The SSH protocol has a very useful feature called a jump server, or bastion host, which allows an SSH client to connect to other hosts through an SSH server. For example, you might have a server that is accessible from the Internet and serves as a gateway between external hosts and internal private networks.
One of the best things about this feature is that you don’t have to make any changes to the jump server or target host. All you need is the ability to login to the jump server, and the configuration is done entirely on the client side.
SSH Client Configuration
On your ssh client machine, the
~.ssh/config file is convenient for setting up the clients, although it can be done at the command-line.This is an example of a
config file (you can have as many sections as you need):The name after Host (line 1) can be anything. This is what you use when running the ssh command. Line 3 is the IP of the machine in the private network that you want the connection forwarded to. The IP in line 7 is the external IP of the server you are using to connect.
With the example above, when you type
ssh sib05vm1, ssh will connect to 16.103.41.192 which forwards the connection to 10.0.98.1 automatically. You will jump through the jump server (16.103.41.192) and land on 10.0.98.1 host.Unless you set up ssh keys for password-less login, you will have to enter your password twice — once for the jump server and again for the internal server (10.0.98.1). It’s simpler and recommended to set up ssh keys.
Ad-Hoc ssh through a jump server without adding to config
If you prefer to not configure the
.ssh/config file, you can jump through a jump server with this ad-hoc command:user1 is the user on the jump server (this optional). user2 is the user on the internal host (this is also optional).Conclusion
I find the ssh feature very useful on a daily basis. It’s very convenient to be able to ssh to a host that is in a private, internal network.
ssh has many options to make life easier. I’ll compile this in another article.
