Summary
When setting up an SSH tunnel for Postgres in EC2, the public key should be saved in the authorized_keys file in the .ssh directory of the user’s home folder.
Question
When generating keys for an SSH tunnel for Postgres where do you save the public key in in EC2?
This topic has been created from a Slack thread to give it more visibility.
It will be on Read-Only mode here. Click here if you want
to access the original thread.
Join the conversation on Slack
["ssh-tunnel", "postgres", "ec2", "public-key", "authorized-keys"]
This would generally be in ~/.ssh/authorized_keys
on your bastion/jump server (under the user you’re connecting as). Most OpenSSH configs also read from /etc/ssh/authorized_keys
—but practice is generally within the user folder to avoid a bunch of noise in the shared file, which I tend to see reserved for logins as root (which are generally a bad idea anyway).
If you don’t already have a way to auth (e.g. password) from the machine generating the key (meaning you can’t use ssh-copy-id
), you can just cat ~/.ssh/[your-key-name].pub
and copy/paste that line to the end of ~/.ssh/authorized_keys
on your bastion host.