My currently working SSH tunnel into a private EC2 instance's postgreSQL server is:
ssh -N -i my-keypair.pem -L 5555:10.1.22.67:5432 ec2-user#14.229.71.224
The keypairs were the same for both the bastion jump host and the private instance (my-keypair.pem).
However, now we use different keypairs, one for bastion host (my-keypair.pem) and another for private instance (my-different-keypair.pem). How can I amend the above SSH tunnel command, so that I can still use DBeaver to connect into postgreSQL on the private instance?
Related
I have a Postgres RDS instance running in a private Subnet. It is accessible through a EC2 as a bastion host, as EC2 instance is configured in a public subnet in the same VPC as the private subnet. I can ssh to the RDS instance through the jump server.
Is there a way I can DBeaver client to the RDS instance? Do I need to configure a VPN connection for that? What are the different options here?
You can stablish a connection to the DB through the jump server using SSH Tunnel:
Create new connection
Configure SSH settings using the fields of the bastion host (use password or private key)
Specify PostgreSQL user/password/endpoint and test the connection
I have an RDS instance that only accepts incoming requests from my EC2 instance. I want to connect MySQLWorkbench to the RDS instance, however, I use a VPN, and don't want to allow a specific IP address access to the RDS, as my local IP address changes frequently. Can I connect to my RDS instance using a PEM key or similar approach?
Yes, MySQL Workbench allows you to connect to databases using Standard TCP/IP over SSH
Since you've got an EC2 instance running, simply use the EC2's public IP, username and you can use the PEM as an authentication method.
ssh -o "ExitOnForwardFailure yes" -p 22 -fN ec2-user#123.456.789.XXX -L localhost:3360:rds-conn-url:3306
This is a non-login shell (N) so your terminal will hang when connected.
Alternatively, if you're using a Unix based system, you can make SSH tunnel to the EC2 instance and then use the port binding with Standard TCP/IP connection
I am trying to provision 2 ec2 instances on a private subnet using Ansible playbooks. My infrastructure includes:
Bastion Host on a public subnet
2 EC2 instances on 2 private subnets
NAT Gate for outgoing connections
Application Load Balancer
My question is how to run the Ansible playbook from localhost to affect the private instances. Can I SSH forward the playbook or does the playbook have to reside in the bastion host and then use the private IPs as hosts?
Create ssh-config file ~/.ssh/config and then add the following line to config file
host bastion
HostName bastion_ip
User bastion_user
identityFile ~/.ssh/mykey.pem
host private_instance
HostName 10.0.0.11
user private_ec2_user
ProxyCommand ssh bastion -W %h:%p
identityFile ~/.ssh/mykey.pem
My question is how to run the Ansible playbook from localhost to
affect the private instances.
Now you have configured ssh config file all you need to type
ssh private_instance
this will create SSH tunneling to your private instance, you do not need complex or lengthy command to type every time.
Ansible allows the use of SSH configuration options and ProxyCommand can come to rescue when trying to forward the command from bastion to private subnet hosts. Here is an example
ssh -o ProxyCommand="ssh ubuntu#52.50.10.5 'nc 192.168.0.20 22'" ubuntu#nothing
The above command will, for example, first connect to 52.50.10.5 via SSH, and then open a socket to 192.168.0.20 on port 22. The socket connection (which is connected to the remote SSH server) is then passed to the original SSH client command invocation to utilize.
Source : https://spin.atomicobject.com/2016/05/16/ansible-aws-ec2-vpc/
I have an instance in AWS with private IP (no public dns and no public ip) and I would like to connect to this instance through winscp to download few logs to my local PC. When I try to connect to this private instance through winscp I get below error, obviously because the server is in private.
Usually I ssh to bastion server which is in public subnet and then from there with private ssh key I ssh to the private instance. I could able to winscp to this bastion server which is in public but I would require to winscp to the private instance. I tried winscp connection tunnel hoping it might help somehow but I got "authentication key" error. Is there any way to winscp to private instance in AWS.
I found this tutorial http://www.revsys.com/writings/quicktips/ssh-tunnel.html to setup an SSH tunnel to be followed on the publicly accessible machine to link to the private one.
More opinions here How to setup bastion host or Jumpbox in AWS?.
I have two instances
1. Bastion host instance
2. Amazon linux instance.
I can login in to bastion host instance and have added key of another Amazon linux instance in which i want to allow ssh access but when i try to run command in bastion host instance it doesn't work.My security group of both ec2 instances bastion host instance and amazon linux have set inbound traffic allow to all, more over VPC and subnet are also set with proper internet gateway.
ssh -A ec2-user#ip
Can any one tell what am i missing?
You have to use the path to key of the instance you are trying to connect and "-i" instead of "-A" check below command.
ssh -i /path-to-key/key.pem ec2-user#ip
You can run ssh in verbose mode (-v) to see if the relevant key is getting used or if any other issue:
ssh -v -A ec2-user#ip
Also the #IP in use is instance private IP address?
you have to use private key of the ec2 instance to login into it from the bastion host instance. You have to set the pem file to have permissions of 600. Also you can rename the key-file.pem to key-file just to avoid any unwanted attention to it. So the command would be :
ssh -i /path_to_key-file/key-file ec2-user#ec2_instance_ip