The SSH protocol, aka Secure Shell, is a method for secure remote login from one computer to another. It is a secure alternative to the non-protected login protocols such as telnet and insecure file transfer methods such as FTP

Generate public and private RSA key pair with ssh-keygen

ssh-keygen is a tool for creating a new authentication key pair (public and private keys) for SSH

Type the below command into your terminal

ssh-keygen -C your_email@example.com

ssh-keygen will prompt you the file to save the key pair

Generating public/private rsa key pair.  
Enter file in which to save the key (/Users/admin/.ssh/id_rsa):  
Enter passphrase (empty for no passphrase):  
Enter same passphrase again:

Local port forwarding

In practice, you may like to forward a local port to get accessing to a cloud database or server residing in a private network behind a bastion/jump server

Bastion host is a computer specifically designed and configured to withstand attacks, generally hosts a proxy server providing access to a private network from an external network, such as the internet

Type the following command on your terminal console

ssh -fNL LOCAL_PORT:REMOTE_HOST:REMOTE_PORT BASTION_USER@BASTION_HOST -i /path/to/private-key -o ServerAliveInterval=5

ServerAliveInterval is the number of seconds that the ssh client will wait before sending a message to request a response from server to keep the connection alive, value 0 means disabled (default)

-L LOCAL_PORT:REMOTE_HOST:REMOTE_PORT local port forwarding to remote host and port

-fN for running in the background

Troubleshooting

  • Your public key should have already installed on the bastion host

  • Your private key should have 400 permission. The chmod command should work

chmod 400 /path/to/private-key
  • You may get the Address already in use exception if your local forward port is being used by other processes, for example
bind [127.0.0.1]:3306: Address already in use  
channel_setup_fwd_listener_tcpip: cannot listen to port: 3306  
Could not request local forwarding.

Try the lsof command to check the opened processes, try with sudo if it doesn't work for you at the first time

lsof -i :LOCAL_PORT  

sudo lsof -i :LOCAL_PORT
DevOps