Accessing Jupyter Server Running on EC2 Through Bastion with SSH Tunnel

1
votes

So I've got an ec2 instance that I can only access through a bastion.

The ec2 instance serves my jupyter server on 127.0.0.1:8888/?token=$token

The goal in mind that I have is to run an ssh tunnel command that will listen for connections on 127.0.0.1:8888, and forward them through the bastion to my ec2 instance to 127.0.0.1:8888

I've tried the following with no luck.

from local:

(I can ssh into both the bastion and the ec2 machine through the bastion without issue)

ssh -f -N -L 127.0.0.1:8888:127.0.0.1:8888 -i ~/.ssh/id_rsa $user@$bastion_dns

ssh -f -N -L 8888:127.0.0.1:8888 -i ~/.ssh/id_rsa $user@$bastion_dns

ssh -f -N -L 8888:$ec2_private_ip:8888 -i ~/.ssh/id_rsa $user@$bastion_dns

from bastion:

(I opened 8888 ingress on bastion security group and added bastion ssh key to ec2-machine so that I can ssh to ec2 regularly from the bastion)

ssh -f -N -L 8888:127.0.0.1:8888 $user@$ec2_private_ip

2
networkingamazon-ec2sshssh-tunnel

2 Answers

3
votes

Figured it out with the help of this SSH Tunnel through Ubuntu bastion to instance in private subnet

The command is:

ssh -v -N -A -J $user@$bastion_dns -L 8888:localhost:8888 $user@$ec2_private_ip

1
votes

When using -L, you can specify where the receiving machine should send the traffic.

Let's say you have:

  • Local computer
  • Bastion
  • Jupyter server

Therefore, you can run a command like this:

ssh -i key.pem -L 8888:jupyter-server:8888 ec2-user@bastion-IP

This will forward localhost:8888 on the local computer to the Bastion server.

The bastion server will then forward the request to jupyter-server:8888, within the VPC.