Skip to content

Instantly share code, notes, and snippets.

@bgraw3
Forked from colinangel/SSH leapfrog
Created January 16, 2018 02:57
Show Gist options
  • Save bgraw3/075a8eeb16dbe616afdd43334c8ec7a8 to your computer and use it in GitHub Desktop.
Save bgraw3/075a8eeb16dbe616afdd43334c8ec7a8 to your computer and use it in GitHub Desktop.
SSH directly to a box behind a jumpbox aka bastion host - useful for sshing to EC2 instances in private subnets
#
# Latest in Gist: https://gist.github.com/colinangel/b85d0e1fb9b6a2d4f66a
#
# NOTE: This uses ProxyCommand instead of ssh-agent because it's insecure.
# Replace 172.31.1.x with the IPs in your subnet
# Also replace the two IdentityFiles with your ssh key(s)
# Jumpbox
Host jmp
Hostname 172.31.1.10
User jumpbox-user
IdentityFile ~/.ssh/jumpbox-key.pem
# Automatically use jumpbox to connect to any ip address in the range specified
# e.g. ssh [email protected]
Host 172.31.1.*
ProxyCommand ssh ec2-user@jmp -W %h:%p
User ec2-user
IdentityFile ~/.ssh/destination-key.pem
# since new instances reuse old IPs, skip host key checking
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
# Multiplex connections so we don't have to open so many
# faster connections, and ability to use local editors on remote boxes
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
ControlPersist 1h
# keep connections despite network hiccups for up to 15 minutes
TCPKeepAlive no
ServerAliveInterval 60
ServerAliveCountMax 15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment