JConsole over ssh local port forwarding

java ssh jmx
blockcipher picture blockcipher · Feb 26, 2013 · Viewed 55k times · Source

I'd like to be able to remotely connect to a Java service that has JMX exposed, however it is blocked by a firewall. I have tried to use ssh local port forwarding, however the connection fails. Looking at wireshark, it appears that when you try to connect with jconsole, it wants to connect via some ephemeral ports after connecting to port 9999, which are blocked by the firewall.

Is there any way to make jconsole only connect through 9999 or use a proxy? Is this article still the best solution? Or, am I missing something?

Answer

Bogdan picture Bogdan · Oct 31, 2013

There's an even nicer way to do this using an SSH socks tunnel, since JConsole supports SOCKS:

  1. Create the SSH socks proxy locally on some free port (e.g. 7777):

    ssh -fN -D 7777 user@firewalled-host

  2. Run JConsole by specifying the SOCKS proxy (e.g. localhost:7777) and the address for the JMX server (e.g. localhost:2147)

    jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=7777 service:jmx:rmi:///jndi/rmi://localhost:2147/jmxrmi -J-DsocksNonProxyHosts=

As mentioned in one of the answers below, from JDK 8u60+ you also need to have the -J-DsocksNonProxyHosts= option in order to get it working.

Related questions

SSH library for Java

Does anyone know of a good library for SSH login from Java.

Read More
com.jcraft.jsch.JSchException: UnknownHostKey

I'm trying to use Jsch to establish an SSH connection in Java. My code produces the following exception: com.jcraft.jsch.JSchException: UnknownHostKey: mywebsite.com. RSA key fingerprint is 22:fb:ee:fe:18:cd:aa:9a:9c:78:89:9f:b4:78:75:b4 I …

Read More
Run a command over SSH with JSch

I'm trying to run a command over SSH with JSch, but JSch has virtually no documentation and the examples I've found are terrible. For example, this one doesn't show code for handling the output stream. And, this one uses an …

Read More