I have a publicly-accessible bastion host. I am presently able to SSH to the bastion with ssh bastion using this in my ~/.ssh/config:
Host bastion
IdentitiesOnly yes
HostName bastion.foo.com
User my-user
Port 2222
PubKeyAuthentication yes
IdentityFile ~/.ssh/bastion.pem
ServerAliveInterval 30
Now I have a Redis instance inside the firewall which I would like to forward a local port to. This works:
ssh -L 6000:redis.private.foo.com:6379 bastion
But I want a config Host shortcut so I can just type ssh redis and have the tunnel set up. (I'm happy to devote a terminal tab to it, although I will try -N -f to see if I prefer that.) The host name won't change, and the tunnel needs to go via the bastion. I have tried this:
Host redis
LocalForward 6000 redis.private.foo.com:6379
ProxyJump bastion
This doesn't work, and fails with:
channel 0: open failed: connect failed: Temporary failure in name resolution
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535
I have no idea why it's complaining about that MAXINT port number…
I don't want to have to duplicate all the HostName, IdentityFile, etc. for this special case of tunneling to the Redis server. How can I reuse those values but also have a Host configured for when I want the tunnel? This answer seems to say that I should be able to just add HostName redis.private.foo.com to the second Host and it should work, but I get the same error in that case. The only difference is that, with the HostName parameter, the connection fails after ~2min instead of 15s.
I have tested and the bastion host is able to connect to the internal host name on the Redis port.
