Skip to content

Instantly share code, notes, and snippets.

@colinangel
Last active January 16, 2018 02:57
Show Gist options
  • Save colinangel/b85d0e1fb9b6a2d4f66a to your computer and use it in GitHub Desktop.
Save colinangel/b85d0e1fb9b6a2d4f66a to your computer and use it in GitHub Desktop.
SSH directly to a box behind a jumpbox aka bastion host - useful for sshing to EC2 instances in private subnets
#
# Latest in Gist: https://gist.github.com/colinangel/b85d0e1fb9b6a2d4f66a
#
# NOTE: This uses ProxyCommand instead of ssh-agent because it's insecure.
# Replace 172.31.1.x with the IPs in your subnet
# Also replace the two IdentityFiles with your ssh key(s)
# Jumpbox
Host jmp
Hostname 172.31.1.10
User jumpbox-user
IdentityFile ~/.ssh/jumpbox-key.pem
# Automatically use jumpbox to connect to any ip address in the range specified
# e.g. ssh [email protected]
Host 172.31.1.*
ProxyCommand ssh ec2-user@jmp -W %h:%p
User ec2-user
IdentityFile ~/.ssh/destination-key.pem
# since new instances reuse old IPs, skip host key checking
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
# Multiplex connections so we don't have to open so many
# faster connections, and ability to use local editors on remote boxes
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
ControlPersist 1h
# keep connections despite network hiccups for up to 15 minutes
TCPKeepAlive no
ServerAliveInterval 60
ServerAliveCountMax 15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment