Configure SSH Jumphost

If you want to ssh into a Server, that is behind a strict firewall, many times there is a jumphost to access this separated network. That way you can control, that all connections have to be made over this jumphost.

Inline Argument

If you only plan on using this once, you can pass the jumphost as an inline-parameter to your ssh-command.

ssh -J user@jumphost user@targetserver

You can also connect over multiple jumphosts.

ssh -J user@jumphost-01 user@jumphost-02 user@targetserver

Config File

If you have to regularly use this jumphost, you can define it in your ssh-config. That way you don’t have to specify it every time.

This is done in the ~/.ssh/config file.

Host targetserver
  HostName targetserver.local
  ProxyJump jumphost-01

  # more optional parameters
  User user
  Port 22
  IdentityFile ~/.ssh/id_rsa

Host is the alias you want to use for this server. This can be a shortname for example. HostName specifies the FQDN that you connect to. ProxyJump defines the name of the Jumpserver. If you defined an alias for your jumpserver, you can use it as well. User will define what default user will connect to the server. If you don’t specify one in your ssh-command, this user will be used. Port defines the port for the ssh-connection. IdentityFile defines which ssh-key to use.

Use SSH-Keys

If you want to use SSH-Keys for authentication you have to place your key on both the jumphost and the target server. The key of the jumphost does not need to be deployed to the target, since the jumphost will forward your key for authentication.

profile picture of the author

Jannik Rehkemper

I'm an professional Linux Administrator and Hobby Programmer. My training as an IT-Professional started in 2019 and ended in 2022. Since 2023 I'm working as an Linux Administrator.