0

We have an elasticsearch setup that is only available from a jump box. I want to set up an ssh tunnel so I can query from my laptop or a Docker container. When I run ssh, either directly or via 'system' the tunnel works and my post fetches data. When I try to set up the tunnel using net-ssh I get a RestClient::Exceptions::ReadTimeout. I'm not sure what I'm missing in the net-ssh configuration. I've provided a simplified code example.

Tried running this on Windows with Cygwin, and in a Docker container running Centos7.

require 'json'
require 'net/ssh'
require 'rest-client'

def fetchData
  indexName = "REDACTED"
  url = "http://localhost:9999/#{indexName}/_search?pretty"
  body = '{"size":1, "query":{"match_all":{}}}'
  resp = RestClient.post url, body, :content_type => :json, :accept => :json
  return JSON.parse(resp)
end

begin
  userName   = 'REDACTED'
  privateKey = 'id_rsa'
  jumpBoxUrl = 'REDACTED.com'
  elasticUrl = 'REDACTED.com'

  # this works
  system("ssh -fN -o StrictHostKeyChecking=no -i ~/.ssh/#{privateKey} #{userName}@#{jumpBoxUrl} -p 22 -L 9999:#{elasticUrl}:9200 sleep 10 >> logfile")
  puts fetchData

  # wait for the ssh to time out
  sleep 5

  # Timed out reading data from server (RestClient::Exceptions::ReadTimeout) - WHY?!
  #
  Net::SSH.start(jumpBoxUrl, userName, :port=>22, :forward_agent=>true, :verbose=>:info, :keys=>["~/.ssh/#{privateKey}"]) do |session|
    session.forward.local(9999, elasticUrl, 9200)

    # this works - able to authenticate to the shell box
    puts session.exec!("ls -la")

    # this times out - data is not returned
    puts fetchData
  end
end

I expect the post to return the same data when using net-ssh as it does when using ssh.

Appreciate any help with what I'm missing in my net-ssh setup.

Gary Golub
  • 31
  • 5

1 Answers1

0

I suspect it's related to the port forwarding. Inside that block you should be able to access elasticUrl:9200 since you're essentially on the jumphost at that point.

My suggestion would be to ssh into the jumphost and curl the API endpoint as test. If that works, you should be able to copy that command verbatim and pass it to session.exec!. And finally if that works, then you should be able to update fetchData to make the request to elasticUrl:9200 and you're off to the races.

delano
  • 134
  • 5
  • Thanks for the suggestion but, unfortunately, that defeats the purpose. I'm trying to use ruby, not a bunch of external programs. I can already use 'ssh' externally, as shown in the sample code, and that works w/o introducing curl. I want just ruby (ignoring whatever the gems are doing that might require C, etc.). – Gary Golub Jun 03 '19 at 16:22