If you're in AWS and using Amazon Linux you already have session manager installed! Set up IAM permissions and get rid of ssh

Check out ssm from Disney Streaming https://github.com/disneystreaming/ssm-helpers or cloudman https://github.com/dutchcoders/cloudman which both have great integration with session manager https://twitter.com/kelseyhightower/status/1326610296530563073

There's even a great Systems Manager quick setup I highly recommend https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-quick-setup.html

No more bastions, no more local users, no more ssh keys, no more open ports (via privatelink)

Full audit of commands run, supports port forward, run one off commands

I'm a big fan

I did a talk about the old version of ssm-helpers at rejekts earlier this year

Yes it does! I remember when I found this plugin I was amazed https://docs.ansible.com/ansible/latest/collections/community/aws/aws_ssm_connection.html https://twitter.com/davidkarban/status/1326650175717339137?s=19

And if you still want to use SSH, local users, SSH keys, etc you can get rid of your bastions with session manager SSH proxy
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html