Convenient SSH proxying through a bastion host

The use of a bastion host is not new, but I found a little trick recently that makes connecting to instances through a bastion host a little easier.

Usually in order to access a server in a private network, you need to create an SSH session to the bastion host, and then from there create another SSH session into the server in the private network that you really want access to.

Having a configuration like this in ~/.ssh/config allows you to connect to the server in private network without manually making the jump to the bastion host.

# This covers the bastion host
Host bastion.mydomain.com.au
    User ec2-user
    IdentityFile ~/.ssh/my_ssh
# This covers all hosts within my 10.70.0.0/16 private network
Host 10.70.*
    User ec2-user
    IdentityFile ~/.ssh/my_ssh
    ProxyCommand ssh ec2-user@bastion.mydomain.com.au -W %h:%p

(Of course, you would have also followed this post for a quick way to automate the provisioning of SSH access to your your servers quickly)

With a config like this, all you have to do is to run the following in order to get access to your private network directly:

> ssh 10.70.1.128

What this command does is to proxy all your traffic through the bastion host without any intervention, which makes things very convenient if you have to connect to multiple servers!

For Windows users, the equivalent also exists in MobaXTerm, which I think is the best SSH client out there for Windows.