Timeline for Using SCP in a Bastion VM setup with an established SSH tunnel

Current License: CC BY-SA 4.0

8 events

when toggle format	what		by	license	comment
Aug 13, 2021 at 8:53	history	edited	Vojtech Trefny	CC BY-SA 4.0	deleted 1 character in body
Aug 12, 2021 at 22:34	answer	added	Bruce Malaudzi		timeline score: 0
Aug 12, 2021 at 22:15	history	edited	rk92	CC BY-SA 4.0	added 283 characters in body
Aug 12, 2021 at 19:33	comment	added	John Hanley		Please edit your question with those details. The user can log in to the Bastion host and create a reverse SSH tunnel. The user can log in to instance-1 and connect back to that tunnel without SSH keys which would allow Internet access.
Aug 12, 2021 at 19:29	comment	added	rk92		1) Instance-1 only has a private IP. Both VMs are in two separate GCP projects with a VPC peering between networks. 2) No NAT gateway or other proxies to allow instance-1 to have external internet access. 3) Bastion does not have a public key for a private key in instance-1. 4) So even with the bastion establishing an SSH tunnel to instance-1 is there anyway to be in instance-1 and somehow get a file out of instance-1 to the Bastion? 5). SCP does not work in this case due to the Bastion not having the public key from the private key that would be located in instance-1, if there was one?
Aug 12, 2021 at 18:51	comment	added	John Hanley		1) Does instance-1 have Internet access or does it only have a private IP address? Does your VPC have a NAT Gateway or other proxy? Those would allow instance-1 to access the Internet directly. 2) Unless the Bastion has the public key for the private key that instance-1 is using, you will not be able to connect to the bastion host. I am not sure what you mean by workaround - the systems are either secure or they are not.
Aug 12, 2021 at 17:35	review	First posts
Aug 13, 2021 at 8:53
Aug 12, 2021 at 17:31	history	asked	rk92	CC BY-SA 4.0