0

I am developing Node.js application. And also new Linux systems. I installed RethinkDB to Google Compute Engine instance. I can access to 28015 driver port locally. But I cannot access to the driver port (28015) so that it cannot be accessed from the outside world. So I did it below commands. But I got some errors.

test@rethinkdbserver:~$ sudo iptables -A INPUT -i eth0 -p tcp --dport 28015 -j DROP
test@rethinkdbserver:~$ sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 28015 -j ACCEPT
test@rethinkdbserver:~$ ssh -L 28000:localhost:28015 100.100.63.63
The authenticity of host '100.100.63.63 (100.100.63.63)' can't be established.
ECDSA key fingerprint is cc:21:56:de:f1:72:j3:64:50:k4:0b:42:e2:5f:db:63.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '100.100.63.63' (ECDSA) to the list of known hosts.
Permission denied (publickey).

I get this error:

The authenticity of host '100.100.63.63 (100.100.63.63)' can't be established. ECDSA key fingerprint is cc:21:56:de:f1:72:j3:64:50:k4:0b:42:e2:5f:db:63. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '100.100.63.63' (ECDSA) to the list of known hosts. Permission denied (publickey).

RethinkDB manual document

Using SSH tunneling First, protect the driver port so that it cannot be accessed from the outside world. On unix-based systems, you can use iptables to block the port as follows:

sudo iptables -A INPUT -i eth0 -p tcp --dport 28015 -j DROP 
sudo iptables -I INPUT -i eth0 -s 127.0.0.1 -p tcp --dport 28015 -j ACCEPT

Note: You may have to replace eth0 and 28015 above if you are using another interface or not using the default driver port. Now create an SSH tunnel on the server that needs to access the remote RethinkDB driver port:

ssh -L <local_port>:localhost:<driver_port> <ip_of_rethinkdb_server>

Where,

local_port is the port you are going to specify in the driver - It can be any available port on your server.

driver_port is the RethinkDB driver port (28015 by default).

ip_of_rethinkdb_server is the IP address of the server that runs the RethinkDB server.

You can now connect to your RethinkDB instance by connecting to the host localhost and port local_port:

Full document https://rethinkdb.com/docs/security/

Please help

Gökay Gürcan
  • 1,082
  • 1
  • 10
  • 25
hiwordls
  • 781
  • 7
  • 17
  • 35
  • Hi @aoneki! Make sure to add your username on the server or else it will default to your username on your local machine. You should change your SSH tunnel command to: `ssh -L 28000:localhost:28015 user_name@100.100.63.63` – dalanmiller Sep 09 '15 at 18:11
  • Hey aoneki, also that isn't an error and that appears whenever you connect to an server instance via SSH for the first time. – dalanmiller Oct 07 '15 at 17:35
  • Awesome! Please mark this as answered ;) – dalanmiller Oct 16 '15 at 16:24

1 Answers1

1

By default if you don't supply a username, SSH will assume you are using the username on your local machine. In this case test. You should change your SSH tunnel command to:

ssh -L 28000:localhost:28015 user_name@100.100.63.63

dalanmiller
  • 3,467
  • 5
  • 31
  • 38
  • is `user_name` something like `ec2-user`? I posted a similar issue here: https://stackoverflow.com/questions/46548035/ssh-remote-tunneling-to-ec2-bastion-server-permission-denied-publickey – user3871 Oct 03 '17 at 15:35