Bastion SSH Tunneling: Difference between revisions
Jump to navigation
Jump to search
| Line 136: | Line 136: | ||
| valign="top" | | | valign="top" | | ||
* [https://serverfault.com/questions/1052158/ Add Local Forward to <code>~/.ssh/config</code>] | |||
* [https://unix.stackexchange.com/questions/58969/ Keys added to ssh-agent with ssh-add] | * [https://unix.stackexchange.com/questions/58969/ Keys added to ssh-agent with ssh-add] | ||
* [https://unix.stackexchange.com/questions/518568/ Restart ssh-agent Without Relogin] | * [https://unix.stackexchange.com/questions/518568/ Restart ssh-agent Without Relogin] | ||
Revision as of 08:40, 10 January 2023
Tunnel
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'gtw.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
# bastion ssh tunnel
Host gtw.vpc.chorke.org
HostName gtw.vpc.chorke.org
PreferredAuthentications publickey
IdentityFile ~/.ssh/gtw.vpc.chorke.org_rsa
User deploy
EOF
fi
Tunneling
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'api.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
# api gateway service
Host api.vpc.chorke.org
HostName api.vpc.chorke.org
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
IdentityFile ~/.ssh/api.vpc.chorke.org_rsa
PreferredAuthentications publickey
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
User deploy
EOF
fi
|
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'app.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
# web portal service
Host app.vpc.chorke.org
HostName app.vpc.chorke.org
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
IdentityFile ~/.ssh/app.vpc.chorke.org_rsa
PreferredAuthentications publickey
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
User deploy
EOF
fi
|
|
| |
if [[ -f ${HOME}/.ssh/config ]]&&[[ -s ${HOME}/.ssh/config ]]&&
[[ "$(grep -c 'rds.vpc.chorke.org' ${HOME}/.ssh/config)" == 0 ]];then
tee -a ${HOME}/.ssh/config >/dev/null <<EOF
# psql database service
Host rds.vpc.chorke.org
HostName rds.vpc.chorke.org
ProxyCommand ssh -qW%h:%p gtw.vpc.chorke.org
IdentityFile ~/.ssh/rds.vpc.chorke.org_rsa
PreferredAuthentications publickey
PubkeyAcceptedKeyTypes +ssh-rsa
HostKeyAlgorithms +ssh-rsa
User deploy
EOF
fi
|
# add ssh private key to the ssh-agent
ssh-add ~/.ssh/app.vpc.chorke.org_rsa
ssh-add ~/.ssh/api.vpc.chorke.org_rsa
ssh-add ~/.ssh/rds.vpc.chorke.org_rsa
# forward ssh key to bastion
ssh -A app.vpc.chorke.org
ssh -A api.vpc.chorke.org
ssh -A rds.vpc.chorke.org
# manage ssh key from ssh-agent
ssh-add -d ~/.ssh/app.vpc.chorke.org_rsa
ssh-add -l
ssh-add -L
ssh-aad -D
|
Knowledge
sudo systemctl restart sshd sudo systemctl status ssh |
||
|
| ||
References
|
| ||