Skip to content

Cloud Harbinger

Ramblings and Such

Menu
  • Home
  • About
  • Blog
  • Contact
Menu

The “Right” Way to Access Private EC2 Instances

Posted on September 19, 2019September 19, 2019 by John Harbin

Accessing private EC2 instances from a public jump host presents a potential security issue. Every instance must be accessed using a private access key, but storing this key on the jump host is a bad (actually, very bad) idea. If stolen, this could allow any of your systems configured with the key to be compromised.

Try using ‘ssh-agent’ from your local system to store and use your private keys. This will allow your jump host to forward along or proxy the authentication without having to upload or share the key.

# Step 1 is to actually start 'ssh-agent'
# This outputs the commands to set the necessary environment variables
# and will display the PID of the agent.  
#
# Example:
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-wlp2yfs0IEW8/agent.16882; export SSH_AUTH_SOCK;
SSH_AGENT_PID=16883; export SSH_AGENT_PID;
echo Agent pid 16883;

# Step 2 is to store your private key using 'ssh-add'
# ssh-add privateKeyName.pem
#
# Example:
$ ssh-add kpSuperSecret.pem
Identity added: kpSuperSecret.pem (kpSuperSecret.pem)

Once the access key is stored locally, you can simply connect to your jump host with SSH as normal. From there, accessing the private hosts just requires you to add the “-A” flag:

$ ssh ec2-user@ec2-somename-compute-1.amazonaws.com -A

# And then, on into the private instances:
$ ssh ec2-user@ip-someInternalIP.ec2.internal

Share this:

  • Twitter
  • Facebook

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

PCEP - Certified Entry Level Python ProgrammerAWS Certified Solutions Architect AssociateAWS Certified SysOps Administrator Associate
AWS Certified Solutions Architect ProfessionalAWS Certified Advanced Networking SpecialtyAWS Certified Security Specialty
VMware Certified Professional Network Virtualization 2021VMware Certified Master Specialist VMware Cloud on AWS 2020VMware Certified 2X Certified Professional DCV and NV

advice architect aws career certification ec2 security tools

Find Us

Email
info@cloudharbinger.com

Phone
‪(720) 254-1064‬

© 2022 Cloud Harbinger | Powered by Minimalist Blog WordPress Theme