My use case is I have to access AWS ec2 instances through a jumpbox.
Here is my SSH config.
Host awsjumpbox
User sshuser
HostName jumpboxhostname
IdentityFile /Users/myusername/.ssh/id_rsa
LocalForward 8022 10.0.168.43:22
It works when I do SCP command to copy files to the EC2 instance.
myusername % scp -r -i ~/aws/aws-keypair.pem -P 8022 * ec2-user@localhost:testdir
The authenticity of host '[localhost]:8022 ([::1]:8022)' can't be established.
ECDSA key fingerprint is SHA256:rrwr62yjP2cgUTT9SowdlrIwGi4jMMwt5x4Aj6E4Y3Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:8022' (ECDSA) to the list of known hosts.
/etc/profile.d/lang.sh: line 19: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
README.md 100% 1064 24.3KB/s 00:00
However, when I executed SSH command. It returns a strange IP address.
myusername % ssh -i ~/aws/aws-keypair.pem -P 8022 ec2-user@localhost
ssh: connect to host 0.0.31.86 port 22: No route to host
What is the cause of this issue? How do I fix it?
Thank you.
Don't use LocalForward and reverse the flow.
Use ProxyCommand or ProxyJump. This will allow SSH to open a session to your bastion server transparently.
E.g. your configuration should be something in the line of
Host 10.0.168.43
User root
ProxyCommand ssh -W %h:%p sshuser@awsjumpbox
...
or
Host 10.0.168.43
User root
ProxyJump sshuser@awsjumpbox
...