Bastion SSH Tunneling: Difference between revisions

Revision as of 10:25, 10 January 2023

Tunnel

if  [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
    [[ "$(grep -c 'gtw.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
        tee -a ${HOME}/.ssh/config >/dev/null <<EOF

# bastion ssh tunnel
Host gtw.vpc.chorke.org
     HostName gtw.vpc.chorke.org
     PreferredAuthentications publickey
     IdentityFile ~/.ssh/gtw.vpc.chorke.org_rsa
     User deploy
EOF
fi

Tunneling

if  [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
    [[ "$(grep -c 'api.vpc.chorke.org'  ${HOME}/.ssh/config)" == 0 ]];then
        tee -a ${HOME}/.ssh/config >/dev/null <<EOF

# api gateway service
Host api.vpc.chorke.org
     HostName api.vpc.chorke.org
     ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
     IdentityFile ~/.ssh/api.vpc.chorke.org_rsa
     PreferredAuthentications publickey
     PubkeyAcceptedKeyTypes +ssh-rsa
     HostKeyAlgorithms +ssh-rsa
     User deploy
     LocalForward 1983 localhost:1983
     LocalForward 2013 localhost:2013
     LocalForward 2015 localhost:2015
EOF
fi

if  [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
    [[ "$(grep -c 'app.vpc.chorke.org'  ${HOME}/.ssh/config)" == 0 ]];then
        tee -a ${HOME}/.ssh/config >/dev/null <<EOF

# web portal service
Host app.vpc.chorke.org
     HostName app.vpc.chorke.org
     ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
     IdentityFile ~/.ssh/app.vpc.chorke.org_rsa
     PreferredAuthentications publickey
     PubkeyAcceptedKeyTypes +ssh-rsa
     HostKeyAlgorithms +ssh-rsa
     User deploy
     LocalForward 1983 localhost:1983
     LocalForward 2013 localhost:2013
     LocalForward 2015 localhost:2015
EOF
fi

if  [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
    [[ "$(grep -c 'rds.vpc.chorke.org'  ${HOME}/.ssh/config)" == 0 ]];then
        tee -a ${HOME}/.ssh/config >/dev/null <<EOF

# psql database service
Host rds.vpc.chorke.org
     HostName rds.vpc.chorke.org
     ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
     IdentityFile ~/.ssh/rds.vpc.chorke.org_rsa
     PreferredAuthentications publickey
     PubkeyAcceptedKeyTypes +ssh-rsa
     HostKeyAlgorithms +ssh-rsa
     User deploy
EOF
fi

# add ssh private key to the ssh-agent
ssh-add ~/.ssh/app.vpc.chorke.org_rsa
ssh-add ~/.ssh/api.vpc.chorke.org_rsa
ssh-add ~/.ssh/rds.vpc.chorke.org_rsa

# forward ssh key to bastion
ssh -A app.vpc.chorke.org
ssh -A api.vpc.chorke.org
ssh -A rds.vpc.chorke.org 

# manage ssh key from ssh-agent
ssh-add -d ~/.ssh/app.vpc.chorke.org_rsa
ssh-add -l
ssh-add -L
ssh-aad -D

Knowledge

sudo systemctl restart sshd sudo systemctl status ssh

References

SSH/Public Key Authentication Remove an SSH Key SSH Port Forwarding Ubuntu/Raspberry Pi Fedora/Raspberry Pi Fedora/Morefine Raspberry Pi OpenVPN Fedora Bash	Add Multiple Local Forward to `~/.ssh/config` Add Local Forward to `~/.ssh/config` Keys added to ssh-agent with ssh-add Restart ssh-agent Without Relogin Sed Replace A Multi-Line String AWS

Bastion SSH Tunneling: Difference between revisions

Revision as of 10:25, 10 January 2023

Contents

Tunnel

Tunneling

Knowledge

References

Navigation menu

Bastion SSH Tunneling: Difference between revisions

Revision as of 10:25, 10 January 2023

Tunnel

Tunneling

Knowledge

References

Navigation menu

Search