While I think you're right in that VPN setups make a lot of things smoother,
SSH actually compares pretty well with the first two of your examples.
"Yeah, there is. First, doing it with SSH+keys requires either multi-step (which is annoying, esp. for copying files), or exposing each servers SSH to the net (which might be unfeasible if you don't have public IPs for everything)."
You can work around much of the annoying stuff in multi-step setups by using SSH's ProxyCommand configuration variable. For example, you could have something like this in your local .ssh/config:
"Yeah, there is. First, doing it with SSH+keys requires either multi-step (which is annoying, esp. for copying files), or exposing each servers SSH to the net (which might be unfeasible if you don't have public IPs for everything)."
You can work around much of the annoying stuff in multi-step setups by using SSH's ProxyCommand configuration variable. For example, you could have something like this in your local .ssh/config:
After which 'ssh prod-db' and 'scp prod-db:...' work as if the bastion host wasn't between you and prod-db."Second, getting a dump of a table from your MySQL DB with SSH+keys:"
If you can access prod-db with SSH, you can dump the database with a single command: