Tag Archives: bastion

Here’s how you pass all ssh connections through a single bastion host:

  • First, set up passwordless ssh between you and the bastion. There’s a billion and one guides on google for how to do this, so I’m going to skip this step and assume you know this one.
  • Then you will need to edit the file /home/username/.ssh/config and inside of that file, put the following details:

    Host nameorip.of.bastion.server
    StrictHostKeyChecking no
    User username
    ProxyCommand none
    ControlMaster auto
    ControlPath ~/.ssh/master-%r@%h:%p
    Host *
    ProxyCommand ssh -qax nameorip.of.bastion.server ‘nc -w 600 %h %p’

  • Once that is done, you save the file.

Ta dah! All of your ssh connections will now be routed through that host.

Now, you may want to flip back and forth (like I do). The way I did this was to create two files

/home/username/.ssh/config.on
/home/username/.ssh/config.off

Inside of config.on is what I detailed above. Inside of config.off is what the config file was set to before I set the above up (ie, not passing through bastion). I then modified /home/username/.bash_profile and set the following two aliases:

alias baston=’cp -f /home/username/.ssh/config.on /home/username/.ssh/config’
alias bastoff=’cp -f /home/username/.ssh/config.off /home/username/.ssh/config’

type

source /home/username/.bash_profile

Now when I want to route my connections through the bastion, I type “baston” and then move ahead. To disable routing it through the bastion, I type “bastoff”.

Simple, but like I said. I had never really learned how to do this previously due to a lack of real need on my part until recently. As usual, it was easy peasy once you just look into how it is done.


Category: linux
Tags: ,

Categories


gives good tech

tech.superhappykittymeow.com
Kale is one of the smartest people I know

Racker Hacker
Major is always good for leet deetz