Connect to a Private Node with OpenSSH

If a node in your Oracle Java Cloud Service instance does not have a public IP address, you can connect to it from a UNIX or UNIX-like platform by using another node as a proxy.

A node that's dedicated to providing administrative access to other private nodes is also referred to as a bastion.

Use the ProxyCommand option in OpenSSH to specify the node to use as a bastion when making the secure shell (SSH) connection. After you open an SSH connection to the private node, you can issue commands to the Linux OS.

The node that you intend to use as a bastion must be able to access the private node to which you’re connecting. If necessary, create an access rule or a security rule that enables communication between the two nodes prior to connecting to the node with SSH.

1. Identify the Public IP address of a node to use as a bastion (proxy).
2. Access your service console.
3. Click the name of the service instance that contains the private node that you want to access.
4. On the Overview page, identify the Host Name of the node.
5. From your computer, run the ssh command to connect to the private node as the opc user, and also specify the command to connect to the proxy node.
   Provide the following:

   • The path to the private key that corresponds to the public key that you specified when you created this service instance.

   • The proxy node’s public IP address.

   • The private node’s host name.

   The command format is: ssh -i path_to_private_key -o ProxyCommand="ssh -W %h:%p –i path_to_private_key opc@proxy_node_IP_address" opc@node_host_name

   For example: ssh -i /home/myuser/id_rsa -o ProxyCommand="ssh -W %h:%p -i /home/myuser/id_rsa opc@203.0.113.13" opc@myinstance-node2

6. If prompted, enter the passphrase for the private key.