[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[Illustrated] Explaining how to connect to SCP using WinSCP via a stepping stone server

2016.01.23

Server construction/operation

table of contents

1 session part
2 tunnel
3 certification
4 connect

I'm Ito, an infrastructure engineer.
By connecting to the server via a stepping stone server, it is possible to block direct access to the server from outside, reducing the risk of unauthorized access.

It has a configuration like this.
SnapCrab_NoName_2016-1-19_11-0-39_No-00-min
The configuration is such that end users can only access the web server via http, and developers who set up the servers can connect to each server via SSH via a springboard server.

I think SCP is often used when uploading content, but
in a configuration where a stepping stone server exists, it is not possible to connect to the target server using SSH or FTP.

So, below we explain how to connect via a springboard server using WinSCP

session part

First, enter the following into the screen that was launched with WinSCP.

winscp1

Transfer protocol	SCP
host name	local IP address
port number	22
username	Username of the server to connect to via bastion
password	Password for the server you connect to via the springboard

tunnel

Next, set up the connection to the stepping stone server under Settings - Connections - Tunnels.

winscp2

Connect via SSH tunnel	check
host name	Host name or IP address of the stepping stone server
port number	22
username	Username to connect to the bastion server
password	Password to connect to the springboard server
local tunnel port	automatic selection
private key	Private key (.ppk) required to connect to the springboard server

(The private key is required if the end server is a key connection)

certification

Set the authentication conditions in [Settings] – [SSH] – [Authentication].

It is OK if you make the following settings in "Authentication conditions" in the middle.

Check "Allow agent transfer"
Select the private key from earlier

connect

When you connect with the above settings, you will be asked to enter the passphrase for your private key.
You will be asked twice to log in to the base server and from there to the end server.

winscp3