How to SSH to Private Instance via Jumphost/Bastion
There is frequent cases where we want to provision instance in a private network for security reason (e.g: database instance), but when we don’t have Corporate VPN to connect to that private network, how we can configure this?
The answer is via a jumphost or some people call it bastion host. Basically it’s a intermediary instance provisioned in the public network, that only open ssh port to the internet (and secured via private-public ssh key).
Let say we have 2 instances
db (the private instance), we can ssh to the private instance by using this config :
Host jumphost HostName <jumphost-public-ip> User ubuntu AddKeysToAgent yes IdentityFile <private-key-file-location> Host db Hostname <db-private-ip> User ubuntu Port 22 IdentityFile <private-key-file-location> ProxyCommand ssh -q -W %h:%p jumphost
Then to connect into db, we can just