so here’s the deal
1. you already setup a server act as bastion host
2. you want to connect to all you server (which only have private ip) from bastion host
normally people will use ssh-key, and registered the public key to server using chef… but wait which key ? your bastion host server key or your laptop key ?
oh no it’s my bastion host key. what happen if my bastion host got hack ?
1. put a vpn server which is need an extra knowledge route the vpn traffic accross all you local ip server farm
2. or using ssh-key agent to register your laptop ssh key to all server but you ssh in to it via bastion host here’s you can implement this
execute this command
edit that file find “ForwardAgent” make sure the value is “yes”
#sudo service ssh restart
there you go what you need to do next is make sure you bastion host server also have ForwardAgent value ‘yes’ and you can enter all you server via ssh without have to register you bastion ssh key in each machine, because that command will forward your laptop ssh key.