Describe the multi-stage ssh destination in the config, log in easily, and copy the file with scp

Purpose

When sshing to a linux server, if you are in an environment where you cannot access from the outside, you will often log in via the bastion server.

It is troublesome to log in via the stepping stone by entering the following command every time, and it may cause trouble to mistake which server you are working on, so describe the login destination server in the ssh config. It is convenient. ssh -i "xxxxxxx.pem" [email protected]

procedure

This is the case of sshing in 3 steps like local terminal → bastion → bastion-2 → internal-server. Describe as follows in .ssh / config.

Host bastion
  HostName bastion.com
  User user
  IdentityFile ~/.ssh/id_rsa

Host bastion-2
  HostName 10.1.2.3
  User user
  IdentityFile ~/.ssh/id_rsa
  ProxyCommand ssh -CW %h:%p bastion 2> /dev/null

Host internal-server
  HostName 172.30.1.2
  User internal-user
  IdentityFile ~/.ssh/internal-server.pem
  ProxyCommand ssh -CW %h:%p bastion-2 2> /dev/null

In this example, IdentityFile is specified, but please be careful about the permissions because all IdentityFiles must be stored on the local terminal. To specify ProxyCommand, ssh the original connection destination host% h (internal-server) and its port % p via bastion-2, and output the standard error to the file" / dev. The operation is to write to "/ null".

result

In the above case, you can log in to the internal-server directly from the local terminal just by writing ssh internal-server.

Also, by writing scp internal-server: ./Copy source/* / Users / Copy destination, you can copy files to internal-server at once (in this case, copy from internal-server to local terminal). I can.

Recommended Posts

Describe the multi-stage ssh destination in the config, log in easily, and copy the file with scp
Log in to the remote server with SSH
Format the Git log and get the committed file name in csv format
Replace the directory name and the file name in the directory together with a Linux command.
Edit the file of the SSH connection destination server on the server with VS Code
Introducing Paramiko + scp ~ SSH connection ~ File transfer with SCP
Easily log in to AWS with multiple accounts
Describe ec2 with boto3 and retrieve the value
Edit and debug the code in the Raspberry Pi with VS Code's SSH connection feature
Write this in the ttl file for the time being for automatic SSH login with Teraterm
Create Amazon Linux with AWS EC2 and log in
Read the csv file and display it in the browser