3 Step 5: SSH tunnels
Vladimir Smagin edited this page 9 months ago

How to create ssh tunnels

This role can create ssh tunnel to you.

Create host_vars files for source and destination hosts. If username tunneluser not exists in OS role ssh_access will create it.

Destination host requires public key, set it in access_list.

access_list:
  tunnel: { keypath: "../keys/interserver.pub", username: "tunneluser" }

Source host requires secret key, upload it in secret_list.

secret_list:
  interserver: { keypath: "../keys/interserver.pem", username: "tunneluser" }

Use command ssh-keyscan blindage.org to get destination host fingerprint.

Now you can configure tunnel on source host to destination host

ssh_tunnels:
  CLICKHOUSE8123:
    SSH_TUNNEL_LOCAL_HOST: "127.0.0.1"
    SSH_TUNNEL_LOCAL_PORT: 8123
    SSH_TUNNEL_REMOTE_USER: "tunneluser"
    SSH_TUNNEL_REMOTE_HOST: "database.myserver.ru"
    SSH_TUNNEL_REMOTE_HOST_FINGERPRINT: "|1|yt/vdfskjgklfjlLKJLKJKJLlkjldksjfjuxzngXn5B3cxKltgMGrN2U= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyfgdfkjlkjLKJLKJLKJLKJLKJJKTUOIWPEORIOPopopiuopiuxdfyG/h9FpdfLZudbGkPdhDdXRZGKKuGl4koqki/XdT1LbQ="
    SSH_TUNNEL_REMOTE_PORT: 8123
    SSH_TUNNEL_KEY: "/home/tunneluser/.ssh/interserver.pem"