Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

JConsole over ssh local port forwarding

Tags:

java

ssh

jmx

I'd like to be able to remotely connect to a Java service that has JMX exposed, however it is blocked by a firewall. I have tried to use ssh local port forwarding, however the connection fails. Looking at wireshark, it appears that when you try to connect with jconsole, it wants to connect via some ephemeral ports after connecting to port 9999, which are blocked by the firewall.

Is there any way to make jconsole only connect through 9999 or use a proxy? Is this article still the best solution? Or, am I missing something?

like image 464
blockcipher Avatar asked Feb 26 '13 15:02

blockcipher


People also ask

Does SSH support port forwarding?

Although the typical use case of SSH is to access a remote server securely, you can also transfer files, forward local and remote ports, mount remote directories, redirect GUI, or even proxy arbitrary traffic (need I say SSH is awesome?).

What port does JConsole use?

The default port is 1099. A username and password that you have configured in the JVM to be able to connect to the JMX service.


2 Answers

There's an even nicer way to do this using an SSH socks tunnel, since JConsole supports SOCKS:

  1. Create the SSH socks proxy locally on some free port (e.g. 7777):

    ssh -fN -D 7777 user@firewalled-host

  2. Run JConsole by specifying the SOCKS proxy (e.g. localhost:7777) and the address for the JMX server (e.g. localhost:2147)

    jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=7777 service:jmx:rmi:///jndi/rmi://localhost:2147/jmxrmi -J-DsocksNonProxyHosts=

As mentioned in one of the answers below, from JDK 8u60+ you also need to have the -J-DsocksNonProxyHosts= option in order to get it working.

like image 167
Bogdan Avatar answered Oct 10 '22 00:10

Bogdan


With almost all current JDK versions (7u25 or later) it's now possible to use JConsole and Visual JVM over SSH quite easily (because now you can bind JMX to single port).

I use the following JVM parameters

-Dcom.sun.management.jmxremote.port=8090 -Dcom.sun.management.jmxremote.rmi.port=8090 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false 

Then I launch SSH connection

ssh my.javaserver.domain -L 8090:127.0.0.1:8090 

After I can connect from JConsole

Remote Process: -> localhost:8090

And Java Visual VM

Right Click on Local -> Add JMX Connection -> localhost:8090

like image 42
Boris Treukhov Avatar answered Oct 10 '22 01:10

Boris Treukhov