Problems with SSH tunnel on AWS instance

Keywords: WordPress - AWS - Technical issue - Connectivity (SSH/FTP)
bnsupport ID: 4a2908ef-0a4b-db46-6751-35d64c6b521a
Description:
Start Bitnami WordPress instance in AWS Lightsail.
Connect to WordPress instance using browser.
Ensure that correct Key Pair is being used for instance.
Generate .ppk file for PUTTY
Create new PUTTY session using said credentials. (Can provide credentials upon request).
Start PUTTY session.
Attempt to connect to phpmyadmin (localhost) via browser.
Connect fails / browser timesout.
Error : Forwarded connection refused by remote: Connect failed [Name or service not known].

Would it be possible for assistance to determine why the tunnel is not working.

Many Thanks,

Devon.

Hi @DevonL,

thanks for using Bitnami. Did you follow this guide https://docs.bitnami.com/aws/faq/get-started/connect-ssh/?

Could you check if you are using the public IP of the instance?

Regards,
Ibone.

Hey Ibone,

Thank you for the response.

Will try again.

Devon.

Hi Ibone,

Can connect to the Lightsail instance using putty, however, cannot connect to phpmyadmin via browser.

Have followed the guide below for connecting to phpmyadmin.

https://docs.bitnami.com/aws/faq/get-started/access-phpmyadmin/

Have opened correct port in putty (80) for http request, along with other required settings for putty session as specified in guide.

Attempt to connect to phpmyadmin using the local IP for the instance through browser, ie :

http://127.0.0.1:8888/phpmyadmin.

It just times out.

Did you configure the source and destination ports as it’s shown in this screenshot?

image

If the tunnel doesn’t work after reviewing the configuration, you can also edit the Apache’s configuration to allow you access phpMyAdmin remotely. You can find more information here

Hey Ibone,

Configured source and destination ports as shown in screen shot.

modified : /opt/bitnami/apps/phpmyadmin/conf/httpd-app.conf

with required changes to accept connections from public IP.

Tried with two different IP’s.

The IP of my router (public ip) & IP of Lightsail instance.

IP of router just times out, however IP of Lightsail instance gives the following error in browser :

For security reasons, this URL is only accessible using localhost (127.0.0.1) as the hostname.

Hi @DevonL,

You need to use the IP of your router (your public IP). Please, reconfigure the httpd-app.conf file and run these commands from the instance itself to get more information

curl -LI localhost
curl -LI localhost/phpmyadmin
curl -LI localhost/phpmyadmin/

Hi Jota,

Many thanks can now connect to phpmyadmin via browser.

A few more queries if thats ok.

What are the security implications of the changes made to the apache configuration file?, ie, no longer using ssh tunnel.

What if I need to connect to phpmyadmin from a different location with different IP address etc?

I have no recollection of login info for phpmyadmin (username and password), how do I find the credentials?

Many thanks,

Devon.

Hi @DevonL,

Find my comments below:

What are the security implications of the changes made to the apache configuration file?, ie, no longer using ssh tunnel.

Allowing remote connections to phpMyAdmin allows other users (or bots) to run brute force attacks against your phpMyAdmin login form, which will give them access to your database in case they succeed. That’s why we recommend using the SSH tunnel instead. These attacks can be mitigated, but the most secure way of accessing phpMyAdmin is with SSH tunnels.

Can you try the SSH tunnel again and set PuTTY in debug mode sharing with us a screenshot of the error logs you get? Can you also start the tunnel and run the next commands from your local computer? They are similar to the ones that Jota shared previously, but for the tunnel port

curl -LI localhost:8888
curl -LI localhost:8888/phpmyadmin
curl -LI localhost:8888/phpmyadmin/

What if I need to connect to phpmyadmin from a different location with different IP address etc?

I understand you configured public access to your public IP address only, is that correct? That’s a mitigation of the bots attack as well, however you can be affected if your public IP address changes or you move to a different IP address (i.e. when you are trying to access from any other place).

I also understand your SSH connection works fine, so you should be able to SSH connect to your instance, allow access to your new source IP address and get to phpMyAdmin, but that requires additional steps. I think trying to debug SSH tunnel a little bit more is the better option here. It is weird the tunnel isn’t working because you can SSH to the server.

I have no recollection of login info for phpmyadmin (username and password), how do I find the credentials?

The default database password can be found in the /home/bitnami/bitnami_credentials file, unless you have already updated the password for the root user in MySQL.

Hi Gongomgra,

Got my password etc thanks!

Modified the httpd-app.conf files and re-inserted local, rather than public IP. Then restarted Apache service.

curl -LI localhost:8888
curl -LI localhost:8888/phpmyadmin
curl -LI localhost:8888/phpmyadmin/

Whenever I run any of the above curl commands I get the following message :

Failed to connect to localhost port 8888: Connection refused

http://localhost:8888/phpmyadmin

returns : site cannot be reached.

Have also attached screen shot of putty.log for your perusal.

Thank you for your time,

Devon.

Hi @DevonL,

Let’s confirm first that phpMyAdmin is working properly. Please run the commands I posted in my last message in the instance’s command line

curl -LI localhost
curl -LI localhost/phpmyadmin
curl -LI localhost/phpmyadmin/

and please run the Bitnami support tool again so we get updated information of your configuration and log files.

