0

I recently came across this ssh config file in one of my projects:

~/.ssh/config

Host git-codecommit.*.amazonaws.com
  User my-aws-user
  IdentityFile ~/.ssh/id_rsa


Include config.d/*

~/.ssh/config.d/work-ssh.config:

Host gateway
  HostName server1.amazonaws.com
  User ec2-user
  IdentityFile ~/.ssh/my-public-key.pem

Host my-db
  User ec2-user
  HostName server2.amazonaws.com
  IdentityFile ~/.ssh/my-public-key.pem
  ProxyCommand ssh gateway nc %h %p
  LocalForward 25432 another-server.amazonaws.com:5432

What exactly is the LocalForward doing in this configuration? My understanding was the above will use gateway (server1.amazonaws.com) as a bastion and allow me to connect to server2.amazonaws.com. Or does it first opens a ssh connection to gateway, then forward port 25432 on the gateway to port 5432 on another-server.amazonaws.com? Then where does server2.amazonaws.com fit in?

Also, when I run the above:

ssh -vvv my-db

I get the following error:

ssh: Could not resolve hostname my-db: nodename nor servname provided, or not known

I guess it probably means the config file is being skipped, but not sure why?

Thanks in advance!

Improve this question

1 Answer 1

Reset to default
1

What exactly is the LocalForward doing in this configuration?

It does exactly the same thing as if you were connecting to "server2" directly – that is, it establishes a tunnel through server2 towards another-server.

It is completely unrelated to gateways or bastion hosts.

I get the following error [...] I guess it probably means the config file is being skipped, but not sure why?

The Include directive was only introduced in OpenSSH 8.2 – macOS bundles a much older version.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .