Myst SSH to a DMZ host via a Jumpbox/Bastion
Are there servers firewalled (or in a DMZ) which cannot be SSH'd directly? These servers are usually public facing such as OHS and can only be connected via a jumpbox. Below are examples of configuring SSH tunnels.
Note that the SSH configuration below is for the adminserver because Myst connects to hosts via the AdminServer.
Prerequisite
Check SSH Version
Check your SSH version by running as certain commands have compatibility requirements.
Setup SSH Keys for Passwordless Login
Obviously we need all SSH connections to not have a prompt otherwise you'd be entering a password for each SSH jump.
These steps assume you don't have an SSH key. If you already have a key then skip steps 1 and 2.
Generate the private and public keys
SSH to the
adminserveras theoracleuserssh-keygen -t rsa -b 4096Leave the defaults by pressing the
Enterkey
Copy the public key to the Jumpbox
ssh-copy-id oracle@adminserverEnter the password for the
oracleuserNOTE: If the above command does not work due to
ssh-copy-idnot existing then try:cat ~/.ssh/id_rsa.pub | ssh oracle@jumpbox "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
Copy the public key to the DMZ Host1
SSH to the Jumpbox as the
oracleuserssh-copy-id oracle@jumpboxEnter the password for the
oracleuserNOTE: If the above command does not work due to
ssh-copy-idnot existing then try:cat ~/.ssh/id_rsa.pub | ssh oracle@dmzhost1 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
SSH Jump Methods
Update or create the oracle user's $HOME/.ssh/config with one of these methods.
ProxyJump (OpenSSH 7.3+)
ProxyCommand - Single
Use this method if running a version lower than OpenSSH 7.3.
ProxyCommand - Multiple
Use this method if the single method does not work.
Validate SSH jump
Test the SSH command.
SSH to the
adminserverand theoracleuserRun the command to validate
Last updated