From f31cf9fbc36aebcceae63cb9ee11026e416bdf47 Mon Sep 17 00:00:00 2001 From: theadam Date: Wed, 15 Jan 2025 10:08:20 +0100 Subject: [PATCH] OpenSSH client jump host --- ssh-jump-host.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 ssh-jump-host.md diff --git a/ssh-jump-host.md b/ssh-jump-host.md new file mode 100644 index 0000000..4b79fb8 --- /dev/null +++ b/ssh-jump-host.md @@ -0,0 +1,36 @@ +# SSH jump host + +Sometimes we can not connect directly to hosts from OpenSSH client. In this situation we can connect over one or more jump hosts to establish the connection. + +First of all try to establish the connection via the OpenSSH client to the specific server +`ssh -J host1,[host2[,host3]] target` +> For jump, specify SSH URI in format `[@]host[:port][,@]host[:port]] []@]` +> Only for jump, for the target use the regular ways (e.g. `-p` for port). + +If it works from the command-line, set it up in the SSH config. It is a good idea to do the individual configurations for the first step for the hosts and after that specify the target. + +Place a config file for SSH. By default it is in the `~/.ssh/config`, on windows `%userprofile%\.ssh\config`. + +In this example we go to a central host over two jumps. To do this, configure the individual hosts up. Place these lines in the config file. +``` +Host * + ServerAliveInterval 15 + ForwardAgent yes + +Host destination + HostName destination.fqdn + ProxyJump j1,j2 + Port 22 + +Host j1 + HostName j1.fqdn + Port 22 + +Host j2 + HostName j2.fqdn + Port 22 +``` + +Next go over the jumps to the destination with the command `ssh destination`. It connects to j1, goes trough this to j2 and jump to destination. + +Sources: [ssh(1)](https://man.openbsd.org/ssh), [ssh_config(5)](https://man.openbsd.org/ssh_config#tun-connection) \ No newline at end of file