Tag Archives: bastion
Here’s how you pass all ssh connections through a single bastion host:
- First, set up passwordless ssh between you and the bastion. There’s a billion and one guides on google for how to do this, so I’m going to skip this step and assume you know this one.
- Then you will need to edit the file /home/username/.ssh/config and inside of that file, put the following details:
ProxyCommand ssh -qax nameorip.of.bastion.server ‘nc -w 600 %h %p’
- Once that is done, you save the file.
Ta dah! All of your ssh connections will now be routed through that host.
Now, you may want to flip back and forth (like I do). The way I did this was to create two files
Inside of config.on is what I detailed above. Inside of config.off is what the config file was set to before I set the above up (ie, not passing through bastion). I then modified /home/username/.bash_profile and set the following two aliases:
alias baston=’cp -f /home/username/.ssh/config.on /home/username/.ssh/config’
alias bastoff=’cp -f /home/username/.ssh/config.off /home/username/.ssh/config’
Now when I want to route my connections through the bastion, I type “baston” and then move ahead. To disable routing it through the bastion, I type “bastoff”.
Simple, but like I said. I had never really learned how to do this previously due to a lack of real need on my part until recently. As usual, it was easy peasy once you just look into how it is done.