Posted On: Jul 9, 2019

You can now use AWS Systems Manager Session Manager to tunnel SSH (Secure Shell) and SCP (Secure Copy) traffic between a client and a server. 

You often need to allow SSH and SCP protocol access to cloud and on-premises servers when performing maintenance tasks or troubleshooting problems. These protocols commonly require using an access server (for example, a Bastion host) and maintaining an open inbound port between a client and server, increasing your cost and security risk. With SSH protocol tunneling using Session Manager, you do not need an access server or an open inbound port for SSH-based access and SCP-based file copy. This reduces cost and improves your security posture when using SSH and SCP. 

To get started, configure an SSH client that supports ProxyCommand. This will start a Session Manager session to your target instance when the SSH client is used. Subsequent SSH and SCP traffic between your client and the target instance tunnels through a Systems Manager Session Manager connection. 

Session Manager is a feature in Systems Manager. Systems Manager enables visibility and control of your cloud and on-premises infrastructure. It provides an integrated experience that combines native features and other AWS services for viewing data and securely automating operational tasks across your infrastructure. This simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easier to operate and manage your infrastructure securely at scale.

This enhancement, and the latest AWS Systems Manager Agent, is available in all AWS Regions where Systems Manager is available. For more information, see our Documentation. To learn more about Session Manager, visit our Product Page.