Connect to an application instance using an SSH tunnel

To access application instances in a single step, you can create an SSH tunnel from your localhost to the instance using the steps below:

NOTE: The steps described below are only valid for Linux and Mac OS X systems.

• Connect to the Bastion host with your SSH key forwarded as described in the connect to the application instance using SSH guide.

• Activate TCP forwarding on the SSH daemon and close the SSH connection running the commands below:

    $ sudo sed -i -e 's/AllowTcpForwarding no/AllowTcpForwarding yes/g' /etc/ssh/sshd_config
    $ sudo /etc/init.d/sshd restart
    $ exit
  

• Edit your SSH configuration file at ~/.ssh/config to create the SSH tunnel. You can use the command below which appends the required extra configuration to your existing one:

    $ cat >> ~/.ssh/config <<'EOF'
    >Host bastionHost
    > Hostname BASTION_IP
    > User ec2-user
    > ForwardAgent yes
    > IdentityFile KEYFILE
    >
    >Host appInstance
    > Hostname PRIVATE_IP
    > User bitnami
    > ForwardAgent yes
    > IdentityFile KEYFILE
    > ProxyCommand ssh -A -W %h:22 bastionHost
    >EOF
  

  Remember to replace KEYFILE in the previous command with the path to your private key file (.pem), BASTION_IP with the public IP address obtained in the step 1 of the connect to the application instance using SSH guide, and PRIVATE_IP with the private IP address obtained in the step 2 of the same guide.

You will now be able to connect to the instance in a single step, using the following command:

    $ ssh appInstance