Reputation: 3973
How to SSH tunnel from jump server to another server without directly logging in to the jump server
I know, this question has been asked a lot, but still I have problems using ssh proxy.
I have an EC2 server (running a simple web server) which is in a private network in aws. And have a jumphost to connect to it. jumphost is in a public network. Only way I can login in to the web server instance is through the jumphost.
So I have created ~/.ssh/config file in my local computer as below:
Host jumphost
Hostname <Retracted-Public-IP>
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
I can log in to the jumphost as: ssh jumphost and it works.
And in the jumphost above I have configured ~/.ssh/config as below:
Host my-web-server
Hostname <Retracted-Private-IP>
user ec2-user
IdentityFile ~/.ssh/web-server-private-key.pem
And I can ssh into the web server (from jumphost) as ssh my-web-server and it works.
I don't want to log in to the jumphost everytime I need to log into the web server, so I tried proxying.
Therefore, I added another block to my local ~/.ssh/config file as below:
Host jumphost
Hostname <Retracted-Public-IP>
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
Host my-web-server
ProxyCommand ssh jumphost -W %h:%p
And I tried: ssh my-web-server and it gives the below output:
kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535
Can someone help me fix this?
Upvotes: 4
Views: 11911
Answers (3)
Reputation: 1
I find the solution because of the jumphost can't find the .pem file. So that we need point the .pem files path.sample
ssh -J jumphost [email protected] -i "/Users/aaa/key.pem"
Upvotes: 0
Reputation: 65
Copy the public key of your local machine to ~/.ssh/authorized_keys of the remote machine and not just the jump server. This will enable passwordless login from the local machine using ssh -J. If your ip is ipv6 make the following modification in the config file of your local machine.
Host jumphost
Hostname Retracted-Public-IPv6
user ec2-user
IdentityFile /Users/jananath/.ssh/private-key.pem
Host my-web-server
ProxyCommand ssh jumphost -W %[h]:%p
Upvotes: 1
Reputation: 26800
This should work :
Host my-web-server
ProxyCommand ssh jumphost nc %h %p
You can also try :
ssh -oProxyCommand="ssh -W %h:%p jumphost" my-web-server
Third command worth to try :
ssh -J jumphost my-web-server
Upvotes: 5
Related Questions
- SSH multiple HOP
- Run command by ssh and 1 jump in the middle - ubuntu
- How to: scp over Jumphost, each with privatekeys
- How to do ssh jump over two jump hosts in command line
- JSch multiple tunnels/jumphosts
- SSH tunnel to Database from two level of jump server with different keys
- Create a SSH tunnel from a Jump host to a Database and access the database on Jump Host Port
- How to SSH to a jumpoff server and SSH from that jumpoff server in Ruby
- ssh: tunnel through remote server to another server
- How do I port forward from a remote server through a jump box