This worth my time to document it. I have this friend/client who is very paranoid about security. When I have to connect to his servers, I have to do several SSH jumps, just like the image.

He will only allow me to connect from a static IP and if I wanted to connect to a server of his without a public IP, I would have to do several SSH connections. Since I only have a dynamic IP and who knows where I may be connecting from (house, office, Starbucks), I am allowed to connect from one of my servers that has a public static IP.

This becomes very stressful and annoying. Happily, there is a way to do one SSH command to connect directly to the given server. I will describe how I managed to do that.

This is also known as SSH Tunneling.

SSH Configuration

The SSH command has the ~/.ssh/config file where you can set up several configurations. In my example, I had 3 SSH connections to reach the server I wanted. So, this is what I did.

host privateserver
       ProxyJump root@my-server-with-pubic-ip,root@his-server-with-public-ip,root@his-server-with-private-ip>
       User root

After this is done, all I have to do is to type ssh privateserver.

This command will make me enter a password 3 times. Do not forget, that you can use SSH keys! You won't have to enter any password if you import your public key in the ~/.ssh/authorized_keys in each server.

Note that the "privateserver" label must be resolvable by your last jump. This could be easily fixed by adding it in the /etc/hosts file if it is not a fully resolvable FQDN or an IP.

Basic Tunnelling

You may only have access to a server via SSH, and maybe you want to access the HTTP port (80/tcp) which is closed to the public. There is an easy solution. Type: ssh -L 65001:127.0.0.1:80 privateserver

Then you just point your browser to 127.0.0.1:65001. If you are using a non-root user, you must specify high ports (greater than 1024) otherwise OpenSSH will fail without error.

Good luck!

";