Oracle Cloud Infrastructure and SSH Keys – Jump!

Jump! In our Trivadis Oracle Cloud Infrastructure training environments, we never use direct access to an application or database server by a public IP address. For this case, we use an Oracle Linux based bastion host which acts as a jump host. For security reasons, I never put any SSH keys on a bastion host to connect from there to the target instances. If your bastion host is compromitted, your SSH keys are lost! In one of the last trainings, some participants had problems with. So I decided to blog about. This blog post shows you the different methods to connect to an Oracle Cloud Infrastructure private/public network by using a bastion host.  SSH Keys Oracle Cloud Infrastructure Linux based…

Read More

OCI Database Backup Service Configuration – Avoid 401 Unauthorized Error

While I a preparing new exercises for an Oracle Cloud Infrastructure training, I ran into an issue while configuring the Oracle Database Backup Service for the Object Storage. The OCI backup module installer returns an error 401. My Environment Oracle Linux 7 Virtual Box Machine Oracle 19c RDBMS Backup Service Module Installation Error The installation was done according the documenation https://docs.oracle.com/en/cloud/paas/db-backup-cloud/csdbb/oracle-database-cloud-backup-module-oci.html oracle@ocivm01:~/ [ONPREM] java -jar oci_install.jar -host https://objectstorage.eu-frankfurt-1.oraclecloud.com -pvtKeyFile /home/oracle/.ssh/oci_api_backup_key.pem -pubFingerPrint 1c:79:c5:d5:e4:3a:6e:f5:07:xx:xx:xx -uOCID ocid1.user.oc1..aaaaaaaanqt5qrcbwwseeud7cjfxqcip123456789abcdefghi -tOCID ocid1.tenancy.oc1..aaaaaaaac3gjl7xgpxu3wmmqh2ha123456789abcdefghi -walletDir $ORACLE_BASE/opc_wallet -libDir $ORACLE_HOME/lib -configFile /u01/app/oracle/admin/ONPREM/opc_config/ONPREM.ora -bucket db_backup_doag00 Error Message – java.io.IOException: testConnection: 401 Unauthorized Oracle Database Cloud Backup Module Install Tool, build 12.2.0.1.0DBBKPCSBP_2018-11-09 Error: Could not authenticate to Oracle Database Cloud Backup Module Exception in thread “main” java.lang.RuntimeException: java.io.IOException: testConnection: 401 Unauthorized. at…

Read More

Monitor your Oracle Cloud Free Tier with Grafana on Oracle Linux 8

In a previous blog post I wrote about monitoring Oracle Cloud Infrastructure components by Grafana. In the meantime, we got the Oracle Cloud Free Tier. Here is an updated version. This blog post shows you how to install and configure the Grafana plugin based on the Oracle blog entry https://blogs.oracle.com/cloudnative/data-source-grafana on an Oracle Enterprise Linux 8 server. Steps to monitor the Oracle Cloud Free Tier by the OCI Grafana Plugin Install and configure the Oracle Cloud Infrastructure CLI – by download or by YUM install Configure Group, User and Policy in Oracle Cloud Infrastructure Console Install Grafana and the OCI Plugin Configure the Grafana DataSource Create a new Dashboard with OCI Metrics Machine Requirements The server needs access to the internet.…

Read More

OCI Compute Instances – Stop SSH Brute Force Attacks with fail2ban & UseDNS

Every day and night, the SSH login by key into my public accessible Oracle Cloud Infrastructure Linux Compute Instance was permitted for hours. And sometimes, when I had luck, it worked. For me it was not clear when it works and when not. But something has blocked me. The password authentification in the OCI Linux instance is basically disabled, the key is the only way to log in. After some investigation on the OCI instance, I found a huge amount of login trials in the /var/log/secure file. These brute force attacks were locking me out! Nov 4 03:57:24 instance-as-1 sshd[1975]: Received disconnect from 132.232.17.146 port 53924:11: Normal Shutdown, Thank you for playing [preauth] Nov 4 03:57:24 instance-as-1 sshd[1975]: Disconnected from 132.232.17.146…

Read More

Oracle Cloud Infrastructure Storage Software Appliance – Installation and Configuration

The Oracle Cloud Infrastructure Storage Software Appliance – also known as Oracle Storage Cloud Software Appliance OSCSA – acts as a gateway between classic storage and the Oracle Cloud Infrastructure Object Storage Service. The appliance can be installed on an on-premises Linux system or in an Oracle Compute Cloud machine and runs in a Docker container. It offers a local cache where clients can place their files before the OSCSA moves them into the Storage Service. The communication between a client with a filesystem to the OSCSA works with NFSv4, from the OSCSA to the Object Storage Service, Oracle is using their REST interface. Traffic from the OSCSA to and from the Oracle cloud can be encrypted and compressed. In this blog post…

Read More