{"id":13547,"date":"2019-04-03T10:23:54","date_gmt":"2019-04-03T10:23:54","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=13547"},"modified":"2019-04-03T10:23:54","modified_gmt":"2019-04-03T10:23:54","slug":"how-to-access-a-remote-server-using-a-jump-host","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/04\/03\/how-to-access-a-remote-server-using-a-jump-host\/","title":{"rendered":"How to Access a Remote Server Using a Jump Host"},"content":{"rendered":"

A\u00a0jump host<\/strong>\u00a0(also known as a\u00a0jump server<\/strong>) is an intermediary host or an SSH gateway to a remote network, through which a connection can be made to another host in a dissimilar security zone, for example a demilitarized zone (DMZ<\/strong>). It bridges two dissimilar security zones and offers controlled access between them.<\/p>\n

A\u00a0jump host<\/strong>\u00a0should be highly secured and monitored especially when it spans a private network and a\u00a0DMZ<\/strong>\u00a0with servers providing services to users on the internet.<\/p>\n

A classic scenario is connecting from your desktop or laptop from inside your company\u2019s internal network, which is highly secured with firewalls to a DMZ. In order to easily manage a server in a DMZ, you may access it via a\u00a0jump host<\/strong>.<\/p>\n

In this article, we will demonstrate how to access a remote Linux server via a\u00a0jump host<\/strong>\u00a0and also we will configure necessary settings in your per-user SSH client configurations.<\/p>\n

Consider the following scenario.<\/p>\n

\n

\"SSH<\/a><\/p>\n

SSH Jump Host<\/p>\n<\/div>\n

In above scenario, you want to connect to\u00a0HOST 2<\/strong>, but you have to go through\u00a0HOST 1<\/strong>, because of firewalling, routing and access privileges. There is a number of valid reasons why jumphosts are needed..<\/p>\n

Dynamic Jumphost List<\/h3>\n

The simplest way to connect to a target server via a\u00a0jump host<\/strong>\u00a0is using the\u00a0-J<\/code>\u00a0flag from the command line. This tells ssh to make a connection to the jump host and then establish a TCP forwarding to the target server, from there (make sure you\u2019ve\u00a0Passwordless SSH Login<\/a>\u00a0between machines).<\/p>\n

$ ssh -J host1 host2\r\n<\/pre>\n
If\u00a0usernames<\/strong>\u00a0or\u00a0ports<\/strong>\u00a0on machines differ, specify them on the terminal as shown.<\/p>\n
$ ssh -J username@host1:port username@host2:port\t  \r\n<\/pre>\n
Multiple Jumphosts List<\/h3>\n
The same syntax can be used to make jumps over multiple servers.<\/p>\n
$ ssh -J username@host1:port,username@host2:port username@host3:port\r\n<\/pre>\n
Static Jumphost List<\/h3>\n
Static jumphost list means, that you know the\u00a0jumphost<\/strong>\u00a0or\u00a0jumphosts<\/strong>\u00a0that you need to connect a machine. Therefore you need to add the following static jumphost \u2018routing\u2019 in\u00a0~\/.ssh\/config<\/code>\u00a0file and specify the host aliases as shown.<\/p>\n
### First jumphost. Directly reachable\r\nHost vps1<\/strong>\r\n  HostName vps1.example.org\r\n\r\n### Host to jump to via jumphost1.example.org\r\nHost contabo<\/strong>\r\n  HostName contabo.example.org\r\n  ProxyJump contabo\r\n<\/pre>\n
Now try to connect to a target server via a\u00a0jump host<\/strong>\u00a0as shown.<\/p>\n
$ ssh -J vps1 contabo\r\n<\/pre>\n
\n
\"Login<\/a><\/p>\n
Login to Target Host via Jumphost<\/p>\n<\/div>\n
The second method is to use the\u00a0ProxyCommand<\/strong>\u00a0option to add the\u00a0jumphost<\/strong>\u00a0configuration in your\u00a0~.ssh\/config<\/code>\u00a0or\u00a0$HOME\/.ssh\/config<\/code>\u00a0file as shown.<\/p>\n
In this example, the target host is\u00a0contabo<\/strong>\u00a0and the\u00a0jumphost<\/strong>\u00a0is\u00a0vps1<\/strong>.<\/p>\n
Host vps1\r\n\tHostName vps1.example.org\r\n\tIdentityFile ~\/.ssh\/vps1.pem\r\n\tUser ec2-user\r\n\r\nHost contabo\r\n\tHostName contabo.example.org\t\r\n\tIdentityFile ~\/.ssh\/contabovps\r\n\tPort 22\r\n\tUser admin\t\r\n\tProxy Command ssh -q -W %h:%p vps1<\/strong>\r\n<\/pre>\n
Where the command\u00a0Proxy Command ssh -q -W %h:%p vps1<\/code>, means run ssh in quiet mode (using\u00a0-q<\/code>) and in stdio forwarding (using\u00a0-W<\/code>) mode, redirect the connection through an intermediate host (vps1<\/strong>).<\/p>\n
Then try to access your target host as shown.<\/p>\n
$ ssh contabo\r\n<\/pre>\n
The above command will first open an ssh connection to\u00a0vps1<\/strong>\u00a0in the background effected by the\u00a0ProxyCommand<\/strong>, and there after, start the ssh session to the target server\u00a0contabo<\/strong>.<\/p>\n
For more information, see the ssh man page or refer to:\u00a0OpenSSH\/Cookbxook\/Proxies and Jump Hosts<\/a>.<\/p>\n
That\u2019s all for now! In this article, we have demonstrated how to access a remote server via a jump host. Use the feedback form below to ask any questions or share your thoughts with us.<\/p>\n
Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
A\u00a0jump host\u00a0(also known as a\u00a0jump server) is an intermediary host or an SSH gateway to a remote network, through which a connection can be made to another host in a dissimilar security zone, for example a demilitarized zone (DMZ). It bridges two dissimilar security zones and offers controlled access between them. A\u00a0jump host\u00a0should be highly … <\/p>\n
Continue reading “How to Access a Remote Server Using a Jump Host”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13547","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13547","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=13547"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13547\/revisions"}],"predecessor-version":[{"id":13551,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13547\/revisions\/13551"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=13547"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=13547"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=13547"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}