Share the joy
We need to ssh to bastion host, from there, ssh to xxx.ec2.internal host. The configuration in ~/.ssh/config file is like below:
Host *.ec2.internal // it applies to every *.ec2.internal User hadoop // the default username for final host. hadoop@xxx.ec2.internal, IdentityFile ~/.ssh/ssh-private.key // the private ssh key UseKeychain yes ProxyCommand ssh username@xxx.bastion-host.com -W %h:%p. // username, bastion host
So, later we can just simply run “ssh abc.ec2.internal“, it will ssh to it by using the bastion host.
Only putting the private key there, such as:
Host * IdentityFile ~/.ssh/ssh-private.key UseKeychain yes
One line command is like:
ssh -o ProxyCommand='ssh -W %h:%p {bastion-user-name}@{bastion-host-name}' username@{target-host-ip}
.ssh/config basic
One line command is like:
ssh john@dev.example.com -p 2322
equals:
Host dev
HostName dev.example.com
User john
Port 2322Then: ssh dev
Below makes ssh remembers the password. You won’t need to type the password again.
UseKeychain yes AddKeysToAgent yes
Matching order. https://linuxize.com/post/using-the-ssh-config-file/
Tunneling
ssh hadoop@xxxx.ec2.internal -4 -ND 8157
-4, IPv4
-ND, open local 8157 port for tunneling