This article introduces how to ssh-jump on a remote intermediate server(s) to ssh-connect into a target server with a single command.

This article assumes that All machines (including local and remote servers) share the same public and private RSA keys.

This article requires a setting for complete passwordless ssh login, described in the following posts:

Connection Example

drawing

Let’s assume that we have a local server (indicated as Local in the figure) and remote servers (indicated as R# in the figure), in which we can use ssh between the two servers directly connected with a green line (e.g., we can only connect from local to R0 server).

Our goal is to connect from local to any remote server with a single ssh command.

Using ProxyCommand for SSH Tunneling

Open up ~/.ssh/config in the local machine and type the following:

$ vim ~/.ssh/config

Host *
    IgnoreUnknown UserKeychain
    UseKeychain yes
    AddKeysToAgent yes
    IdentityFile ~/.ssh/id_rsa

Host R0
    Hostname %h.postech.ac.kr
    Port 22

Host R1
    Hostname %h.postech.ac.kr
    Port 22
    ProxyCommand ssh -W %h:%p R0

Host R2 R3
    Hostname %h.postech.ac.kr
    Port 22
    ProxyCommand ssh -W %h:%p R1

Host R4
    Hostname %h.postech.ac.kr
    Port 22
    ProxyCommand ssh -W %h:%p R3

SSH Loggin-In Using Single Command

Once ~/.ssh/config is set, we can connect to any remote server with a single command.

Connecting from Local to R4, for example:

$ ssh R4

References

  1. SSH through multiple hosts using ProxyCommand?

Leave a comment