Permission denied from Bastion to Private ec2

Question

I have set up a bastion public ec2 host and also setup a private ec2 which security inbound rule is set to ssh from only bastion security group. But, there is two different scenario. I have added both private key to ssh-agent and i'm trying this from windows machine with cmd.exe

1. When I try to access with this command below it can access without any probem- ssh -J ubuntu@ip-public ubuntu@ip-private

2. When I access the bastion server first I can login successfully, but from bastion I try with this command but is failing- ssh ubuntu@ip-private

channel 1: chan_shutdown_read: shutdown() failed for fd 7 [i0 o0]: Not a socket ubuntu@privateip: Permission denied (publickey).

I have tried multiple times but returning same error. Don't know how professionaly this bastion should setup. Looking for help and suggestions on this. Never tried before.

Answer 1

Note. I got this exercise working from an Ubuntu WSL terminal window.

The upshot is that you need an SSH server in order to receive ssh requests from clients.

1. Make sure your Windows instance is running
2. RDP into the instance (one-time only)
3. Type powershell in command line to toggle out of cmd
4. Run the following command to determine if you have OpenSSH.Server installed

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

5. Install the service

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

6. After a minute or two it installs (be patient)
7. Set service to start service automatically in case you stop instance

Set-Service -Name sshd -StartupType 'Automatic'

8. Run the OpenSSH.Server service, called sshd

Start-Service sshd

9. Exit the instance shell and RDP session
10. Go back to your shell on your computer
11. Run your customary ssh command to get into the EC2 instance. You'll be prompted for a password. There are ways to get around that.