SSH into a CloudStack Server
Objective
To SSH into a running Cloud.com CloudStack server.
Table of Contents
Prerequisites
- A RightScale account that has access to use a Cloud.com CloudStack. See Add a Cloud.com CloudStack to a RightScale Account.
- 'server_login' user role privileges in the RightScale account.
- A running instance in a CloudStack that supports the ability to define port forwarding rules for public IP addresses. IP port forwarding is only supported on CloudStack's using "Virtual Networking." CloudStack's using "Direct Attached Networking" support the use of security groups and do not support port forwarding rules.
Steps
Before you can successfully SSH into a public server, you must first assign it a public IP address with the appropriate port forward rules (firewall permissions). If you are attempting to SSH into a private server, you'll need to disable port forwarding as well as multiple subnets.
Public SSH
Acquire a New Public IP
Only the CloudStack administrator can provision public IP addresses. You can associate a public IP to any running server, but it cannot be associated to more than one server at a time. If an unassigned public IP address is not available, contact the CloudStack administrator.
Create and Apply a Port Forwarding Rule
- Log into the RightScale Dashboard.
- Go to Clouds > CloudStack > IP Addresses. A list of all assigned and unassigned public IP addresses will be listed. If a new IP address was provisioned by the Cloud Administrator, it may take a few minutes before the new IP address is listed in the Dashboard.
- Go to Clouds > CloudStack> Port Forwarding Rules. Click New.
- Instance - Select the instance that you want to assign the IP address.
- IP Address - Select the (public) IP address that you want to assign to the selected instance.
- Public port - Specify the public port for which you're going to forward traffic. To provide SSH access, enter 22 into this field.
- Private port - Specify the private port to which you're going to forward traffic from the public port specified above. So if you want to forward a request to port 22 on the public IP to port 22 on the private IP, you will need to enter '22' for both port fields. To provide SSH access, enter 22 into this field.
- Protocol - Select the protocol for the public/private ports listed above. To provide SSH access, enter TCP into this field.
- If you want to open up another port, you will need to repeat the process. Be sure to select the same Instance and IP Address.
Note: Port forwarding rules apply to an IP address and not to the running instance. So, if you terminate an instance that was assigned an IP (e.g. 115.112.236.111), which had port forwarding rules for TCP ports 22 and 80, and then you assign the same public IP to a new server, it will automatically apply its existing port forwarding rules.
Private SSH
Disable Port Fowarding and Multiple Subnets
To be able to SSH into a private IP, you will need to disable port fowarding rules and multiple subnets.
- Log into the RightScale Dashboard.
- Go to Settings > Administered Clouds > your CloudStack Cloud > Cloud Capabilities.
- Under Actions, click "Disable" for Port Forwarding and Multiple Subnets.
- Once disabled, you'll be able to SSH into your private cloud. For more information, see SSH into a Private Cloud.
- © Copyright 2015 RightScale Technical Support