Bastion SSH Tunneling: Difference between revisions
Jump to navigation
Jump to search
(Created page with "==References== {| | valign="top" | * [https://stackoverflow.com/questions/25464930/ Remove an SSH Key] | valign="top" | | valign="top" | |- | colspan="3" | ---- |- | valign...") |
No edit summary |
||
| Line 1: | Line 1: | ||
==Tunnel== | |||
<source lang='bash'> | |||
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&& | |||
[[ "$(grep -c 'gtw.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then | |||
tee -a ${HOME}/.ssh/config >/dev/null <<EOF | |||
# bastion ssh tunnel | |||
Host gtw.vpc.chorke.org | |||
HostName gtw.vpc.chorke.org | |||
PreferredAuthentications publickey | |||
IdentityFile ~/.ssh/gtw.vpc.chorke.org_rsa | |||
User deploy | |||
EOF | |||
fi | |||
</source> | |||
==Tunneling== | |||
{| | |||
|valign="top"| | |||
<source lang='bash'> | |||
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&& | |||
[[ "$(grep -c 'api.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then | |||
tee -a ${HOME}/.ssh/config >/dev/null <<EOF | |||
Host api.vpc.chorke.org | |||
HostName api.vpc.chorke.org | |||
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org | |||
IdentityFile ~/.ssh/api.vpc.chorke.org_rsa | |||
PreferredAuthentications publickey | |||
PubkeyAcceptedKeyTypes +ssh-rsa | |||
HostKeyAlgorithms +ssh-rsa | |||
User deploy | |||
EOF | |||
fi | |||
</source> | |||
|valign="top"| | |||
<source lang='bash'> | |||
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&& | |||
[[ "$(grep -c 'app.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then | |||
tee -a ${HOME}/.ssh/config >/dev/null <<EOF | |||
Host app.vpc.chorke.org | |||
HostName app.vpc.chorke.org | |||
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org | |||
IdentityFile ~/.ssh/app.vpc.chorke.org_rsa | |||
PreferredAuthentications publickey | |||
PubkeyAcceptedKeyTypes +ssh-rsa | |||
HostKeyAlgorithms +ssh-rsa | |||
User deploy | |||
EOF | |||
fi | |||
</source> | |||
|- | |||
|colspan="2"| | |||
---- | |||
|- | |||
|valign="top"| | |||
<source lang='bash'> | |||
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&& | |||
[[ "$(grep -c 'rds.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then | |||
tee -a ${HOME}/.ssh/config >/dev/null <<EOF | |||
Host rds.vpc.chorke.org | |||
HostName rds.vpc.chorke.org | |||
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org | |||
IdentityFile ~/.ssh/rds.vpc.chorke.org_rsa | |||
PreferredAuthentications publickey | |||
PubkeyAcceptedKeyTypes +ssh-rsa | |||
HostKeyAlgorithms +ssh-rsa | |||
User deploy | |||
EOF | |||
fi | |||
</source> | |||
|valign="bottom"| | |||
<source lang='bash'> | |||
# ssh private key add to the ssh-agent | |||
ssh-add ~/.ssh/app.vpc.chorke.org_rsa | |||
ssh-add ~/.ssh/api.vpc.chorke.org_rsa | |||
ssh-add ~/.ssh/rds.vpc.chorke.org_rsa | |||
# forwarded key to bastion | |||
ssh -A app.vpc.chorke.org | |||
ssh -A api.vpc.chorke.org | |||
ssh -A rds.vpc.chorke.org | |||
# manage ssh key from ssh-agent | |||
ssh-add -d ~/.ssh/app.vpc.chorke.org_rsa | |||
ssh-add -L | |||
ssh-aad -D | |||
</source> | |||
|} | |||
==References== | ==References== | ||
{| | {| | ||
Revision as of 09:51, 9 January 2023
Tunnel
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'gtw.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
# bastion ssh tunnel
Host gtw.vpc.chorke.org
HostName gtw.vpc.chorke.org
PreferredAuthentications publickey
IdentityFile ~/.ssh/gtw.vpc.chorke.org_rsa
User deploy
EOF
fi
Tunneling
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'api.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
Host api.vpc.chorke.org
HostName api.vpc.chorke.org
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
IdentityFile ~/.ssh/api.vpc.chorke.org_rsa
PreferredAuthentications publickey
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
User deploy
EOF
fi
|
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'app.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
Host app.vpc.chorke.org
HostName app.vpc.chorke.org
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
IdentityFile ~/.ssh/app.vpc.chorke.org_rsa
PreferredAuthentications publickey
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
User deploy
EOF
fi
|
|
| |
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'rds.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
Host rds.vpc.chorke.org
HostName rds.vpc.chorke.org
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
IdentityFile ~/.ssh/rds.vpc.chorke.org_rsa
PreferredAuthentications publickey
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
User deploy
EOF
fi
|
# ssh private key add to the ssh-agent
ssh-add ~/.ssh/app.vpc.chorke.org_rsa
ssh-add ~/.ssh/api.vpc.chorke.org_rsa
ssh-add ~/.ssh/rds.vpc.chorke.org_rsa
# forwarded key to bastion
ssh -A app.vpc.chorke.org
ssh -A api.vpc.chorke.org
ssh -A rds.vpc.chorke.org
# manage ssh key from ssh-agent
ssh-add -d ~/.ssh/app.vpc.chorke.org_rsa
ssh-add -L
ssh-aad -D
|
References
|
| ||