We at work use Bastion in our VPC to connect to several private servers, I have set up aliases (ssh host aliases) to speed up the process of bouncing to the next server, but this is a slow process and many users end up catting our config to find the appropriate alias. I would like to figure out a way to be able to have our users be able to ssh / sftp through Bastion? Does anyone know an acceptable method? I looked briefly into mosh-server but am uncertain whether this is the correct way to do this.
Asked
Active
Viewed 291 times
1 Answers
2
Assuming OpenSSH on Linux/MacOS. Putty likely offers something similar.
Tell your users to use the ProxyCommand in their ~/.ssh/config files:
cat ~/.ssh/config
Host !bastion.example.com *.example.com
ProxyCommand ssh -q -a user@gateway.example.com nc %h %p
IdentityFile ~/.ssh/id_rsa
If you then try to connect to test.example.com, ssh will automatically tunnel this connection via bastion.example.com.
You can add endless flexibility to this if you like.
Sven
- 98,649
- 14
- 180
- 226
-
Sorry I didn't get right back to accepting, we just had a server outage =/ plus one and accepted, thank you for the prompt and clear answer – ehime Apr 30 '15 at 16:44