1. Using Oracle API Platform Cloud Service - Classic
  2. Administering Oracle API Platform Cloud Service - Classic
  3. Accessing a VM Through a Secure Shell (SSH)

Accessing a VM Through a Secure Shell (SSH)

You can access the service instance's VMs by logging into the VM as the opc user through SSH. You can use any SSH utility you want. For example, if you are using Windows, you might use PuTTY; if you are using Linux, you might use OpenSSH.

Note:

Only the opc user can remotely connect to your VMs. You can not use SSH to connect to a VM as the oracle user. After successfully connecting to a VM, tasks such as starting and stopping the server and accessing the administrative logs should only be performed by the oracle user.

Topics

Understanding SSH Keys

To access an Oracle API Platform Cloud Service - Classic virtual machine (VM) with a secure shell (SSH) client, you must create a public/private key pair and configure the service instance with the public key.

When you create an Oracle API Platform Cloud Service - Classic instance, you are prompted to supply the public key. You can either provide an existing public key that you previously created with an external tool, or Oracle API Platform Cloud Service - Classic can create a new key pair for you. To connect to a VM in an Oracle API Platform Cloud Service - Classic instance, you supply the paired private key when logging in to the machine using an SSH client.

You may also use the same SSH public/private key pair that you used for creating an Oracle Database Cloud Service database deployment.

See also:

Generating a Secure Shell (SSH) Public/Private Key Pair

Several tools exist to generate SSH public/private key pairs. The following sections show how to generate an SSH key pair on UNIX, UNIX-like and Windows platforms.

Topics

Generating an SSH Key Pair on UNIX and UNIX-Like Platforms Using the ssh-keygen Utility

UNIX and UNIX-like platforms (including Solaris and Linux) include the ssh-keygen utility to generate SSH key pairs.

To generate an SSH key pair on UNIX and UNIX-like platforms using the ssh-keygen utility:
  1. Navigate to your home directory:
    cd $HOME
  2. Run the ssh-keygen utility, providing as filename your choice of file name for the private key:
    $ ssh-keygen -b 2048 -t rsa -f filename
    The ssh-keygen utility prompts you for a passphrase for the private key.
  3. Enter a passphrase for the private key, or press Enter to create a private key without a passphrase:
    Enter passphrase (empty for no passphrase): passphrase

    Note:

    While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.

    The ssh-keygen utility prompts you to enter the passphrase again.
  4. Enter the passphrase again, or press Enter again to continue creating a private key without a passphrase:
    Enter the same passphrase again: passphrase
  5. The ssh-keygen utility displays a message indicating that the private key has been saved as filename and the public key has been saved as filename.pub. It also displays information about the key fingerprint and randomart image.

Generating an SSH Key Pair on Windows Using the PuTTYgen Program

The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.

To generate an SSH key pair on Windows using the PuTTYgen program:
  1. Download and install PuTTY or PuTTYgen.

    To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.

  2. Run the PuTTYgen program.

    The PuTTY Key Generator window is displayed.

  3. Set the Type of key to generate option to SSH-2 RSA.
  4. In the Number of bits in a generated key box, enter 2048.
  5. Click Generate to generate a public/private key pair.

    As the key is being generated, move the mouse around the blank area as directed.

  6. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.

    Note:

    While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.

  7. Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of .ppk (PuTTY private key).

    Note:

    The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format.
  8. Select all of the characters in the Public key for pasting into OpenSSH authorized_keys file box.

    Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.

  9. Right click somewhere in the selected text and select Copy from the menu.
  10. Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
  11. Save the text file in the same folder where you saved the private key, using the .pub extension to indicate that the file contains a public key.
  12. If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the ssh utility on Linux), export the private key:
    1. On the Conversions menu, choose Export OpenSSH key .
    2. Save the private key in OpenSSH format in the same folder where you saved the private key in .ppk format, using an extension such as .openssh to indicate the file's content.

Connecting to an Administration Server or Load Balancer VM

You can access an Administration Server or a Load Balancer VM through a secure shell (SSH) utility.

To access a VM through SSH:

  1. Navigate to the Services page of the My Services Console.
  2. Click the service instance associated with the VM you want to access.
    The Oracle API Platform Cloud Service - Classic Overview page appears, displaying detailed information about the service instance.
  3. From the list of virtual machines, note the Public IP address of the Administration Server, the Managed Servers, or the Load Balancer, depending on which VM you want to access.
    This address will be specified in the typical octet format (111.111.111.111).
  4. On UNIX and UNIX-like platforms, use the standard OpenSSH command (ssh ) to connect to the VM as the opc user.
    Provide the following:

    • The path to the private key corresponding to the public key used at the time of provisioning.

