ssh -J jump target
or, if configured in the ssh_config file, we can set up so it works with this nice syntax:
ssh jump.target
SSH to a target host via a jump host
┌──────────────┐ ┌───────────────┐ ┌────────────┐
│ │ │ │ │ │
│ │ │ │ │ │
│ Source ├──────►│ Jump host ├─────►│ Target │
│ │ │ │ │ │
│ │ │ │ │ │
└──────────────┘ └───────────────┘ └────────────┘
localhost 10.0.0.50 90.0.0.10
This is useful if we want to reach a server target that is not reachable directly from WAN, while the jump is.
We just need to configure up the hosts as usual:
#
listing 1:
~/.ssh/config
(syntax=ssh)
Host jump
HostName 10.0.0.50
# Other settings needed to connect to the jump server (like specifying IdentityFile for an SSH key)
Host target
HostName 90.0.0.10
# Any other settings that you need to connect to the target (like specifying IdentityFile for an SSH key)
Then we can use the ssh -J jump target command to go to target via jump.
We can create a special Host so we don’t have to type the -J option:
ssh jump.target
all we need to do is to modify the SSH config in the following way:
#
listing 2:
~/.ssh/config
(syntax=ssh)
Host jump
HostName 10.0.0.50 # Same settings as before
# Add a jump configuration
Host jump.*
ProxyJump jump
Host target jump.target # Note the added Host (jump.target)
HostName 90.0.0.10 # Other settings are identical
An arbitrary number of additional jumps can be configured by chaining the jump host to go via another exactly like for target host.
From the man pages:
-J
-JdestinationConnect to the target host by first making a
sshconnection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. […] This is a shortcut to specify aProxyJumpconfiguration directive.
ProxyJump
ProxyJumpSpecifies one or more jump proxies as either
[user@]host[:port]or an ssh URI. Multiple proxies may be separated by comma characters and will be visited sequentially.
