When sshing to a linux server, if you are in an environment where you cannot access from the outside, you will often log in via the bastion server.
It is troublesome to log in via the stepping stone by entering the following command every time, and it may cause trouble to mistake which server you are working on, so describe the login destination server in the ssh config. It is convenient.
ssh -i "xxxxxxx.pem" [email protected]
This is the case of sshing in 3 steps like
local terminal → bastion → bastion-2 → internal-server.
Describe as follows in
.ssh / config.
Host bastion HostName bastion.com User user IdentityFile ~/.ssh/id_rsa Host bastion-2 HostName 10.1.2.3 User user IdentityFile ~/.ssh/id_rsa ProxyCommand ssh -CW %h:%p bastion 2> /dev/null Host internal-server HostName 172.30.1.2 User internal-user IdentityFile ~/.ssh/internal-server.pem ProxyCommand ssh -CW %h:%p bastion-2 2> /dev/null
In this example, IdentityFile is specified, but please be careful about the permissions because all IdentityFiles must be stored on the local terminal.
ProxyCommand, ssh the original connection destination host
% h (internal-server) and its port
% p via bastion-2, and output the standard error to the file" / dev. The operation is to write to "/ null".
In the above case, you can log in to the internal-server directly from the local terminal just by writing
Also, by writing
scp internal-server: ./Copy source/* / Users / Copy destination, you can copy files to internal-server at once (in this case, copy from internal-server to local terminal). I can.