I needed to dump a MySQL database on a private Amazon VPC node which was only accessible through an SSH bastion host:
Client < - - - > Bastion < - - - > VPC node
(Public) (Private)Additionally, I only had read access on the private VPC node, so I wanted to run scripts and store data exclusively on the client.
First, I created an alias in ~/.ssh/config on the client to route requests through to the VPC node via the bastion, using ProxyCommand:
Host remote
Hostname $remote.host
Port $remote.port
IdentityFile /home/$bastion.user/.ssh/id_rsa
ForwardAgent yes
User $remote.user
ProxyCommand ssh -W %h:%p -i /home/$client.user/.ssh/id_rsa $bastion.user@$bastion.host -p $bastion.port(Substituting values such as $remote.host to suit)
Then I created my database dump script on my client, dump.sh:
#!/bin/bash
DBHOST="$host"
DBUSER="$user"
DBPASS="$password"
DBNAME="$database"
MYSQL_ARGS="-f -h $DBHOST -u $DBUSER $DBNAME"
mysqldump -p"$DBPASS" $MYSQL_ARGS --no-data --routines --single-transaction
mysqldump -p"$DBPASS" $MYSQL_ARGS --no-create-db --single-transactionThen I called the script on my client, with:
ssh remote 'bash -s' < dump.sh > db.sqldb.sql is stored on the client, containing a dump of the configured database from remote.
bash -s stops the terminal stdout on remote (such as /etc/motd output) from being stored in the db.sql dump file.