Jumphost

Jumphost is the host that you can use to connect to all the netowrk-isolated resources which are deployed inside you Virtual Private Cloud (VPC). The most common case is to connect to your SQL databases using an SSH tunnel.

Connecting using EC2 Instance Connect

Connecting using EC2 Instance Connect is required to create additional users on the Jumphost.

To connect to the Jumphost using EC2 Instance connect you have to:

• Install the mssh tool
• Find the EC2 instance id. You can do this in the AWS console or using AWS CLI:

aws ec2 describe-instances \
  --filters 'Name=tag:Name,Values=*-jumphost' 'Name=tag:BoxManaged,Values=true' \
  --query 'Reservations[0].Instances[0].InstanceId' \
  --output text

• Connect to the instance:

mssh ubuntu@i-001234a4bf70dec41EXAMPLE

Adding users

The user must generate ssh key pair on his/her computer first. The command for Linux is:

ssh-keygen -b 4096 -t rsa -f ~/.ssh/id_rsa-devopsbox-jumphost -q -N ""

and share the contents of the public key:

cat ~/.ssh/id_rsa-devopsbox-jumphost.pub

Now you can start creating a new user on the Jumphost:

• Log in to the Jumphost using EC2 instance connect
• Add a new user (--gecos "" is used to run in the non-interactive mode):

sudo adduser new_user --disabled-password --gecos ""

• Add the ssh public key generated before:

sudo su - new_user
mkdir .ssh
chmod 700 .ssh
echo "ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA== user@tmp" >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys

The user should be able to connect to the Jumphost using (replace YOUR_DOMAIN_NAME with the domain name you are using in the DevOpsBox installation):

ssh -i ~/.ssh/id_rsa-devopsbox-jumphost new_user@jumphost.YOUR_DOMAIN_NAME