Working with the security and networking in AWS is somewhat the same but different to physical networking. So I was testing an EC2 instance in a public subnet and EC2 instance in a private subnet. Created a bastion host (Jump server) and then attempted a L2 connection between public and private network. I have installed open ssh but there are some issues when “forwarding” your key instead of adding it to the public instance for security. After some research and a few articles, I got it to work. So I thought why not combine and provide a solution combined.
Ensure you have pre-generated key and then convert it using “putty” generator to .pem.
The error you get when you try and forward the key in CMD:
>ssh-add -K ssh.pem
Error connecting to agent: No such file or directory
Run the following in Powershell as an Admin:
- “Get-Service | select -property name,starttype”. The status should be disabled
- Then type “Set-Service -Name ssh-agent -StartupType Manual”
- then start the service by runnung “Start-Service ssh-agent”
- The run the following: sc.exe create sshd binPath=C:\Windows\System32\OpenSSH\ssh.exe
Re-load the key once again:
>ssh-add -k ssh.pem
Identity added: ssh.pem (ssh.pem)
Loaded successfully. Then I was able to jump onto the bastion host (jump server) and log onto the private instance (L2) ssh connection
And there we go.
Once you close the session, the key no longer resides on the bastion host (jump server). It is a nice way of caching it while connecting to other devices on an L2.
Hope this helps.