Skip to content

Instantly share code, notes, and snippets.

@nbigot

nbigot/readme_ssh_tunnel_port_forward_ec2.md

Last active May 14, 2021 10:27
Show Gist options
  • Save nbigot/442250882fea92fe2f2583a056958896 to your computer and use it in GitHub Desktop.
Save nbigot/442250882fea92fe2f2583a056958896 to your computer and use it in GitHub Desktop.
Download ZIP
ssh tunnel port forward ec2
Raw
readme_ssh_tunnel_port_forward_ec2.md

How to - ssh tunnel port forward ec2

This is a reminder for howto setup a ssh tunnel, and connect to a redis server when the tcp port of redis (6379) is not publicly open/accessible.

Let's assume: Host is public ec2 (or bastion) private ip = 10.0.0.236 public ip = 15.236.222.111 (random public ip address, choosen by aws and assigned the the ec2 instance)

C:> ssh [email protected] -i C:\xxxx\aws-ec2-demo.pem

ignore this part

/!\ don't do this: it's very bad for security it's just a reminder for me about how to copy file with scp command

scp -i C:\xxxx\aws-ec2-demo.pem C:\xxxx\aws-ec2-demo.pem [email protected]:aws-ec2-demo.pem

depuis le bastion (je suis connecté en ssh) (attention y a un 1 de différent dans les 2 ip)

[ec2-user@ip-10-0-0-236 ~]$ chmod 400 aws-ec2-demo.pem
[ec2-user@ip-10-0-0-236 ~]$ ssh [email protected] -i aws-ec2-demo.pem

troubleshooting

  • verify security group
  • verify nacl (check for deny rules for subnet)

example: add inboud nacl rule to allow public & private subnets to communicate with each others 104 Tout le trafic Tous Tous 10.0.0.0/8 Allow

redis

install redis

on the ec2 host:

[ec2-user@ip-10-0-0-236 ~]$ sudo amazon-linux-extras install redis4.0

configure redis

listen on all interfaces (0.0.0.0)

[ec2-user@ip-10-0-0-236 ~]$ sudo vi /etc/redis.conf

#bind 127.0.0.1
bind 0.0.0.0

start redis service

$ sudo systemctl start redis.service
[ec2-user@ip-10-0-0-236 ~]$ sudo systemctl status redis.service
● redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled)
  Drop-In: /etc/systemd/system/redis.service.d
           └─limit.conf
   Active: active (running) since Fri 2021-05-14 09:28:31 UTC; 11s ago
 Main PID: 3693 (redis-server)
   CGroup: /system.slice/redis.service
           └─3693 /usr/bin/redis-server 0.0.0.0:6379

May 14 09:28:31 ip-10-0-0-236.eu-west-3.compute.internal systemd[1]: Starting Redis persistent key-value database...
May 14 09:28:31 ip-10-0-0-236.eu-west-3.compute.internal systemd[1]: Started Redis persistent key-value database.

add a key into redis

[ec2-user@ip-10-0-0-236 ~]$ redis-cli
127.0.0.1:6379> set mykey 123
OK
127.0.0.1:6379> get mykey
"123"
127.0.0.1:6379> exit
[ec2-user@ip-10-0-0-236 ~]$ redis-cli get mykey
"123"

create an ssh tunnel port forwarding

the most important part:

redis port forwarding

C:> ssh -i C:\xxxx\aws-ec2-demo.pem -N -L 6379:127.0.0.1:6379 [email protected]

(press ctrl+c when you have finish to use it in order to close the tunnel)

display connections

[ec2-user@ip-10-0-0-236 ~]$ ss

[ec2-user@ip-10-0-0-236 ~]$ netstat -ntlp
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      -
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      -
tcp6       0      0 :::111                  :::*                    LISTEN      -
tcp6       0      0 :::22                   :::*                    LISTEN      -
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment