Geek Answers Handbook

Go x / crypto / ssh - How to establish a ssh connection with a private instance over a node bastion

I want to implement this scenario: On AWS, I have a VPC in which it has a public and private subnet deployed. On the public subnet, I have an instance of "bastion", while on the private subnet there is one node that runs some services (an instance of the AKA service). Using the * nux ssh command, I can do this to connect to the "service instance" from my local laptop:

ssh -t -o ProxyCommand="ssh -i <key> ubuntu@ <bastion-ip> nc %h %p" -i <key> ubuntu@ <service-instance-ip>

I have a Go program and want to do the following:

  • ssh connect to the "service instance" from the "local laptop" above the "bastion"
  • use a connection session to run some commands (for example, "ls -l")
  • Uploading files from the local laptop to the โ€œservice instanceโ€

I tried, but could not implement the same process as doing

 ssh -t -o ProxyCommand="ssh -i <key> ubuntu@ <bastion-ip> nc %h %p" -i <key> ubuntu@ <service-instance-ip>

Can someone help show me an example? Thanks!

By the way, I found this: https://github.com/golang/go/issues/6223 , which means that he is definitely capable of doing this, right?

+2
source share
1 answer

You can do this even more directly with "x / crypto / ssh" without the nc command, as there is a way to dial up a connection from a remote host and present it as net.Conn .

Once you have ssh.Client , you can use the Dial method to get a virtual net.Conn between you and the destination host. Then you can turn this into a new ssh.Conn with ssh.NewClientConn and create a new ssh.Client with ssh.NewClient

 // connect to the bastion host bClient, err := ssh.Dial("tcp", bastionAddr, config) if err != nil { log.Fatal(err) } // Dial a connection to the service host, from the bastion conn, err := bClient.Dial("tcp", serviceAddr) if err != nil { log.Fatal(err) } ncc, chans, reqs, err := ssh.NewClientConn(conn, serviceAddr, config) if err != nil { log.Fatal(err) } sClient := ssh.NewClient(ncc, chans, reqs) // sClient is an ssh client connected to the service host, through the bastion host.
+6
source

More articles:


All Articles