Last active
January 16, 2018 02:57
-
-
Save colinangel/b85d0e1fb9b6a2d4f66a to your computer and use it in GitHub Desktop.
SSH directly to a box behind a jumpbox aka bastion host - useful for sshing to EC2 instances in private subnets
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Latest in Gist: https://gist.github.com/colinangel/b85d0e1fb9b6a2d4f66a | |
# | |
# NOTE: This uses ProxyCommand instead of ssh-agent because it's insecure. | |
# Replace 172.31.1.x with the IPs in your subnet | |
# Also replace the two IdentityFiles with your ssh key(s) | |
# Jumpbox | |
Host jmp | |
Hostname 172.31.1.10 | |
User jumpbox-user | |
IdentityFile ~/.ssh/jumpbox-key.pem | |
# Automatically use jumpbox to connect to any ip address in the range specified | |
# e.g. ssh [email protected] | |
Host 172.31.1.* | |
ProxyCommand ssh ec2-user@jmp -W %h:%p | |
User ec2-user | |
IdentityFile ~/.ssh/destination-key.pem | |
# since new instances reuse old IPs, skip host key checking | |
StrictHostKeyChecking no | |
UserKnownHostsFile=/dev/null | |
# Multiplex connections so we don't have to open so many | |
# faster connections, and ability to use local editors on remote boxes | |
Host * | |
ControlMaster auto | |
ControlPath ~/.ssh/master-%r@%h:%p | |
ControlPersist 1h | |
# keep connections despite network hiccups for up to 15 minutes | |
TCPKeepAlive no | |
ServerAliveInterval 60 | |
ServerAliveCountMax 15 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment