Using a jumpbox in ssh

April 16, 2009 - Remco - mysql - ssh - server - jumpbox - Software

Sometimes you will need to access a service on a client's machine from an untrusted network, but you don't want to expose this client's SSH server to untrusted IP's. If this is the case you can use a trusted machine (a so called jumpbox) as an intermediate to connect to the client's box.

For example, to connect the user test (user available on both jumpbox and production) to a remote mysql server running on production.example.org through jumpbox.example.org the following command can be used:

$ ssh -t -L 3308:localhost:3308 test@jumpbox.example.org \
 'ssh -L 3308:localhost:3306 test@production.example.org'

In this example port 3308 on your local machine will be tunneled to port 3306 on your production machine.

You can even use production.example.org as another jumpbox to create a tunnel that connects to a database server called database.local, that is only reachable from production.example.org:

$ ssh -t -L 3308:localhost:3308 test@jumpbox.example.org \
'ssh -L 3308:database.local:3306 test@production.example.org'

note: since database.local is behind a firewall mysql will allow network connections.



Latest Tweets