Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Go x/crypto/ssh -- How to establish ssh connection to private instance over a bastion node

Tags:

ssh

go

I want to implement this scenario: On AWS, I have a VPC, in which it is deployed a public and private subnet. In the public subnet, I have a "bastion" instance, while in private subnet, there is one node running some services(AKA "service instance"). By using *nux ssh command, I can do things like this to connect to the "service instance" from my local laptop:

ssh -t -o ProxyCommand="ssh -i <key> ubuntu@<bastion-ip> nc %h %p" -i <key> ubuntu@<service-instance-ip>

I have a Go program, and want to do the following things:

  1. ssh connect to the "service instance" from "local laptop" over the "bastion"
  2. use the connection session to run some commands (e.g. "ls -l")
  3. upload files from "local laptop" to "service instance"

I've tried but not able to implement the same process as doing

ssh -t -o ProxyCommand="ssh -i <key> ubuntu@<bastion-ip> nc %h %p" -i <key> ubuntu@<service-instance-ip>

Could anyone help to show me an example? Thanks!

BTW, I found this: https://github.com/golang/go/issues/6223, which means it is definately able to do that, right?

like image 348
Edward Avatar asked Dec 05 '22 01:12

Edward

1 Answers

You can do this even more directly with the "x/crypto/ssh" without the nc command, since there is a method to dial a connection from the remote host and presents it as a net.Conn.

Once you have an ssh.Client, you can use the Dial method to get a virtual net.Conn between you and the final host. You can then turn that into a new ssh.Conn with ssh.NewClientConn, and create a new ssh.Client with ssh.NewClient

// connect to the bastion host
bClient, err := ssh.Dial("tcp", bastionAddr, config)
if err != nil {
    log.Fatal(err)
}

// Dial a connection to the service host, from the bastion
conn, err := bClient.Dial("tcp", serviceAddr)
if err != nil {
    log.Fatal(err)
}

ncc, chans, reqs, err := ssh.NewClientConn(conn, serviceAddr, config)
if err != nil {
    log.Fatal(err)
}

sClient := ssh.NewClient(ncc, chans, reqs)
// sClient is an ssh client connected to the service host, through the bastion host.
like image 60
JimB Avatar answered Dec 11 '22 12:12

JimB
Sign in to Comment

Related questions

How to scan keys from redis using golang using "SCAN" not "KEYS"
Struct doesn't implement interface even if it has the same functions
How to send emails in golang without any smtp server [closed]
using map[string]interface{} :
What is Go's equivalent to 'throws' clause?
How to run a Go http server with nginx
Understanding Scanf in Go
why goroutine block main func in this http server?
How to stop html template from escaping
Get postgresql array into struct with StructScan
Golang - float to int conversion
Appending integer to a string by casting and using the concatenation operator
How to write a struct as binary data to a file in golang?
AWS S3 uploaded files not showing
Golang SQL query variable substituion
Why does Rust require a C++ toolchain to produce a Rust binary, while languages like Go do not have this requirement?
Imported struct method not working
Network programming in Go
Golang Map struct in another one
Reading from a tcp connection in golang

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!