Using a jump host/bastion is a common practice in DevOps. Your infrastructure communicates over an internal network and to access every machine on it you just create one server or virtual machine called jump host. This server can reach your internal network and it also has a public IP address - you just secure this server as much as you can (allowing only SSH connections from the public Internet, disabling weak ciphers, disabling password logins, etc).
There are multiple ways to connect to machines via a jump host. For a single connection, you can use the ProxyJump function of SSH client which is described in Tip 001: Forget SSH ProxyCommand and use ProxyJump. For connecting to more servers you can use sshuttle or VPN.
But if you use Ansible, you don’t have to use the sshuttle all the time, because Ansible can use the ProxyJump directly. You just have to edit the inventory file and use the parameter ansible_ssh_common_args
.
Therefore; if you want to use [email protected]
as a jump host, you need to modify the original line from:
server1.example.com ansible_host=10.0.2.23
to
server1.example.com ansible_host=10.0.2.23 ansible_ssh_common_args='-J [email protected]'