Publish Over SSH - How to configure to Tunnel/Forward Via Bastion Host (Jump Host)?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Publish Over SSH - How to configure to Tunnel/Forward Via Bastion Host (Jump Host)?

robert.glenn
I’m attempting to use the Publish Over SSH plugin to tunnel from Jenkins, through a (publicly facing, in AWS) Bastion Host, into a (private, in AWS) application server. 

Some additional information:
  • I can tunnel to my private app server, locally, after using the  ssh-add -K mysecret.pem, and running ssh -A ec2-user@<my bastion  ip> and then ssh ubuntu@<my private server ip>
  • Currently, the ssh key is shared across Bastion Host and private app server, but likely wouldn’t be in the future
  •  I’m attempting to use the “Jump host” section to define the ip address of the Bastion Host, and filling out the required sections (Name, Hostname, Remote Directory) for the application server
Some potential sources of problem:
  • My Bastion Host has a default user of ‘ec2-user’, whereas my application server’s default user is ‘ubuntu’, but there doesn’t seem to be a way to configure a different user for a “jump host”
Any suggestions you can provide are greatly appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/56c62420-541e-4875-9fd2-3ffd06256115%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Publish Over SSH - How to configure to Tunnel/Forward Via Bastion Host (Jump Host)?

robert.glenn
[Additional Information] 
Reading this commit's message, and looking at the diff, it seems to suggest that one should configure these 'jump hosts' outside of the job configuration (e.g. under Manage Jenkins > Configure System), but the credentials entered there never seem to be available in the job (I always seem to need to configure them directly in the job configuration, in the 'Advanced' area of a Send files or execute commands over SSH build step).

--RG

On Wednesday, August 23, 2017 at 9:55:25 AM UTC-7, robert.glenn wrote:
I’m attempting to use the Publish Over SSH plugin to tunnel from Jenkins, through a (publicly facing, in AWS) Bastion Host, into a (private, in AWS) application server. 

Some additional information:
  • I can tunnel to my private app server, locally, after using the  ssh-add -K mysecret.pem, and running ssh -A ec2-user@<my bastion  ip> and then ssh ubuntu@<my private server ip>
  • Currently, the ssh key is shared across Bastion Host and private app server, but likely wouldn’t be in the future
  •  I’m attempting to use the “Jump host” section to define the ip address of the Bastion Host, and filling out the required sections (Name, Hostname, Remote Directory) for the application server
Some potential sources of problem:
  • My Bastion Host has a default user of ‘ec2-user’, whereas my application server’s default user is ‘ubuntu’, but there doesn’t seem to be a way to configure a different user for a “jump host”
Any suggestions you can provide are greatly appreciated.

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/48d9ec5b-7c70-4fbb-ab95-11e012cbef32%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Publish Over SSH - How to configure to Tunnel/Forward Via Bastion Host (Jump Host)?

Rachit Bansal
In reply to this post by robert.glenn
Hi, Have you get any solution for this problem? If yes then please let me know the solution. Thanks in advance

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/ba2931e4-7310-452d-b36d-cc6bd4268f0e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.