On your laptop, add the following to your ~/.ssh/config Host bastion-server You should use different keys for the bastion and private servers for these but in this example I am not. This will create a new SSH key, with the name set to The private key will be ~/.ssh/bastion-example.pem, the public key ~/.ssh/Īssuming you are using EC2, ensure that AWS has your public key, using that key when you provision the bastion server and the private server. Ssh-keygen -t rsa -b 4096 -C -f ~/.ssh/bastion-example.pem ![]() In order for your laptop to access the private-server you need to perform the following steps. SSH Config: this file exists on your laptop, typically located ~/.ssh/config.Ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6HXOrlWaXs2l7jFBBf4lBekVXROt3UgqADJfN5asu66p6V+vI+3Vsx圎39Va4Kg/G0YHQAqRjs8UIhNoQFz7L4aiDvVSunP5Auh2Y6pEiz/zIWm+Ha0GxSPWPNoNMPU0ScT/G9haX1HW8dlGZ6dND7iRDfV/lk74Dw7UV6H the portion, this value can be modified at-will and is used to clearly identify the key. This file should be copied to the bastion and private server(s) and appended to /home/the-user-you-ssh-in-as/.ssh/authorized_keys You can freely share this data without comprimising security. This is not sensitive data, hence the name "public". The contents are 1 long line, starting with ssh-rsa. Public key: This file will be called something like my_key_. OIDmwm6lcidcbceYCC1MyIA4jdD6oGVrwpZZMygXlZJGadRldH2Cz9Wwchq1sKF BlYAeLJĬ7FiDCs7U3AGRbCq7Wdchk+QKiTxepuJJcvUKhkY1wFuQd9UfIqvhSs +BLU4sXrbd7yvxO H88HoITPyTjPrblkMq76ldoosIDRUfT8GTGVbZq/ofZZSiOGs5R6QeR6eP +OAePMVe+jhu KxgELf8LbXMvTN3+jwN8/qSncKsyWGZ6MA +Q5zKNXGdXzNeLvGj4QPmO5Hh8Gs3B0elFhx Ubd88J+NAuUHsa4H67Nzhx/rvyeKWD7HvLpIMLCq+VOZnrvtHcqv950 +Cpwt3pTpYsrspR Ny1Q59BYXJVyW6YEj3MAUrlQeZS+AVujPtUP1iWPvFXzDZxBiov6qDWv/ 04t4Iqmdd9FMn NhAAAAAwEAAQAAAgEAuh1zq5Vml7Npe4xQQX +JQXpFV0Trd1IKgAyXzeWrLuuqelfryPt1īMcRN/VWuCoPxtGB0AKkY7PFCITaEBc+y+Gog71Urpz+QLodmOqRIs/ 8yFpvh2tBsUj1jzĪDTD1NEnE/xvYWl9R1vHZRmenTQ+4kQ31f5ZO+A8O1Feh0qubSfxcUR319EZO/ 6k3JbizC If this is ever comprimised, you should create new keys and dispose of the old one.ī3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAd zc2gtcn This file should be protected and never exposed to the world. Private key: This is the file with many lines of text, looks like a rectangle. SSH Agent: This is a program that runs on your laptop and keeps your SSH private keys loaded in memory. Sometimes the bastion server is protected by a VPN, sometimes not but should always have a firewall. Definitionsīastion server: Sometimes called a "jump server", this server is reachable by your laptop. This guide also does not show the usage of password-protected keys, you should use password-protection. ![]() ⚠️ This guide does NOT use individual SSH keys, which is recommended for security purposes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |