Open main menu

Help:Access to Cloud VPS instances with PuTTY and WinSCP

This page documents methods for accessing your Cloud VPS instances using PuTTY and WinSCP. There are extra instructions for accessing Toolforge with them.

With appropriate proxy respectively tunnel settings via the bastion server. With the correct settings, a single click connection or file transfer is possible, and no command line input trouble is needed. pmt

Prerequisites

  • username: your shell username on Cloud Services, Gerrit, bastion and your instance (you may find it at Special:Preferences)
  • instance: your instance name like in the server name instance.eqiad.wmflabs, e.g. openid-wiki.eqiad.wmflabs
  • PuTTY
  • plink.exe (part of PuTTY suite)
  • Pageant (PuTTY authentication agent)
  • your generated and loaded-in-Pageant ssh key
  • WinSCP

See reference section for further information about tunnels and proxies.

How to set up PuTTY for proxying through bastion.wmflabs.org to your instance

 

 

 
The following uses an intermediate local proxy, part of the PuTTY suite.[2]

 

plink.exe bastion.wmflabs.org -l <username> -agent -nc %host:%port

 

 

Hint: Make sure the proxy server (here: bastion) is already known to Putty before using it as a proxy. Otherwise you might just get a blank screen. If you are still getting the blank screen, you can run the plink command written above from the shell command line and accept the fingerprint. Then connect again with PuTTY as described above. Note that the proxied connection takes longer to establish than regular one (ie. you can wait 5 sec to get the remote prompt).

How to set up WinSCP for tunneling through bastion.wmflabs.org to your instance

Setting up WinSCP is very easy compared to setting up PuTTY.

 
 
 
 

Troubleshooting

SSH2_MSG_UNIMPLEMENTED

If you receive an error message similar to "Disconnected: Server protocol violation: unexpected SSH2_MSG_UNIMPLEMENTED packet", upgrade your PuTTY and plink.exe to a newer version. Older versions of PuTTY try to use encryption algorithms (ciphers) that are not supported by newer verisons of openssh.

Also ensure that in Connection->SSH->Kex section you have Diffie-Hellman group 14 set as the very first on the list "Algorithm selection policy".

References