Using a jumpbox in ssh

April 16, 2009 - Remco - mysql - ssh - server - jumpbox - Software

Sometimes you will need to access a service on a client's machine from an untrusted network, but you don't want to expose this client's SSH server to untrusted IP's. If this is the case you can use a trusted machine (a so called jumpbox) as an intermediate to connect to the client's box.

For example, to connect the user test (user available on both jumpbox and production) to a remote mysql server running on through the following command can be used:

$ ssh -t -L 3308:localhost:3308 \
 'ssh -L 3308:localhost:3306'

In this example port 3308 on your local machine will be tunneled to port 3306 on your production machine.

You can even use as another jumpbox to create a tunnel that connects to a database server called database.local, that is only reachable from

$ ssh -t -L 3308:localhost:3308 \
'ssh -L 3308:database.local:3306'

note: since database.local is behind a firewall mysql will allow network connections.

Latest Tweets