selfup/ssh_jump_host.md

Created July 28, 2019 23:37

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/selfup/8c200c2f9d4a204c36f1e15e357c9914.js"></script>
Save selfup/8c200c2f9d4a204c36f1e15e357c9914 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

ssh_jump_host.md

ssh -J user@machineB user@machineA

From man ssh:

-J [user@]host[:port] Connect to the target host by first making a ssh connection to the jump host and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive.

It was introduced in OpenSSH version 7.3 (released in August 2016). It is available in Ubuntu 16.10 and later.

Source: https://askubuntu.com/a/996657

Author

selfup commented Jul 28, 2019

SSH back into a non public IP already connected: https://unix.stackexchange.com/a/132330

Author

selfup commented Jul 28, 2019

By definition, the client is the one that initiates the connection.

For your problem, I think a simple solution would be building a reverse tunnel.

On the computer without public IP:

ssh -R 2222:localhost:22 loginOfServerWithPublicIP@publicIP
This connects to the server by SSH and builds a tunnel from the server with public IP on port 2222 to the computer without public IP on port 22 (SSH).

And then on the server:

ssh -p 2222 loginOfComputerWithoutPublicIP@locahost
The connection is redirected from the port 2222 of the server to the port 22 of the computer by the first tunnel. You may want to use tool like autossh to make the tunnel more resilient (i.e. restart it automatically when it shuts down).