{"id":1129,"date":"2017-09-29T09:53:43","date_gmt":"2017-09-29T14:53:43","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=1129"},"modified":"2017-10-09T15:50:45","modified_gmt":"2017-10-09T20:50:45","slug":"ssh-jumphost","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/ssh-jumphost\/","title":{"rendered":"SSH JumpHost"},"content":{"rendered":"<p>Newer versions of ssh simplified the ProxyCommand directive a little in config files with ProxyJump directive.<\/p>\n<p>A command line ProxyCommand may work like this for you:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ ssh -i private_key -o &quot;ProxyCommand ssh -W %h:%p -i private_key user@&lt;jumphost IP address&quot; user@&lt;private IP address&gt;\r\n<\/pre>\n<p>Config file entries like this:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ more config \r\nHost gw01\r\n     HostName &lt;jumphost IP&gt;\r\n     User &lt;username&gt;\r\n     IdentityFile \/full\/path\/private_key\r\nHost server1\r\n     HostName 10.2.3.3\r\n     ProxyJump gw01\r\n     User &lt;username&gt;\r\n     IdentityFile \/full\/path\/private_key\r\n<\/pre>\n<p>Using ssh config you can simply ssh like this: <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ ssh server1\r\n<\/pre>\n<p>Or better if you have many projects using ssh with a custom config file: <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ ssh -F my-config server1\r\n<\/pre>\n<p>Note: I am not able to use ProxyJump as a command line one liner with the -J flag when I have private keys on both the JumpHost and Private Host.  For example below does not specify the -i for the jump host and not sure it will accept it command line.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n$ ssh -i key -J user@public-IP user@private-IP\r\n<\/pre>\n<p>Couple examples of scp using the config file and\/or jumping:<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nrrosso@rrosso-VirtualBox:~\/.ssh$ scp -F my-config -oProxyJump=gw01 \/media\/antergos-17.6-x86_64.iso  host01:\/pool\/\r\n\r\nrrosso@rrosso-VirtualBox:~\/.ssh$ scp -F my-config  \/media\/antergos-17.6-x86_64.iso  gw01:\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Newer versions of ssh simplified the ProxyCommand directive a little in config files with ProxyJump directive. A command line ProxyCommand<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[],"class_list":["post-1129","post","type-post","status-publish","format-standard","hentry","category-ssh"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=1129"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/1129\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=1129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=1129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=1129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}