If you work with large infrastructure and need to SSH into servers, you might typically use a VPN or network tunneling solution, such as sshuttle, in conjunction with a jump host. With this setup, you can directly connect to the server. Utilizing jump hosts is advantageous because they provide access to the entire infrastructure using only one server that is accessible from the public Internet.
However, if you want to connect to a specific server quickly, you can easily accomplish this using the ProxyJump feature in SSH (introduced in SSH 7.3). This command establishes TCP forwarding between your computer and the target host via your jump host. Due to the forwarding, the connection is end-to-end encrypted, as you are tunneling one SSH connection through another. Therefore; the jump host remains unaware of your activities on the target server. Note: this is different from the older ProxyCommand command, which forwarded stdin and stdout to the jump host.
To set up ProxyJump, use the SSH -J
parameter with the following syntax:
For more information, consult the SSH manual pages:
-J destination
Connect to the target host by first making a ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple
jump hops may be specified separated by comma characters. This is a shortcut to specify a ProxyJump configuration directive. Note that configuration directives supplied on the command-line
generally apply to the destination host and not any specified jump hosts. Use ~/.ssh/config to specify configuration for jump hosts.