re: Linux Bastion Hosts on the AWS Cloud
http://docs.aws.amazon.com/quickstart/latest/linux-bastion/architecture.html
1. Do we need to provide the private key to SSH to a EC2 host in a private subnet once logged into the Bastion host?
If no, what is the sample ssh command?
Thanks.
1 Answers
I think I have found the answer …
SSH Proxy
The simplest method is like this:
ssh -o ProxyCommand=’ssh -W %h:%p user@bastion’ user@target
To make this easier (and to make it also work for other tools like scp or rsync), you can edit your ~/.ssh/config file to define the proxy command and other params. For example:
Host bastion
Hostname my-bastion-host.example.com
Host my_server
Hostname 10.0.1.18
ProxyCommand ssh bastion -W %h:%p
then you can use:$ ssh my_server
There are lots of ways you can combine options to suit nearly any workflow. Combining hosts, using different keys, whatever. Check out the cookbook for really good examples.
Adding to the above answer, Ryan has a video (CSAA) on his VPC series that shows him SSHing into his Web Server (public IP) and from there using the private key SSHing into his DB server in the private subnet. I tested several times and it works like a charm.