Use SSH ProxyJump with Bastion Host

05 Aug 2022DevOps

For security reasons, you might want to connect to a production server through a bastion host. This is a common patter for production server administration.

You don't want to leave any private key on the bastion host, you want to keep on your computer or VM you use for administration. With few configurations on the ssh config file you can automate this behavior.

First, let's define the bastion in your ~/.ssh/config file

Host bastion
  HostName 203.0.113.1
  User myuser
  Port 22
  ForwardAgent yes

On the same file, you can add the production server.

In case you are not familiar with Bastion Host, the production server should not be accessible via SSH on public IP, only private IP, with filter on the bastion IP.

Host prodserv
  HostName 192.0.2.1
  User myuser
  ProxyJump bastion

Your public key should be on both server in the ~/.ssh/authorized_keys file.

Once this is done, you can connect to your server with the following command line.

ssh prodserv

Next: HAProxy Reload configuration in Crontab
Previous: How to Become a DevOps Engineer