re: Linux Bastion Hosts on the AWS Cloud
1. Do we need to provide the private key to SSH to a EC2 host in a private subnet once logged into the Bastion host?
If no, what is the sample ssh command?
I think I have found the answer …
The simplest method is like this:
ssh -o ProxyCommand=’ssh -W %h:%p user@bastion’ user@target
To make this easier (and to make it also work for other tools like scp or rsync), you can edit your ~/.ssh/config file to define the proxy command and other params. For example:
ProxyCommand ssh bastion -W %h:%p
then you can use:
$ ssh my_server
There are lots of ways you can combine options to suit nearly any workflow. Combining hosts, using different keys, whatever. Check out the cookbook for really good examples.