Hey Jota,

Ran :

curl -LI localhost
curl -LI localhost/phpmyadmin
curl -LI localhost/phpmyadmin/

Bitnami tool code :

9b01ffc6-b712-6193-a091-3724821eed4e

Many Thanks,

Devon.

Hi @DevonL,

Can you tell me the output of those commands?

curl -LI localhost
curl -LI localhost/phpmyadmin
curl -LI localhost/phpmyadmin/

Regards,
Michiel

Hey Michiel, here are the outputs to the commands you requested, see commands in bold.

bitnami@ip-172-26-4-228:~$ curl -LI localhost
HTTP/1.1 200 OK
Date: Mon, 15 Feb 2021 18:50:21 GMT
Server: Apache
X-Powered-By: PHP/7.4.13
Link: http://localhost/wp-json/; rel=“https://api.w.org/”, http://localhost/wp-json/wp/v2/pages/490; rel=“alternate”; type=“application/json”, http://localhost/; rel=shortlink
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Cache-Control: max-age=0, no-cache
Content-Type: text/html; charset=UTF-8

bitnami@ip-172-26-4-228:~$ curl -LI localhost/phpmyadmin
HTTP/1.1 301 Moved Permanently
Date: Mon, 15 Feb 2021 18:53:19 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Location: http://localhost/phpmyadmin/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Mon, 15 Feb 2021 18:53:19 GMT
Server: Apache
X-Powered-By: PHP/7.4.13
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src ‘self’ ;script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ ;style-src ‘self’ ‘unsafe-inline’ ;img-src ‘self’ data: *.tile.openstreetmap.org;object-src ‘none’;
X-Content-Security-Policy: default-src ‘self’ ;options inline-script eval-script;referrer no-referrer;img-src ‘self’ data: *.tile.openstreetmap.org;object-src ‘none’;
X-WebKit-CSP: default-src ‘self’ ;script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’;referrer no-referrer;style-src ‘self’ ‘unsafe-inline’ ;img-src ‘self’ data: *.tile.openstreetmap.org;object-src ‘none’;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Expires: Mon, 15 Feb 2021 18:53:19 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: goto=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/phpmyadmin/
Set-Cookie: back=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/phpmyadmin/
Set-Cookie: pma_lang=en; expires=Wed, 17-Mar-2021 18:53:19 GMT; Max-Age=2592000; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=ul8u5qmgvr4ulmutkakr7snjq7; path=/phpmyadmin/; HttpOnly
Cache-Control: max-age=0, no-cache
Content-Type: text/html; charset=utf-8

bitnami@ip-172-26-4-228:~$ curl -LI localhost/phpmyadmin/
HTTP/1.1 200 OK
Date: Mon, 15 Feb 2021 18:54:04 GMT
Server: Apache
X-Powered-By: PHP/7.4.13
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src ‘self’ ;script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ ;style-src ‘self’ ‘unsafe-inline’ ;img-src ‘self’ data: *.tile.openstreetmap.org;object-src ‘none’;
X-Content-Security-Policy: default-src ‘self’ ;options inline-script eval-script;referrer no-referrer;img-src ‘self’ data: *.tile.openstreetmap.org;object-src ‘none’;
X-WebKit-CSP: default-src ‘self’ ;script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’;referrer no-referrer;style-src ‘self’ ‘unsafe-inline’ ;img-src ‘self’ data: *.tile.openstreetmap.org;object-src ‘none’;
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Expires: Mon, 15 Feb 2021 18:54:04 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Set-Cookie: goto=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/phpmyadmin/
Set-Cookie: back=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/phpmyadmin/
Set-Cookie: pma_lang=en; expires=Wed, 17-Mar-2021 18:54:04 GMT; Max-Age=2592000; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=l43m0pt2326bmdpvu10q3dtf57; path=/phpmyadmin/; HttpOnly
Cache-Control: max-age=0, no-cache
Content-Type: text/html; charset=utf-8

Many thanks,

Devon.

Hey Michiel,

SSH tunnel is now working.

Thanks very much for you time,

Devon.

Hi @DevonL,

I’m glad to hear you’ve solved the issue. Thanks for sharing it. :smile:

Regards,
Michiel

Hi,
We have installed “WordPress Certified by Bitnami and Automattic” over AWS instance
Description: Unable to connect to phpmyadmin (localhost) via browser
Configured SSH, defined Tunnel.
over SSH log captured:
2021-07-28 14:42:22 Opening connection to locahost:80 for forwarding from 127.0.0.1:65314
2021-07-28 14:42:22 Forwarded connection refused by remote: Connect failed [Name or service not known]
Ran bnsupport-tool, it created and uploadedsupport bundle with Id: a8258454-d7eb-7064-ff59-dc743084e88c

As per bnsupport-tool:
Server ports 22, 80 and/or 443 are not publicly accessible.
Port 80 is accessible over Security-Group.

Please suggest what we are missing.

Regards,
Dave

Hi @dave.das,

Can you confirm all these ports are open in the firewall?

https://docs.bitnami.com/aws/faq/administration/use-firewall/

Thanks

Thanks @jota
SSH tunnel is working.
Thanks again.