How to SSH tunnel from jump server to another server without directly logging in to the jump server

Question

I know, this question has been asked a lot, but still I have problems using ssh proxy.

I have an EC2 server (running a simple web server) which is in a private network in aws. And have a jumphost to connect to it. jumphost is in a public network. Only way I can login in to the web server instance is through the jumphost.

So I have created ~/.ssh/config file in my local computer as below:

Host jumphost
  Hostname <Retracted-Public-IP>
  user ec2-user
  IdentityFile /Users/jananath/.ssh/private-key.pem

I can log in to the jumphost as: ssh jumphost and it works.

And in the jumphost above I have configured ~/.ssh/config as below:

Host my-web-server
  Hostname <Retracted-Private-IP>
  user ec2-user
  IdentityFile ~/.ssh/web-server-private-key.pem

And I can ssh into the web server (from jumphost) as ssh my-web-server and it works.

I don't want to log in to the jumphost everytime I need to log into the web server, so I tried proxying.

Therefore, I added another block to my local ~/.ssh/config file as below:

Host jumphost
  Hostname <Retracted-Public-IP>
  user ec2-user
  IdentityFile /Users/jananath/.ssh/private-key.pem

Host my-web-server
   ProxyCommand ssh jumphost -W %h:%p

And I tried: ssh my-web-server and it gives the below output:

kex_exchange_identification: Connection closed by remote host Connection closed by UNKNOWN port 65535

Can someone help me fix this?

Philippe · Answer 1 · 2021-12-20T20:48:57.567

2

This should work :

Host my-web-server
   ProxyCommand ssh jumphost nc %h %p

You can also try :

ssh -oProxyCommand="ssh -W %h:%p jumphost" my-web-server

Third command worth to try :

ssh -J jumphost my-web-server

edited Dec 20 '21 at 20:48

answered Dec 20 '21 at 17:48

Philippe

20,025
2
23
32

Still the same error. – Jananath Banuka Dec 20 '21 at 18:40
I have no idea why this is not working. But it doesn't work even after trying as per your answer – Jananath Banuka Dec 20 '21 at 19:47
Both solutions work on my system. Did you get same error when trying the second solution ? Maybe you can upload the trace of this command : `ssh -vvv my-web-server` – Philippe Dec 20 '21 at 20:15
-J worked for me! – Rémy Hosseinkhan Boucher Jan 27 '23 at 11:21

score 0 · Answer 2 · answered Jan 26 '22 at 07:24

Copy the public key of your local machine to ~/.ssh/authorized_keys of the remote machine and not just the jump server. This will enable passwordless login from the local machine using ssh -J. If your ip is ipv6 make the following modification in the config file of your local machine.

Host jumphost
  Hostname Retracted-Public-IPv6
  user ec2-user
  IdentityFile /Users/jananath/.ssh/private-key.pem

Host my-web-server
   ProxyCommand ssh jumphost -W %[h]:%p

score 0 · Answer 3 · edited Jul 10 '23 at 14:52

0

I find the solution because of the jumphost can't find the .pem file. So that we need point the .pem files path.sample

ssh -J jumphost ec2-user@172.31.12.10 -i "/Users/aaa/key.pem"

edited Jul 10 '23 at 14:52

Aman Singh Rajpoot

1,451
6
26

answered Jul 03 '23 at 10:01

ll yi

1

How to SSH tunnel from jump server to another server without directly logging in to the jump server

3 Answers3