I recently came across this ssh config file in one of my projects:
~/.ssh/config
Host git-codecommit.*.amazonaws.com User my-aws-user IdentityFile ~/.ssh/id_rsa
Include config.d/*~/.ssh/config.d/work-ssh.config:
Host gateway HostName server1.amazonaws.com User ec2-user IdentityFile ~/.ssh/my-public-key.pem
Host my-db User ec2-user HostName server2.amazonaws.com IdentityFile ~/.ssh/my-public-key.pem ProxyCommand ssh gateway nc %h %p LocalForward 25432 another-server.amazonaws.com:5432What exactly is the LocalForward doing in this configuration? My understanding was the above will use gateway (server1.amazonaws.com) as a bastion and allow me to connect to server2.amazonaws.com. Or does it first opens a ssh connection to gateway, then forward port 25432 on the gateway to port 5432 on another-server.amazonaws.com? Then where does server2.amazonaws.com fit in?
Also, when I run the above:
ssh -vvv my-dbI get the following error:
ssh: Could not resolve hostname my-db: nodename nor servname provided, or not knownI guess it probably means the config file is being skipped, but not sure why?
Thanks in advance!
1 Answer
What exactly is the LocalForward doing in this configuration?
It does exactly the same thing as if you were connecting to "server2" directly – that is, it establishes a tunnel through server2 towards another-server.
It is completely unrelated to gateways or bastion hosts.
I get the following error [...] I guess it probably means the config file is being skipped, but not sure why?
The Include directive was only introduced in OpenSSH 8.2 – macOS bundles a much older version.
