Warning: This page has beta status

Use case fro Jump host

A jump host is usually a host that has an sshd running and allows users to connect, and also allows ssh connections from the device.

(insert nice diagram here)

In the IPv4 scenario, the router has made a port forward from its outside interface on port 22 to port 22 on the interface of the jumphost.

In the IPv6 scenario, the router will be configured to block all connections, except the one going to the sshd on the jump host.

This way only one devices services are exposed to the internet.

This is very convinient, and work very well with key based ssh login.

Variables used:

Variables used in the example:

The process

Create a default Debian/jessie installation with the hostname “jumphost”

This has the ssh service installed by default

(we need a guide for this)
As root on jumphost, run adduser jumper and set a password

This creates the user we will use for jumping.
Create a port forward on the router from the routers outside interface on port 22 to the jump host interface on port 22.

(we need a guide for this)

As a common user on an external machine, run ssh -p 22 jumper@10.0.0.100

This will log onot the jump host
run ssh myuser@192.168.1.100

This will connect you from the jumphost to the internal device

As a common user on an external machine, run ssh -o ProxyCommand="ssh -W %h:%p -p 22 jumper@10.0.0.100" myuser@192.168.1.100

This will connect you to the internal through the jumphost - all in one line

As a common user on an external machine, run ssh -J jumper@10.0.0.100:22 myuser@192.168.1.100

This will connect you to the internal through the jumphost - all in one line

In this example we have very limited security. Please check further reading links for more info.