Connect to an application instance using an SSH tunnel

To access application instances in a single step, you can create an SSH tunnel from your localhost to the instance using the steps below:

NOTE: The steps described below are only valid for Linux and Mac OS X systems.

  • Connect to the Bastion host with your SSH key forwarded as described in the connect to the application instance using SSH guide.

  • Activate TCP forwarding on the SSH daemon and close the SSH connection running the commands below:

      $ sudo sed -i -e 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
      $ sudo /etc/init.d/sshd restart
      $ exit
  • Edit your SSH configuration file at ~/.ssh/config to create the SSH tunnel. You can use the command below which appends the required extra configuration to your existing one:

      $ cat >> ~/.ssh/config <<'EOF'
      >Host bastionHost
      > Hostname BASTION_IP
      > User ec2-user
      > ForwardAgent yes
      > IdentityFile KEYFILE
      >Host appInstance
      > Hostname PRIVATE_IP
      > User bitnami
      > ForwardAgent yes
      > IdentityFile KEYFILE
      > ProxyCommand ssh -A -W %h:22 bastionHost

    Remember to replace KEYFILE in the previous command with the path to your private key file (.pem), BASTION_IP with the public IP address obtained in the step 1 of the connect to the application instance using SSH guide, and PRIVATE_IP with the private IP address obtained in the step 2 of the same guide.

You will now be able to connect to the instance in a single step, using the following command:

    $ ssh appInstance
Last modification July 8, 2019