbj3jwaa:5900 ocid1.instance.oc1.ca-toronto-1.an2g6ljrj7xw6qyczmpx2ntlkwbnzgnx2ekxwwbqfnr7narfaeeydbj3jwaa

-N -L localhost:5900:ocid1.instance.oc1.redacted:5900

changed to

-N -L 0.0.0.0:5900:ocid1.instance.oc1.redacted:5900

ssh -o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconsoleconnection.oc1.ca-toronto[email protected]instance-console.ca-toronto-1.oci.oraclecloud.com' -N -L 0.0.0.0:5900:ocid1.instance.oc1.ca-toronto-1.an2g6ljrj7xw6qyczmpx2ntlkwbnzgnx2ekxwwbqfnr7narfaeeydbj3jwaa:5900 ocid1.instance.oc1.ca-toronto-1.an2g6ljrj7xw6qyczmpx2ntlkwbnzgnx2ekxwwbqfnr7narfaeeydbj3jwaa

Without going into too much detail, (-N) tells SSH not to run a command; and (-L) redirects (forwards) traffic sent to port 5900 on the local host to port 5900 on the OCI host. Edit these values If VNC is running on a different port either locally or remotely. 

If your VPS is in the cloud, certain cloud providers might use NAT method to assign your VPS ip address, in that case you might need to you local ip address instead localhost. 



[[email protected] ~]# ssh -o ProxyCommand='ssh -W %h:%p -p 443 ocid1.instanceconso leconnection.oc1.ca-toronto-1.an2g6ljrj7xw6qyctvjlznddiuci4olyx3kiu2hsq53kvukbll                                                                                                            [email protected]' -N -L 0.0.0.0:5900                                                                                                            :ocid1.instance.oc1.ca-toronto-1.an2g6ljrj7xw6qyczmpx2ntlkwbnzgnx2ekxwwbqfnr7nar                                                                                                            faeeydbj3jwaa:5900 ocid1.instance.oc1.ca-toronto-1.an2g6ljrj7xw6qyczmpx2ntlkwbnz                                                                                                            gnx2ekxwwbqfnr7narfaeeydbj3jwaa

=================================================

IMPORTANT: Use a console connection to troubleshoot a malfunctioning instance. F                                                                                                            or normal operations, you should connect to the instance using a Secure Shell (S                                                                                                            SH) or Remote Desktop connection. For steps, see https://docs.cloud.oracle.com/i                                                                                                            aas/Content/Compute/Tasks/accessinginstance.htm

For more information about troubleshooting your instance

using a console connect                                                                                                            ion, see the documentation: https://docs.cloud.oracle.com/en-us/iaas/Content/Com                                                                                                            pute/References/serialconsole.htm#four

=================================================

When you run this command it won’t appear to do anything. That’s normal. It’s actively tunneling traffic as long as it’s running. Ctl-C will return control of the session but any VNC session running locally will be lost.

Windows

tbc.

from Blogger http://blog.51sec.org/2021/08/oracle-cloud-vps-vnc-console-connection.html

By Jon

Leave a Reply