![]() Note firstly that I run this from my laptop, NOT FROM THE BASTION, secondly note that I use the name defined in ~/.ssh/config # Logout of bastionĪttempt to login to your private server from your laptop ssh private-server You should be logged into your bastion if everything is working correctly. Note that I am using the name we defined in ~/.ssh/config ssh/bastion-example.pem to SSH to the bastion from your laptop ssh bastion-server Identity added: /root/.ssh/bastion-example.pem (/root/.ssh/ ssh-add -lĤ096 SHA256:J4pJTKFZ4CJYg8ahbs6BTA6WrmSTyS5UukXKbvGm7ek /root/. eval $(ssh-agent)Īgent pid ssh-add -k ~/.ssh/bastion-example.pem You can confirm this with the ssh-add -l command. This should load the private key created in step 1(or used from existing keys) into memory. You can add this to your ~/.bashrc or ~/.bash_profile if you want. Load the SSH keys into memory on your laptop eval $(ssh-agent) # This only needs to be ran once per shell(tab in terminal). This defines your bastion and your private server, notice that the private server uses the bastion server's name for ProxyJump ProxyJump bastion-server # Bastion name defined in this file, or IP/FQDN On your laptop, add the following to your ~/.ssh/config Host bastion-server You should use different keys for the bastion and private servers for these but in this example I am not. This will create a new SSH key, with the name set to The private key will be ~/.ssh/bastion-example.pem, the public key ~/.ssh/Īssuming you are using EC2, ensure that AWS has your public key, using that key when you provision the bastion server and the private server. Ssh-keygen -t rsa -b 4096 -C -f ~/.ssh/bastion-example.pem In order for your laptop to access the private-server you need to perform the following steps. SSH Config: this file exists on your laptop, typically located ~/.ssh/config. ![]() Ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6HXOrlWaXs2l7jFBBf4lBekVXROt3UgqADJfN5asu66p6V+vI+3Vsx圎39Va4Kg/G0YHQAqRjs8UIhNoQFz7L4aiDvVSunP5Auh2Y6pEiz/zIWm+Ha0GxSPWPNoNMPU0ScT/G9haX1HW8dlGZ6dND7iRDfV/lk74Dw7UV6H the portion, this value can be modified at-will and is used to clearly identify the key. This file should be copied to the bastion and private server(s) and appended to /home/the-user-you-ssh-in-as/.ssh/authorized_keys You can freely share this data without comprimising security. This is not sensitive data, hence the name "public". The contents are 1 long line, starting with ssh-rsa. ![]() Public key: This file will be called something like my_key_. OIDmwm6lcidcbceYCC1MyIA4jdD6oGVrwpZZMygXlZJGadRldH2Cz9Wwchq1sKF BlYAeLJĬ7FiDCs7U3AGRbCq7Wdchk+QKiTxepuJJcvUKhkY1wFuQd9UfIqvhSs +BLU4sXrbd7yvxO KxgELf8LbXMvTN3+jwN8/qSncKsyWGZ6MA +Q5zKNXGdXzNeLvGj4QPmO5Hh8Gs3B0elFhx Ubd88J+NAuUHsa4H67Nzhx/rvyeKWD7HvLpIMLCq+VOZnrvtHcqv950 +Cpwt3pTpYsrspR Ny1Q59BYXJVyW6YEj3MAUrlQeZS+AVujPtUP1iWPvFXzDZxBiov6qDWv/ 04t4Iqmdd9FMn NhAAAAAwEAAQAAAgEAuh1zq5Vml7Npe4xQQX +JQXpFV0Trd1IKgAyXzeWrLuuqelfryPt1īMcRN/VWuCoPxtGB0AKkY7PFCITaEBc+y+Gog71Urpz+QLodmOqRIs/ 8yFpvh2tBsUj1jzĪDTD1NEnE/xvYWl9R1vHZRmenTQ+4kQ31f5ZO+A8O1Feh0qubSfxcUR319EZO/ 6k3JbizC If this is ever comprimised, you should create new keys and dispose of the old one.ī3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAd zc2gtcn This file should be protected and never exposed to the world. Private key: This is the file with many lines of text, looks like a rectangle. SSH Agent: This is a program that runs on your laptop and keeps your SSH private keys loaded in memory. Sometimes the bastion server is protected by a VPN, sometimes not but should always have a firewall. Definitionsīastion server: Sometimes called a "jump server", this server is reachable by your laptop. This guide also does not show the usage of password-protected keys, you should use password-protection. ⚠️ This guide does NOT use individual SSH keys, which is recommended for security purposes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |