36 lines
No EOL
1.3 KiB
Markdown
36 lines
No EOL
1.3 KiB
Markdown
# SSH jump host
|
|
|
|
Sometimes we can not connect directly to hosts from OpenSSH client. In this situation we can connect over one or more jump hosts to establish the connection.
|
|
|
|
First of all try to establish the connection via the OpenSSH client to the specific server
|
|
`ssh -J host1,[host2[,host3]] target`
|
|
> For jump, specify SSH URI in format `[<user>@]host[:port][,<user>@]host[:port]] [<user>]@<host>]`
|
|
> Only for jump, for the target use the regular ways (e.g. `-p` for port).
|
|
|
|
If it works from the command-line, set it up in the SSH config. It is a good idea to do the individual configurations for the first step for the hosts and after that specify the target.
|
|
|
|
Place a config file for SSH. By default it is in the `~/.ssh/config`, on windows `%userprofile%\.ssh\config`.
|
|
|
|
In this example we go to a central host over two jumps. To do this, configure the individual hosts up. Place these lines in the config file.
|
|
```
|
|
Host *
|
|
ServerAliveInterval 15
|
|
ForwardAgent yes
|
|
|
|
Host destination
|
|
HostName destination.fqdn
|
|
ProxyJump j1,j2
|
|
Port 22
|
|
|
|
Host j1
|
|
HostName j1.fqdn
|
|
Port 22
|
|
|
|
Host j2
|
|
HostName j2.fqdn
|
|
Port 22
|
|
```
|
|
|
|
Next go over the jumps to the destination with the command `ssh destination`. It connects to j1, goes trough this to j2 and jump to destination.
|
|
|
|
Sources: [ssh(1)](https://man.openbsd.org/ssh), [ssh_config(5)](https://man.openbsd.org/ssh_config#tun-connection) |