Currently I have a postgres/timescaledb running on EC2 in VPC which has no inter... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		120bits on April 2, 2021 \| parent \| context \| favorite \| on: Securing a Postgres Database Currently I have a postgres/timescaledb running on EC2 in VPC which has no internet access. I do VPN tunnel to access private local subnet and have security group settings that allows my and 1 more machine access only. I usually have a jump server that I use, but I don't want to keep my ssh keys on the server or leave it behind.

clan on April 2, 2021 [–]

If the jumpserver is trusted and controlled by you then you should have a look at ssh agent forwarding. Then you avoid leaving keys on the jumphost.

ylk on April 2, 2021 | [–]

A better alternative would be ProxyJump. See e.g. https://serverfault.com/questions/958222/bastion-server-use-...

Edit: To add some details - using ProxyJump you don’t have to expose anything to the jump host and instead just proxy through it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact