re: Linux Bastion Hosts on the AWS Cloud
1. Do we need to provide the private key to SSH to a EC2 host in a private subnet once logged into the Bastion host?
If no, what is the sample ssh command?
I think I have found the answer …
The simplest method is like this:
ssh -o ProxyCommand=’ssh -W %h:%p user@bastion’ user@target
To make this easier (and to make it also work for other tools like scp or rsync), you can edit your ~/.ssh/config file to define the proxy command and other params. For example:
ProxyCommand ssh bastion -W %h:%p
then you can use:
$ ssh my_server
There are lots of ways you can combine options to suit nearly any workflow. Combining hosts, using different keys, whatever. Check out the cookbook for really good examples.
Adding to the above answer, Ryan has a video (CSAA) on his VPC series that shows him SSHing into his Web Server (public IP) and from there using the private key SSHing into his DB server in the private subnet. I tested several times and it works like a charm.