Scenario/Use case:

Consider, we have a jumpbox which has access to all the production machine and we don’t want to expose SSH access to public. In such scenario, we can allow only jumpbox to public access and through jumpbox, we can access remaining machines. But, its a pain to login to jumpbox and do ssh to the production hosts.

 

Solution:

Here comes the easy solution that we can apply from your local machine so we can directly SSH from your local machines.

Assumption:

  1. You should have access to jumpbox as well production host. Otherwise, you will have to enter the password.
  2. Hostname or IP address of Jumpbox(In our case, we are using jumpbox.domain.tld)

On your local machine, open the terminal and open .ssh/config.  This file may/may not exist. We can create the file and append the following content.

Host *
ProxyCommand  ssh username@jumpbox.domain.tld nc %h %p 2> /dev/null

 

In the above case, when the user(username) tries to login from their local machine, it will route the traffic through jumpbox.

Advanced Usecase:

Let’s consider,  if we have the hostname all ends with domain.tld and we can setup a jumpbox only particular to domain.tld.

Host *.domain.tld

ProxyCommand  ssh username@jb.domain.tld nc %h %p 2> /dev/null

 

 

Post Views: 63

Leave a Reply