Set up SSH proxy config file.
I always like to keep a bastion host or jumpbox in a dmz so I can tunnel through it to a private network. In AWS this can be a t2.nano instance and can be shared with other admins (each having their own user account).
Setting up the config
The file we are looking to create/modify here is ~/.ssh/config
Host jump HostName jumpbox.domain.com Port 22 User your-username-on-jumpbox IdentityFile ~/.ssh/path/to/your/key/to/access/jumpbox.pem ForwardAgent yes Host 10.* ProxyCommand ssh -q jump nc %h 22 User your-username-on-remote-host StrictHostKeyChecking no UserKnownHostsFile=/dev/null
Using the tunnel
Now you can just ssh to a 10.* address and it will first connect to the jumpbox, passing along your ssh-agent so you can continue to the next hop of 10.* without any other hoops. You can of course expand on this or modify this depending on the hostnames of your private instances.