Move contents into new folder structure based on primary technology Signed-off-by: Scott Lowe <scott.lowe@scottlowe.org> |
||
|---|---|---|
| .. | ||
| bastion-hosts | ||
| bastion_rsa | ||
| bastion_rsa.pub | ||
| client-ssh-config | ||
| machines.yml | ||
| README.md | ||
| remote_rsa | ||
| remote_rsa.pub | ||
| ssh-bastion-diagram.png | ||
| Vagrantfile | ||
SSH Bastion Hosts
These files were created to allow users to use Vagrant (http://www.vagrantup.com) to quickly and easily spin up an environment for learning and working with SSH bastion hosts and proxy commands. This environment was created and tested using VMware Fusion 7.1.2, Vagrant 1.7.4, and the Vagrant VMware plugin.
Contents
-
bastion_rsa and bastion_rsa.pub: Private/public key pair for accessing the SSH bastion host. The password for this key pair is
password(all lowercase). These files are automatically installed by Vagrant into the correct VMs. -
bastion-hosts: This snippet of an
/etc/hostsfile contains IP addresses for the remote SSH destinations. It is added to/etc/hostson the bastion host automatically by Vagrant during provisioning. -
client-ssh-config: This is an SSH configuration file that sets up the SSH bastion host configuration. This file is installed automatically by Vagrant into the client VM, but must be edited to properly reflect the IP address assigned to the bastion host (see the instructions below).
-
README.md: This file you're currently reading.
-
remote_rsa and remote_rsa.pub: Private/public key pair for accessing the remote SSH nodes behind the bastion host. The password for this key pair is
secure(all lowercase). TheVagrantfilewill automatically place these files in the correct locations on the appropriate VMs. -
servers.yml: This YAML file contains a list of VM definitions and associated configuration data. It is referenced by
Vagrantfilewhen Vagrant instantiates the VMs. Generally, this is the only file that requires any edits; you'll edit this file to specify the correct Vagrant box installed on your system. -
ssh-bastion-diagram.png: This PNG diagram provides a graphical overview of the different VMs in this environment and how they are connected.
-
Vagrantfile: This file is used by Vagrant to spin up the virtual machines. This file is fairly extensively commented to help explain what's happening. You should be able to use this file unchanged; all the VM configuration options are stored outside this file.
Instructions
These instructions assume you've already installed VMware Fusion, Vagrant, and the Vagrant VMware plugin. Please refer to the documentation for those products for more information on installation or configuration.
-
Use
vagrant box addto add a 64-bit Ubuntu 14.04 ("Trusty Tahr") base box to be used by thisVagrantfile. For a VMware-formatted box, the "bento/ubuntu-14.04" box is a good option. The "ubuntu/trusty64" box is a good option for VirtualBox. -
Edit the
servers.ymlfile to ensure the box you downloaded in step 1 is specified on the "box:" line of this file for each VM. (By default, there are four VMs, so make sure to specify the correct box name for all four VMs.) -
Run
vagrant up, and when the VMs are finished provisioning runvagrant ssh-config bastion. Make note of the IP address provided for this VM; you'll need it in the next step. -
Run
vagrant ssh clientto access the SSH client VM. -
Use the editor of your choice to edit
~/.ssh/configon the client VM to specify the correct address for the bastion host (look for theHostnameline). Save the changes to this file. -
In the client VM, load the SSH agent via this command:
eval `ssh-agent -s` -
Use
ssh-addto add the bastion_rsa and remote_rsa keys. (The passphrase forbastion_rsais "password"; forremote_rsathe passphrase is "secure".) -
Use
ssh remote1orssh remote2to establish an SSH session through the bastion host, as specified by theProxyCommandin the SSH configuration file.
Enjoy!