    • The VM’s public IP address.

    in this format:

    ssh -i path_to_private_key opc@VM_IP_address
    For example:
    ssh -i /home/myuser/id_rsa opc@111.111.111.111
  5. On Windows, you can use PuTTY, an open source networking client for the Windows platform, to connect to the VM as the opc user.

    To download PuTTY, go to http://www.putty.org/ and click the You can download PuTTY here link.

    1. Launch PuTTY.

      The PuTTY Configuration window is displayed, showing the Session panel.

    2. In the Host Name (or IP address) field, enter the public IP address of the VM.
    3. In the Category tree, expand Connection if necessary and then click Data.
    4. In the Auto-login username field, enter opc.
    5. Confirm that the When username is not specified option is set to Prompt.
    6. In the Category tree, expand Connection > SSH, and then click Auth.
    7. Under Private key file for authentication, click Browse.
    8. Navigate to and select your private key file. Then click Open.

      Note:

      The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY. If you have to use a key saved in a different format, see the PuTTY documentation.
    9. Click Open to open the connection to the VM.
  6. If the private key was defined with a passphrase, enter this value when prompted.
When the VM command line appears, you can use any resource accessible from the VM. For example, you can run the WebLogic Scripting Tool on the Administration Server VM.

Connecting to a Managed Server VM

You can access a Managed Server VM through a secure shell (SSH) utility by using the Administration Server VM as a proxy.

Alternatively, you can connect to the Administration Server VM with SSH, and from within this SSH session start another SSH connection to the Managed Server VM.

To connect to a Managed Server VM by using the proxy method:

  1. Navigate to the My Services Console.
  2. Click the service instance associated with the VM you want to access.
    The Oracle API Platform Cloud Service - Classic Overview page appears, displaying detailed information about the service instance.
  3. From the list of virtual machines, identify the following information:

    • The Public IP address of the Administration Server VM (used as the proxy).

    • The Host name of the Managed Server VM to which you want to connect.

  4. On UNIX and UNIX-like platforms, use the standard OpenSSH command (ssh ) to connect to the VM as the opc user.
    Provide the following:

    • The path to the private key corresponding to the public key used at the time of provisioning.

    • The Administration Server VM’s public IP address.

    • The Managed Server VM’s host name.

    in this format:

    ssh -i path_to_private_key -o ProxyCommand="ssh -W %h:%p -i path_to_private_key opc@admin_server_VM_IP_address" opc@managed_server_host_name
    For example:
    ssh -i /home/myuser/id_rsa -o ProxyCommand="ssh -W %h:%p -i /home/myuser/id_rsa opc@111.111.111.111" opc@myjcs-wls-2
  5. On Windows, you can use PuTTY, an open source networking client for the Windows platform, to connect to the VM as the opc user.

    To download PuTTY, go to http://www.putty.org/ and click the You can download PuTTY here link.

    1. Launch PuTTY. If your private key was defined with a passphrase, then you must use the pageant utility to launch PuTTY:
      pageant "path to private key" -c "path to putty"
      For example:
      c:\PuTTY\pageant "c:\oracle\rsa.ppk" -c "c:\PuTTY\putty"
    2. If you used pageant to start PuTTY, enter the passphrase for the private key.

      The PuTTY Configuration window is displayed, showing the Session panel.

    3. In the Host Name (or IP address) field, enter the host name of the Managed Server VM.
    4. In the Category tree, expand Connection if necessary and then click Data.
    5. In the Auto-login username field, enter opc.
    6. Confirm that the When username is not specified option is set to Prompt.
    7. In the Category tree, click Connection > Proxy.
    8. Set Proxy type to Local.
    9. In the Proxy hostname field, enter the IP address of the Administration Server VM.
    10. Set the Port to 22.
    11. In the Telnet command or local proxy command field, enter the following value:
      plink -i "path to private key" opc@%proxyhost -nc %host:%port
      For example:
      plink -i "c:\\oracle\\rsa.ppk" opc@%proxyhost -nc %host:%port
    12. In the Category tree, expand Connection > SSH, and then click Auth.
    13. Under Private key file for authentication, click Browse.
    14. Navigate to and select your private key file. Then click Open.

      Note:

      The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY. If you have to use a key saved in a different format, see the PuTTY documentation.
    15. Click Open to open the connection to the VM.

      Note:

      You can optionally save this session configuration by navigating to the Session panel and clicking Save. When you open PuTTY the next time, you can load this configuration by selecting it and clicking Load.
When the VM command line appears, you can use any resource accessible from the VM.

