Reputation: 41
How to do ssh jump over two jump hosts in command line
I can't get connection chain with ssh one liner to work.
Chain: My PC -> jumphost -> Bastion -> my app X host(sharing subnet with Bastion)
-Jumphost expect private key A
-Bastion and X host both expect private key B
my pc> ssh -i /path_to_priv_key_for_X/id_rsa -o StrictHostKeyChecking=no -o
"ProxyCommand ssh -p 22 -W %h:%p -o \"ProxyCommand ssh -p 24 -W %h:%p
-i /path_to_key_jump/id_rsa jumphostuser@jumphostdomain\" -i
/path_to_bastion_key/id_rsa bastionuser@ip_to_bastion" myappuser@subnet_ip
Above does not work, but
ssh -i /path_to_bastion_key/id_rsa -o "ProxyCommand ssh -p 24 -W
%h:%p -i /path_to_key_jump/id_rsa jumphostuser@jumphostdomain"
bastionuser@ip_to_bastion
works, so I can access bastion with one liner, but adding app x host in the command chain does not work, wonder why?
I can step by step manually access the myapp X host like this
mypc> ssh -p 24 -i path_to_key_jump/id_rsa jumphostuser@jumphostdomain
jumphost> ssh -i /path_to_bastion_key/id_rsa bastionuser@ip_to_bastion
bastion> ssh myappuser@subnet_ip
myapp>
How to make in command line two hops over two jump hosts both requiring different key without ssh config?
Upvotes: 3
Views: 4147
Answers (2)
Reputation: 151
To add to the above. My use-case was a triple-hop to a database server, which looked like Server 1 (Basic Auth) --> Server 2 (Token) --> Server 3 (Basic Auth) --> DB Server (Port Forward).
After quite a few hours of turmoil, the solution was:
ssh -v -4 -J username@server1,username@server2 -N username@Server3 -L 1122:dbserver:{the_database_port_number}
Then I was able to just have the DB client hit localhost:1122 where 1122 can be any free port number on your localhost.
Upvotes: 2
Reputation: 930
Something which is working for me surprisingly well is ssh with -J option:
-J destination Connect to the target host by first making a ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there.
In fact, I's about its feature which I was not aware of for very long time:
Multiple jump hops may be specified separated by comma characters.
So multi-hop like PC -> jump server 1 -> jump server 2 -> target server (in my example: PC -> vpn -> vnc -> ece server can be done with one combo:
$ ssh -J vpn,scs694@tr200vnc rms@tr001tbece11
Of course, most handy is to have ssh keys to open pwd-less connections (PC->vpn and vpn -> vnc and vnc -> target.
I hope it will help, Jarek
Upvotes: 2
Related Questions
- How to use a jumphost/jump server in a script
- How to SSH tunnel from jump server to another server without directly logging in to the jump server
- Run command by ssh and 1 jump in the middle - ubuntu
- GNU parallel - running command through multiple ssh jumphosts
- How to: scp over Jumphost, each with privatekeys
- Different pulic key for jump host and destination host over ssh
- python ssh in to a jumpserver and then ssh in to a host from the jumpserver to execute a command
- knife ssh with multiple jump hosts
- SSH to jump host, to final host, then tmux
- How to SSH to a jumpoff server and SSH from that jumpoff server in Ruby