ssh proxy jump
Context
2 machines:
- one public, available on internet:
bastion-server
- one private, not available on internet:
private-server
The public machine is allow to connect the private with ssh protocol.
Setup ssh config
The trick is to make use ProxyJump
directive in .ssh/config
:
Host bastion-server
User pi
Hostname bastion-server.com
Port 22
Host private-server
User ben
Hostname private-server.com
ProxyJump bastion-server
NB: public ssh keys must be added to these 2 servers with ssh-copy-id
command for instance.
Usage
We can now execute remote commands on the private server jumping from the bastion server.
ssh private-server hostname
You can use that to add your computer @IP to the private server. This can be useful when working with a mobile phone as access point:
IP=$(curl -s ifconfig.me) && DATE=$(date +%Y-%m-%d_%T) && echo "adding $IP to ufw at $DATE" && ssh private-server sudo ufw allow from $IP comment ben-sosh-$DATE && ssh private-server sudo ufw status numbered
Source
https://www.syloe.com/rebonds-ssh/