Creating an SSH Tunnel

An SSH tunnel to an Oracle API Platform Cloud Service - Classic VM enables you to connect to other non-public ports on the VM though a port your local machine.

If a resource provided by a VM uses a port that is not directly accessible through the Internet, you can access that resource by creating an SSH tunnel to the port.

In general an SSH tunnel may map a remote port to any available port number on your local machine. However, port 9001 on the Administration Server uses JMX/RMI for communication, which requires that the remote and local port numbers be the same value. Therefore, the following instructions configure the tunnel’s local port number to the same value as the VM’s port number.

Tutorial icon Tutorial

To set up an SSH tunnel to a VM:

  1. Navigate to the Services page of the My Services Console.
  2. Click the service instance associated with the VM you want to access.
    The Oracle API Platform Cloud Service - Classic Overview page appears, displaying detailed information about the service instance.
  3. From the list of virtual machines, note the Public IP address of the Administration Server, the Managed Servers, or the Load Balancer, depending on which VM you want to access.
    This address will be specified in the typical octet format (111.111.111.111).
  4. On UNIX and UNIX-like platforms, use the standard OpenSSH command (ssh ) to create an SSH tunnel to the VM.
    Provide the following:

    • The path to the private key corresponding to the public key used at the time of provisioning.

    • The VM’s public IP address.

    • The port number on the VM to which you want to connect. The SSH tunnel will enable connectivity to this remote port though the same port number on your local machine.

    in this format:

    ssh -i path_to_private_key -L port:VM_IP_address:port opc@VM_IP_address -N
    For example, to create an SSH tunnel to port 9001 on the Administration Server VM:
    ssh -i /home/myuser/id_rsa -L 9001:111.111.111.111:9001 opc@111.111.111.111 -N
  5. On Windows, you can use PuTTY, an open source networking client for the Windows platform, to create an SSH tunnel to the VM.

    To download PuTTY, go to http://www.putty.org/ and click the You can download PuTTY here link.

    1. Launch PuTTY.
      The PuTTY Configuration window is displayed, showing the Session panel.
    2. In the Host Name (or IP address) field, enter the public IP address of the VM.
    3. In the Category tree, expand Connection if necessary and then click Data.
    4. In the Auto-login username field, enter opc.
    5. Confirm that the When username is not specified option is set to Prompt.
    6. In the Category tree, click Connection > SSH.
    7. Under Protocol options, select the checkbox Don't start a shell command at all.
    8. In the Category tree, expand Connection > SSH, and then click Auth.
    9. Under Private key file for authentication, click Browse.
    10. Navigate to and select your private key file. Then click Open.

      Note:

      The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY. If you have to use a key saved in a different format, see the PuTTY documentation.
    11. In the Category tree, click Connection > SSH > Tunnels.
    12. In the Destination field, enter IP:port,
      where IP is the IP address of the VM and port is the port number on the VM to which you want to connect.
    13. In the Source Port field, enter the same port number.
    14. Click the Add button.
    15. Click Open to create the SSH tunnel to the VM.

      Note:

      You can optionally save this session configuration by navigating to the Session panel and clicking Save. When you open PuTTY the next time, you can load this configuration by selecting it and clicking Load.
  6. If the private key was defined with a passphrase, enter this value when prompted.

Applications running on your local machine can now communicate with the VM by using localhost:port, where port is the local port number.

For example, after creating an SSH tunnel to port 9001 on the Administration Server VM, launch a web browser and connect to http://localhost:9001/console.

Note:

After your work with the SSH tunnel is complete, perform a <ctrl> C to shut down the SSH tunnel.

Switching VM Users

You can change users on an Oracle API Platform Cloud Service - Classic VM in order to perform specific administration tasks.

You must SSH to a VM only as the opc user. This user has root privileges on the OS running in the VM. For example, opc can be used to create other OS users on a VM. Simply prefix root operations with the sudo command. For example: 

sudo useradd myuser

Note:

There is no default password for the opc user.

Switching to Oracle

The oracle VM user has regular OS user permissions. It is intended to be used to start and stop Oracle products that have been installed on the VM, or to run other Oracle applications and utilities on the VM.

Type the following to become the oracle user: 

sudo su - oracle

Note:

There is no default password for the oracle user.

Switching to Root

An alternative to using the sudo command to perform root OS operations with the opc user is to switch to the root user.

Type the following to become the root user: 

sudo -s

Note:

Avoid using the root user except to perform privileged OS administration tasks.