Friday, February 10, 2017

SSH Tunneling on AWS that really works

I needed to tunnel MySQL traffic through an EC2 instance. Pretty straightforward right? No. Page after page on google and stackoverflow will show you something like this:

ssh -N -L 3306:<Target Host>:3306

One key point it that is the login for the tunnel, not the target host. And even with the right login, it will not work on EC2. Here's what you need:

ssh -N -i .ssh/dev.pem -L<My SQL Host>:3306 ubuntu@

The magic sauce is the at the beginning which allows listening on ALL interfaces. The "-i .ssh/dev.pem" part is to use an ssh key for the login, which is required on AWS EC2 instances. You can add a -f flag to have this run in the background.

Use this to check if the tunnel is running:

lsof -i -n | egrep '\<ssh\>'