Friday, February 10, 2017

SSH Tunneling on AWS that really works

I needed to tunnel MySQL traffic through an EC2 instance. Pretty straightforward right? No. Page after page on google and stackoverflow will show you something like this:

ssh -N -L 3306:<Target Host>:3306 user@example.com

One key point it that user@example.com is the login for the tunnel, not the target host. And even with the right login, it will not work on EC2. Here's what you need:

ssh -N -i .ssh/dev.pem -L 0.0.0.0:3306:<My SQL Host>:3306 ubuntu@127.0.0.1

The magic sauce is the 0.0.0.0 at the beginning which allows listening on ALL interfaces. The "-i .ssh/dev.pem" part is to use an ssh key for the login, which is required on AWS EC2 instances. You can add a -f flag to have this run in the background.

Use this to check if the tunnel is running:

lsof -i -n | egrep '\<ssh\>'