TechQA.

Unable to setup ssh config remote forwarding from Local --> Bastion --> EC2

620 views Asked by At

Overview

I'm trying to configure ~/.ssh/config to connect my local VSCode to remote (EC2). I've done a lot of testing and can't understand why situation one is working and others are failing. I'm able to get RemoteCommand to work successfully for ssh'ing into EC2 instance after ssh'ing into BastionHost, however I'm unable to achieve the same with ProxyJump or ProxyCommand. VSCode doesn't list the EC2 filesystem when using the RemoteCommand example (just gets to BastionHost), so thinking I'll need to resolve to either ProxyJump/ProxyCommand based on most of the documentation.

I've tried to follow the instructions here exactly along with trying out different approaches from other articles to no avail.

##WORKS
Host dev-ec2
  HostName 10.248.000.206
  User meme1
  RemoteCommand ssh 10.248.000.201
  RequestTTY yes
  IdentityFile ~/.ssh/mykey

##WORKS
Host bastion-dev
  HostName 10.248.000.206
  User meme1
  IdentityFile ~/.ssh/mykey
  RequestTTY yes

##FAILS (times out)
Host dev-ec2-proxycommand
  HostName 10.248.000.201
  User meme1
  ProxyCommand ssh.exe bastion-dev -W %h:%p

##FAILS (Permission denied on public key, even though no issue in the RemoteCommand example)
Host ec2-dev-proxyjump
  HostName 10.248.000.201
  User meme1
  ProxyJump bastion-dev
  IdentityFile ~/.ssh/mykey

System Info

OS: Windows 10 Bastion OS: Linux (Amazon Linux AMI)

Disclaimer

I've been trolling StackOverflow and other forums for the past couple days to no avail, and although I've found similar questions none have provided viable answers for resolving.

amazon-web-services visual-studio-code amazon-ec2 ssh bastion-host
Original Q&A
1

There are 1 answers

0
Azize On

I suppose this one below is failing because you are using a command from Windows at your bastion, that is Linux.
Command ssh.exe will not work on Linux. Everything that you put on ProxyCommand will run inside your bastion host, in your case it is a Linux OS.

Also make sure your instance Security Group allow connection from bastion IP, not from your computer.

##FAILS (times out)
Host dev-ec2-proxycommand
  HostName 10.248.000.201
  User meme1
  ProxyCommand ssh.exe bastion-dev -W %h:%p

I have the config below on my ~/.ssh/config file and it works fine for me to connect on my instance behind bastion host.

Bastion IP: 172.31.4.238
Host IP (behind bastion): 172.31.11.98

Host 172.31.11.98
  HostName 172.31.11.98
  User ec2-user
  ProxyCommand ssh -W %h:%p [email protected]

See it below

$ ssh 172.31.11.98
The authenticity of host '172.31.11.98 (<no hostip for proxy command>)' can't be established.
ECDSA key fingerprint is SHA256:vy....
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.31.11.98' (ECDSA) to the list of known hosts.

       __|  __|_  )
       _|  (     /   Amazon Linux 2 AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-2/
[ec2-user@ip-172-31-11-98 ~]$

Related Questions in AMAZON-WEB-SERVICES

Related Questions in VISUAL-STUDIO-CODE

Related Questions in AMAZON-EC2

Related Questions in SSH

Related Questions in BASTION-HOST

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions