I needed to dump a MySQL database on a private Amazon VPC node which was only accessible through an SSH bastion host:
Client < - - - > Bastion < - - - > VPC node
(Public) (Private)
Additionally, I only had read access on the private VPC node, so I wanted to run scripts and store data exclusively on the client.
First, I created an alias in ~/.ssh/config
on the client to route requests through to the VPC node via the bastion, using ProxyCommand
:
Host remote
Hostname $remote.host
Port $remote.port
IdentityFile /home/$bastion.user/.ssh/id_rsa
ForwardAgent yes
User $remote.user
ProxyCommand ssh -W %h:%p -i /home/$client.user/.ssh/id_rsa $bastion.user@$bastion.host -p $bastion.port
(Substituting values such as $remote.host
to suit)
Then I created my database dump script on my client, dump.sh
:
#!/bin/bash
DBHOST="$host"
DBUSER="$user"
DBPASS="$password"
DBNAME="$database"
MYSQL_ARGS="-f -h $DBHOST -u $DBUSER $DBNAME"
mysqldump -p"$DBPASS" $MYSQL_ARGS --no-data --routines --single-transaction
mysqldump -p"$DBPASS" $MYSQL_ARGS --no-create-db --single-transaction
Then I called the script on my client, with:
ssh remote 'bash -s' < dump.sh > db.sql
db.sql
is stored on the client, containing a dump of the configured database from remote
.
bash -s
stops the terminal stdout on remote
(such as /etc/motd
output) from being stored in the db.sql
dump file.