avesome-tricks/ssh-jump-host.md

SSH jump host

Sometimes we can not connect directly to hosts from OpenSSH client. In this situation we can connect over one or more jump hosts to establish the connection.

First of all try to establish the connection via the OpenSSH client to the specific server ssh -J host1,[host2[,host3]] target

For jump, specify SSH URI in format [<user>@]host[:port][,<user>@]host[:port]] [<user>]@<host>] Only for jump, for the target use the regular ways (e.g. -p for port).

If it works from the command-line, set it up in the SSH config. It is a good idea to do the individual configurations for the first step for the hosts and after that specify the target.

Place a config file for SSH. By default it is in the ~/.ssh/config, on windows %userprofile%\.ssh\config.

In this example we go to a central host over two jumps. To do this, configure the individual hosts up. Place these lines in the config file.

Host *
	ServerAliveInterval 15
	ForwardAgent yes

Host destination
	HostName destination.fqdn
	ProxyJump j1,j2
	Port 22

Host j1
	HostName j1.fqdn
	Port 22

Host j2
	HostName j2.fqdn
	Port 22

Next go over the jumps to the destination with the command ssh destination. It connects to j1, goes trough this to j2 and jump to destination.

Sources: ssh(1), ssh_config(5)