When sshing to a linux server, if you are in an environment where you cannot access from the outside, you will often log in via the bastion server.
It is troublesome to log in via the stepping stone by entering the following command every time, and it may cause trouble to mistake which server you are working on, so describe the login destination server in the ssh config. It is convenient.
ssh -i "xxxxxxx.pem" [email protected]
This is the case of sshing in 3 steps like local terminal → bastion → bastion-2 → internal-server
.
Describe as follows in .ssh / config
.
Host bastion
HostName bastion.com
User user
IdentityFile ~/.ssh/id_rsa
Host bastion-2
HostName 10.1.2.3
User user
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh -CW %h:%p bastion 2> /dev/null
Host internal-server
HostName 172.30.1.2
User internal-user
IdentityFile ~/.ssh/internal-server.pem
ProxyCommand ssh -CW %h:%p bastion-2 2> /dev/null
In this example, IdentityFile is specified, but please be careful about the permissions because all IdentityFiles must be stored on the local terminal.
To specify ProxyCommand
, ssh the original connection destination host% h
(internal-server) and its port % p
via bastion-2, and output the standard error to the file" / dev. The operation is to write to "/ null".
In the above case, you can log in to the internal-server directly from the local terminal just by writing ssh internal-server
.
Also, by writing scp internal-server: ./Copy source/* / Users / Copy destination
, you can copy files to internal-server at once (in this case, copy from internal-server to local terminal). I can.
Recommended Posts