How do you tunnel through bastion to EC2 both having unique keys using ssh CLI. I tried
ssh -i <pem key 1> user#ec2......amazonaws.com -i <pem key 2> -J user#ip....internal
but it keeps timing out saying the connection was refused.
Related
I'm trying to access localhost:6006 on my remote ubuntu machine using public keys, and put it on my localhost:6006.
The command is something similar to:
ssh -N -L 127.0.0.1:6006:127.0.0.1:6006 ubuntu#XXX.XX.XX.XXX
but I keep getting public key denied (but I can access the computer with my keys via normal ssh)
You should specify your private key with option -i.
ssh -i [path_of_your_private_key] -N -L 127.0.0.1:6006:127.0.0.1:6006 ubuntu#XXX.XX.XX.XXX
Establishing SSH tunnel can done from the command line by explicitly giving
ssh -N -f -L 18888:192.168.224.143:8888 username#192.168.224.143
or defining tunnel in ~/.ssh/config file
Host tunnel
HostName 192.168.224.143
IdentityFile ~/.ssh/mine.key
LocalForward 18888 192.168.224.143:8888
User username
and then running,
ssh -f -N tunnel
Is there a way to start this tunnel without running the ssh ssh -f -N tunnel command explicitly?
I would like to establish this tunnel whenever my machine boots up. Do not want to add it in init script. Can it be done with SSH configuration itself?
No. SSH configuration is not designed to start something for you automatically. You need to add it to your startup applications or init script/systemd service, if you want to start it automatically after the network.
I also recommend you to use autossh which will take care of re-establishing the tunnel, if it fails for some reason.
Is there a way to get the ssh-agent to forward a specific key not configured in ~/.ssh/config. For example I am connecting to a host on ec2 like this:
ssh -At -i ssh/insecure-deployer ec2-user#$bastion-instance-dns
or even connect directly to the instance behind my bastion instance like this:
ssh -At -i ssh/insecure-deployer ec2-user#$bastion-instance-dns ssh ubuntu#target-instance-ip
What I'd like to do is have the agent forward the same key I'm using to connect to the bastion instance in this case, i.e. the ssh/insecure-deployer key, but it seems that only keys in ~/.ssh/config are being forwarded.
I realized what was wrong. I need to add my key to the agent:
ssh-add -L
did not list the key.
Add the key via:
ssh-add ssh/insecure-deployer
and:
ssh -At -i ssh/insecure-deployer ec2-user#$bastion-instance-dns ssh ubuntu#target-instance-ip
works as desired.
I tried to use ssh command to connect to another remote host.
ssh -p 21098 -i $OPENSHIFT_DATA_DIR/.ssh/host_key user#domain.com
The authenticity of host '[domain.com]:21098 ([124.219.148.93]:21098)' can't be established.
RSA key fingerprint is 12:15:79:55:c6:2a:66:1e:82:94:da:19:e1:ca:21:3d.
Are you sure you want to continue connecting (yes/no)?yes
Failed to add the host to the list of known hosts (/var/lib/openshift/541b685c5973cae7bbf006f4/.ssh/known_hosts).
Connection closed by 124.219.148.93
I suppose we do not have access to home/.ssh. So how to solve this problem?
One can pass options to SSH on command line, like this:
ssh -o UserKnownHostsFile=/tmp/known_host_file -p 21098 -i $OPENSHIFT_DATA_DIR/.ssh/host_key user#domain.com
Here is related answer: ssh use known_hosts other than $HOME/.ssh/known_hosts
I'm trying to use rsync to connect to an Rsync server. However, our company firewall blocks the 873 port used by rsync.
Using the following proxy configuration with corkscrew in the ~/.ssh/config file, I can bypass the firewall and connect to remote servers with SSH:
ProxyCommand /usr/local/bin/corkscrew our-http-proxy.domain.name 8080 %h %p
Thus, with the above configuration, I use ssh the following way, which lets me connect to a remote machine with no problem:
ssh -L 8080:localhost:80 username#remote.machine.name -p 443
My question is, can I use rsync to utilize such ssh tunnel, and connect to the Rsync server?
I so far tried a few ways to have rsync utilize the same ssh proxy configuration. One of them is as follows, which always results in ssh_exchange_identification: Connection closed by remote host:
rsync -CaLvz -e "ssh -L 873:remote.rsync-server.name:443" remote.rsync-server.name::remote-source-directory /local/target/directory/
Any ideas?