Direct SSH connection to a server behind other Servers

This is worth my time to document it. I have this friend/client who is very paranoid about security. When I have to connect to his servers, I have to do several SSH jumps, just like the image.

He will only allow me to connect from a static IP and if I wanted to connect to a server of his without a public IP, I would have to do several SSH connections. Since I only have a dynamic IP and who knows where I may be connecting from (house, office, Starbucks), I am allowed to connect from one of my servers that has a public static IP.

This becomes very stressful and annoying. Happily, for us, there is a way to do one SSH command to connect directly to the given server. I will describe how I managed to do that.

SSH Configuration

The SSH command has the ~/.ssh/config file where you can set up several configurations. In my example, I had to do 3 SSH connections to reach the server I wanted. So, this is what I did.

host privateserver
       ProxyJump root@my-server-with-pubic-ip,root@his-server-with-public-ip,root@his-server-with-private-ip
       User root

After this is done, all I have to do is to type ssh privateserver.

This command will make me enter a password 3 times. