This is worth my time to document it. I have this friend/client who is very paranoid about security. When I have to connect to his servers, I have to do several SSH jumps, just like the image.
He will only allow me to connect from a static IP and if I wanted to connect to a server of his without a public IP, I would have to do several SSH connections. Since I only have a dynamic IP and who knows where I may be connecting from (house, office, Starbucks), I am allowed to connect from one of my servers that has a public static IP.
This becomes very stressful and annoying. Happily, for us, there is a way to do one SSH command to connect directly to the given server. I will describe how I managed to do that.
The SSH command has the ~/.ssh/config file where you can set up several configurations. In my example, I had to do 3 SSH connections to reach the server I wanted. So, this is what I did.
host privateserver
ProxyJump root@my-server-with-pubic-ip,root@his-server-with-public-ip,root@his-server-with-private-ip
User root
After this is done, all I have to do is to type ssh privateserver.
This command will make me enter a password 3 times. Do not forget, you can use SSH keys! If you import your public key in the ~/.ssh/authorized_keys in each server, you won't have to enter a password.
Note that the "privateserver" label must be resolvable by your last jump. This could be easily fixed by adding it in the /etc/hosts file if it is not a fully resolvable FQDN or an IP.
Good luck!
blog comments powered by DisqusAbout
Read about IT, Migration, Business, Money, Marketing and other subjects.
Some subjects: FusionPBX, FreeSWITCH, Linux, Security, Canada, Cryptocurrency, Trading.