Configure SSH ProxyJump on Ubuntu Linux
Connecting to secure internal servers often requires routing your connection through an intermediary gateway known as a bastion host or jump server. This guide shows you how to configure SSH ProxyJump on Ubuntu Linux using the local SSH configuration file, enabling you to securely tunnel through a bastion host to your target destination with a single command.
Step 1: Open the SSH Configuration File
Instead of typing long, complex commands every time you want to connect, you can define your connection parameters in your user-specific SSH configuration file.
Open or create the configuration file using your preferred text editor (such as Nano):
nano ~/.ssh/configIf the .ssh directory or the config file
does not exist, the editor will create it automatically.
Step 2: Add the Bastion Host and Target Server Configurations
Inside the file, you need to define two hosts: the intermediary bastion host and the target private server. Add the following block of code, replacing the placeholder values with your actual network details:
# Intermediary Bastion Host
Host bastion
HostName bastion.example.com
User your_username
IdentityFile ~/.ssh/id_rsa
# Target Private Server
Host private-target
HostName 10.0.0.50
User target_username
IdentityFile ~/.ssh/id_rsa_target
ProxyJump bastionParameter Breakdown:
- Host: A custom nickname/alias for the server (e.g.,
bastion,private-target). - HostName: The public IP address or domain name of the bastion host, or the private IP address of the target server.
- User: The SSH username for the respective server.
- IdentityFile: The path to the private SSH key used to authenticate with that server.
- ProxyJump: The crucial directive that tells SSH to
route the connection to
private-targetthrough thebastionhost configuration defined above.
Save and close the file (in Nano, press Ctrl+O,
Enter, and then Ctrl+X).
Step 3: Set Correct File Permissions
SSH requires strict permissions on configuration files for security reasons. If the permissions are too open, SSH will ignore the file. Run the following commands to secure your SSH directory and configuration file:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/configStep 4: Connect to the Target Server
With the configuration saved, you no longer need to manually log into the bastion host first. You can connect directly to your destination server with a single command:
ssh private-targetSSH will automatically authenticate with the bastion
host, establish a secure tunnel, and drop you directly into the terminal
of the private-target server.