The forwarding of keys for AWS Instance via Powershell using OpenSSH

Working with the security and networking in AWS is somewhat the same but different to physical networking. So I was testing an EC2 instance in a public subnet and EC2 instance in a private subnet. Created a bastion host (Jump server) and then attempted a L2 connection between public and private network. I have installed open ssh but there are some issues when “forwarding” your key instead of adding it to the public instance for security. After some research and a few articles, I got it to work. So I thought why not combine and provide a solution combined.

Ensure you have pre-generated key and then convert it using “putty” generator to .pem.

The error you get when you try and forward the key in CMD:

>ssh-add -K ssh.pem

Error connecting to agent: No such file or directory

Run the following in Powershell as an Admin:

  1. “Get-Service | select -property name,starttype”. The status should be disabled
  2. Then type “Set-Service -Name ssh-agent -StartupType Manual”
  3. then start the service by runnung “Start-Service ssh-agent”
  4. The run the following: sc.exe create sshd binPath=C:\Windows\System32\OpenSSH\ssh.exe

Re-load the key once again:

>ssh-add -k ssh.pem

Identity added: ssh.pem (ssh.pem)

Loaded successfully. Then I was able to jump onto the bastion host (jump server) and log onto the private instance (L2) ssh connection

And there we go.

Once you close the session, the key no longer resides on the bastion host (jump server). It is a nice way of caching it while connecting to other devices on an L2.

Hope this helps.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.