Help:Access to Cloud VPS instances with PuTTY and WinSCP
The following information is the best option if you use Windows of an earlier version than Windows 10, April 2018 release.
If you are using a more recent version of Windows 10, your user experience use the built-in OpenSSH client, which also includes scp, by following the documentation at Help:Accessing Cloud VPS instances
Overview
This page documents methods for accessing your Cloud VPS instances using PuTTY and WinSCP.
- PuTTY is a terminal emulator that has SSH support.
- WinSCP is a Windows GUI for secure file transfer that has SFTP support.
There are extra instructions for accessing Toolforge with them.
With appropriate proxy respectively tunnel settings via the bastion server. With the correct settings,
Prerequisites
username: your shell username on Cloud Services, Gerrit, bastion and your instance (you may find it at Special:Preferences)instance: your instance name like in the server nameinstance.eqiad1.wikimedia.cloud, e.g.openid-wiki.eqiad1.wikimedia.cloud
Please ensure you have the latest versions of each software installed. There have been reports of old versions not being able to establish connections to newer bastion hosts.
- PuTTY
- plink.exe (part of PuTTY suite)
- Pageant (PuTTY authentication agent)
- your generated and loaded-in-Pageant ssh key
- WinSCP
See reference section for further information about tunnels and proxies.
How to set up PuTTY for proxying through bastion.wmcloud.org to your instance
You have to manually make your first connection from bastion to your instance (i.e. not using the methods on this page). This in order to see and accept the server fingerprint! Rationale: The first connection to an SSH server requires verification of the host key. PuTTY and also WinSCP store accepted server keys, and will alert you, if they differ later.[1]
The following uses an intermediate local proxy, part of the PuTTY suite.[2]
- Download plink.exe
- Proxy command for copy&paste:
plink.exe bastion.wmcloud.org -l <username> -agent -nc %host:%port
Hint: Make sure the proxy server (here: bastion) is already known to Putty before using it as a proxy. Otherwise you might just get a blank screen. If you are still getting the blank screen, you can run the plink command written above from the shell command line and accept the fingerprint. Then connect again with PuTTY as described above. Note that the proxied connection takes longer to establish than regular one (ie. you can wait 5 sec to get the remote prompt).
How to set up WinSCP for tunneling through bastion.wmcloud.org to your instance
Setting up WinSCP is very easy compared to setting up PuTTY.
Troubleshooting
SSH2_MSG_UNIMPLEMENTED
If you receive an error message similar to "Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet", upgrade your PuTTY and plink.exe to a newer version. Older versions of PuTTY try to use encryption algorithms (ciphers) that are not supported by newer verisons of openssh.
Also ensure that in Connection->SSH->Kex section you have Diffie-Hellman group 14 set as the very first on the list "Algorithm selection policy".
References
- ↑ http://winscp.net/eng/docs/ssh#verifying_the_host_key
- ↑ Multihop SSH with Putty/WinSCP 01/09/2008 by Mike Lococo
- Multihop SSH with Putty/WinSCP 01/09/2008 by Mike Lococo
- WinSCP: Connect to FTP/SFTP Server Which Can Be Accessed via Another Server Only
- Help:Accessing Cloud VPS instances
- Help:Putty
Communication and support
Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation:
- Chat in real time in the IRC channel #wikimedia-cloud connect, the bridged Telegram group, or the bridged Mattermost channel
- Discuss via email after you have subscribed to the cloud@ mailing list
- Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)
- Read the News wiki page
Use a subproject of the #Cloud-Services Phabricator project to track confirmed bug reports and feature requests about the Cloud Services infrastructure itself
Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)