Connecting to the DC/OS Cluster NAT Instance using SSH with Agent Forwarding

Lab Steps

lock
Logging in to the Amazon Web Services Console
lock
Understanding the DC/OS Cluster Architecture
lock
Connecting to the DC/OS Cluster NAT Instance using SSH with Agent Forwarding
lock
Adding Agent Attributes to DC/OS Nodes
lock
Using Attributes to Constrain Marathon Applications
lock
Validate AWS Lab
Need help? Contact our support team

Here you can find the instructions for this specific Lab Step.

If you are ready for a real environment experience please start the Lab. Keep in mind that you'll need to start from the first step.

Introduction

In this Lab Step, you will employ a Secure Shell (SSH) client to connect to a remote Linux server with SSH agent forwarding enabled. SSH agent forwarding allows your local SSH keys to be used to make connections from remote servers. This avoids the security risk of having your keys stored on a remote server. SSH agent forwarding is commonly used to connect to instances in a private subnet through a bastion host. 

altWarningThe instructions for connecting using SSH agent forwarding must be followed carefully. If not properly configured you will experience issues later on in the lab. For example, in Windows the key must be added to Pageant.

 

Instructions

1. In the AWS Management Console search bar, enter EC2, and click the EC2 result under Services:

alt

 

2. In the left-hand menu, click Instances:

alt

The Instances list page will load.

 

3. Select the target virtual machine and look for the Public IPv4 address field:

alt

The IP address is displayed in the Details tab and as a column in the Instances list.

 

4. To copy the Public IPv4 address, next to the IP address, click the copy icon:

alt

The public IP address of the instance has been copied to your clipboard.

 

5. Paste the IP address somewhere you can easily retrieve it, you will use it in a moment.

CloudAcademy recommends using a draft email to temporarily make notes during a lab.

 

6. Proceed to the Connecting using Linux/macOS or Connecting using Windows instructions depending on your local operating system.

 

Connecting using Linux/macOS

Linux distributions and macOS include an SSH client that accepts standard PEM keys. Complete the following steps to connect using the included terminal applications:

 

a. Download the cluster PEM key.

 

b. Open your terminal application.

If you need assistance finding the terminal application, search for "terminal" using your operating system's application finder or search commands.

 

c. Enter the following to make sure the read-only permissions are correct on the PEM key file:

Copy code
chmod 400 /Path/To/Your/key.pem

 

d. Enter the following command to add private keys to the authentication agent:

Copy code
ssh-add -k /Path/To/Your/key.pem

 

e. Issue the following command to connect to the remote host using SSH:

Copy code
ssh -A centos@YourIPv4Address

where the command details are:

  • ssh initiates the SSH connection.
  • -A specifies to use agent forwarding.
  • YourIPv4Address is the IPv4 address noted earlier in the instructions.

 

f.  After successfully connecting to the virtual machine, you should reach a terminal prompt similar to the one shown in the following image:

Note: If you receive a warning that the host is unknown, enter y or yes to add the host and complete the connection.

alt

 

Connecting using Windows

a. If you do not have PuTTY and Pageant installed on your system, download and install the latest PuTTY MSI (Windows Installer) at https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html:

alt

Windows does not include an SSH client. You must download an application that includes one. A free and useful utility is called PuTTY. PuTTY supports SSH connections as well as key generation and conversion. The PuTTY package also includes Pageant. Pageant is an SSH authentication agent that enables agent forwarding on Windows. 

 

b. Download the cluster's PPK key.

 

c. In the Windows search box enter pageant and click the Pageant App result:

alt

Alternatively, you can enter pageant into a command prompt terminal to start Pageant. 

Note that Pageant runs as a Windows service. It should be displayed in your Windows task tray, but could be "hidden". Hence, you may need to "show hidden icons". Pageant is displayed as a terminal with a hat on it:

alt

 

d. Right-click the Pageant icon and select Add Key:

alt

 

e. Browse to the PPK key file you downloaded earlier and click Open:

alt

With the key added to Pageant, it is now available for use with agent forwarding. You can verify the key is added by right-clicking the Pageant icon and selecting View Keys:

alt

 

f. Open PuTTY and insert the IPv4 public IP address in the Host Name (or IP address) field:

alt

 

g. Navigate to the Connection > SSH > Auth section. Select the Allow agent forwarding and click Open:

alt

You do not need to browse to the key because the key is already available through Pageant which has the key added and available for forwarding.

 

h. Wait several seconds for the authentication prompt and click Yes in the PuTTY Security Alert to acknowledge you trust the host:

alt

 

i. Enter centos as the SSH user name for the virtual machine and press Enter.

 

j. To verify the SSH connection was made using agent forwarding, enter:

Copy code
env | grep SSH_AUTH_SOCK 

alt

If there is no output, the connection was made without using agent forwarding. If that is the case, perform the instructions again to ensure each one is performed correctly.

 

Summary

In this Lab Step, you connected to a virtual machine using an SSH client with SSH agent forwarding enabled.