This article introduces how to ssh-jump on a remote intermediate server(s) to ssh-connect into a target server with a single command.
This article assumes that All machines (including local and remote servers) share the same public and private RSA keys.
This article requires a setting for complete passwordless ssh login, described in the following posts:
Let’s assume that we have a local server (indicated as
Local in the figure) and remote servers (indicated as
R# in the figure),
where we can use ssh between the two servers directly connected by a green line
(i.e., we can only connect from local to R0 server).
Our goal is to connect from local to any remote server with a single ssh command.
Using ProxyCommand for SSH Tunneling
To set up the ssh-jump, open up
~/.ssh/config in the local machine and add the following:
$ vim ~/.ssh/config Host * IgnoreUnknown UserKeychain UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_rsa Host R0 Hostname %h.postech.ac.kr Port 22 Host R1 Hostname %h.postech.ac.kr Port 22 ProxyCommand ssh -W %h:%p R0 Host R2 R3 Hostname %h.postech.ac.kr Port 22 ProxyCommand ssh -W %h:%p R1 Host R4 Hostname %h.postech.ac.kr Port 22 ProxyCommand ssh -W %h:%p R3
SSH Log-in Using Single Command
~/.ssh/config set, you can connect to any remote server with a single command.
For example, to connect from
$ ssh R4