0

I am trying to setup a bastion host for my online infrastructure. All my servers will be using public key for authentication. Currently I am able to connect to my bastion host using public key but I do not want to store private keys of my internal servers on the bastion host.

So how do I configure my bastion host to be a proxy server which will allows me to connect to my internal servers using private key stored on my local box.

Joel Divekar
  • 53
  • 5
  • 1
    ssh agent forwarding – Jacob Evans Dec 01 '20 at 04:35
  • Have you just *tried* `ssh -v -J bastion internal_server`? Part of the magic of that feature is that all configuration & keys remain local, and by default, every ssh server is capable of functioning as a proxy - though you want to *disable* some features (attack surface) on the bastion host later, after figuring out it works with the defaults. – anx Dec 01 '20 at 04:37
  • Thank @anx, it worked. I am able to connect to internal servers using -J. Is it possible that we do not allow users to connect to bastion server or have limited access on bastion server, but they just use bastion host as proxy and hit internal servers ? – Joel Divekar Dec 01 '20 at 08:31

1 Answers1

0

Thanks to @anx, below command allows I am able to successfully connect to my internal servers.

ssh -J BastionHost InternalServer
Joel Divekar
  • 53
  • 5