Using Jumpbox (https://wiki.gentoo.org/wiki/SSH_jump_host)

SSH jump host

An alternative to SSH tunneling (/wiki/SSH_tunneling) to access internal machines through gateway is using jump hosts. The idea is to use ProxyCommand to automatically execute ssh command on remote host to jump to the next host and forward all traffic through.

Contents

  1. Prerequisites
  2. Dynamic jumphost list
    1. Multiple jumps
  3. Static jumphost list
    1. Setup
    2. Usage
      1. Multiple jumps

Prerequisites

  • SSH access to the gateway machine and the internal one.
  • Gateway machine has Netcat installed.

Dynamic jumphost list

You can use the -J option to jump through a host:
user $ ssh -J username@host1 username@host2

If usernames or ports on machines differ, specify them:
user $ ssh -J user1@host1:port1 user2@host2:port2

Multiple jumps
The same syntax can be used to make jumps over multiple machines:
user $ ssh -J user1@host1:port1,user2@host2:port2 user3@host3

Static jumphost list

Static jumphost list means, that you know the jumphost or jumphosts you need, to reach a host. Therefore you can create a static jumphost 'routing' in ~/.ssh/config file. The advantage in comparison to the dynamic jumphost option is, that you don't have to provide the .ssh config on jumphosts between your machine and all the other jumphosts between you and the final host you want to jump to.

Setup
Contents of ~/.ssh/config 

### First jumphost. Directly reachable
Host betajump
HostName jumphost1.example.org
### Host to jump to via jumphost1.example.org
Host behindbeta
HostName behindbeta.example.org
ProxyJump betajump

Usage
user $ ssh behindalpha

If usernames on machines differ, specify them by modifing the correspondent ProxyJump line:
Contents of  ~/.ssh/config [ Modify correspondent ProxyCommand ]

ProxyJump otheruser@behindalpha

It works with scp command, too:
user $ scp filename behindalphabeta:~/

Note: 
The colon and path at the end is needed so that scp recognizes it as remote.

Multiple jumps
The same syntax can be used to make jumps over multiple machines:

Contents of  ~/.ssh/config ( Add this text )

### First jumphost. Directly reachable
Host alphajump
HostName jumphost1.example.org
### Second jumphost. Only reachable via jumphost1.example.org
Host betajump
HostName jumphost2.example.org
ProxyJump alphajump
### Host only reachable via alphajump and betajump
Host behindalphabeta
HostName behindalphabeta.example.org
ProxyJump betajump

user $ ssh behindalphabeta

DISCLAIMER : CONTENTS OF THIS ARTICLE HAS BEEN SOURCED FROM https://wiki.gentoo.org/wiki/SSH_jump_host

  • Department of Computer Science
  • University of Kentucky
  • Lexington, Kentucky 40506
  • Phone: (859) 257-3961
  • © University of Kentucky
  • An Equal Opportunity University