Merge branch 'docs-aws-add-ssh-agent-forwarding' into 'master'

Add SSH agent forwarding for bastion hosts See merge request gitlab-org/gitlab!27063

Merge branch 'docs-aws-add-ssh-agent-forwarding' into 'master'
Add SSH agent forwarding for bastion hosts See merge request gitlab-org/gitlab!27063
b4c91d85 · Achilleas Pipinellis · d1fc6a7a · 470d67f6 · b4c91d85
Commit b4c91d85 authored Mar 13, 2020 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

doc/install/aws/index.md doc/install/aws/index.md +6 -0

No files found.
--- a/doc/install/aws/index.md
+++ b/doc/install/aws/index.md
@@ -367,6 +367,12 @@ Confirm that you can SSH into the instance:
   1. Under the **Add Tags** section, we’ll set `Key: Name` and `Value: Bastion Host B` so that we can easily identify our two instances.
   1. For the security group, select the existing `bastion-sec-group` we created above.

+### Use SSH Agent Forwarding
+
+EC2 instances running Linux use private key files for SSH authentication. You'll connect to your bastion host using an SSH client and the private key file stored on your client. Since the private key file is not present on the bastion host, you will not be able to connect to your instances in private subnets.
+
+Storing private key files on your bastion host is a bad idea. To get around this, use SSH agent forwarding on your client. See [Securely Connect to Linux Instances Running in a Private Amazon VPC](https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/) for a step-by-step guide on how to use SSH agent forwarding.
+
 ## Deploying GitLab inside an auto scaling group

 We'll use AWS's wizard to deploy GitLab and then SSH into the instance to