It's been a while since there was a tech post, so let's do one now ...
Today let's go over how to setup an SSH Jump host.
Basically speaking, a jump is an intermediate host that used to allow your SSH client to connect to its destination.
Typically, it is needed when network access between your client and the destination is not allowed.
Let's suppose you are trying to get to host b.blah.net. But that host is on a secure network, which denies you direct access.
The only way to get to that host is through a bastion host a.blah.net.
Assuming you have an account on both servers, then the easiest way to get to the host on the secure network is the first SSH to server a, then ssh to server b:
Johns-MacBook-Pro:~ jchung$ ssh jchung@a.blah.net
jchung@a.blah.net's password:
Last login: Wed Oct 25 11:24:03 2023 from *.*.*.*
$ ssh jchung@b.blah.net
jchung@b.blah.net's password:
Last login: Wed Oct 25 11:17:21 2023 from *.*.*.*
However ssh has a built-in jump option which is -J.
The syntax is:
ssh -J [jump host(s) separated by commas] [destination host]
Thus you can specify the entire command with the following:
ssh -J jchung@a.blah.net jchung@b.blah.net
Once you type this you will then be prompted for passwords to both servers.
In the event you need to have multiple jump servers, put all jump servers in order separated by commas in the first parameter.
ssh -J server1.blah.net,server2.blah.net server3.blah.net
Key Authentication
The -J option on SSH also works with key authentication. However it's different that directly SSH-ing to host A and then SSH-ing to host B.
When you SSH from your client to host A, the latter checks the key on your client. When you then SSH from host A to B, the latter host checks the public/private key on server A.
However, when you SSH using the -J option, BOTH servers A and B will check the key on your client. MORE SPECIFICALLY, Server B WILL NOT check the ssh keys on server A as in an actual two step SSH process.
Thus when you use SSH with the -J option, make sure both servers A and B have your id.pub file from your client in their respective .ssh/authorized_key files.
SFTP using a JUMP host
The -J option also works when transferring files using SFTP.
This is also much nicer than transferring files two times: once to the intermediate host and then to the destination host.
$ sftp -J jchung@a.blah.net jchung@b.blah.net
Defining an SSH Jump configuration in the .ssh/config file
Typing an SSH command using a jump host can get a bit long.
ssh -J jchung@a.blah.net b.blah.net
so finally, to same time you can add this in the config file:
# put this in the .ssh/config file
Host host-bYou can now ssh to host b using the string defined after the host directive
$ ssh host-b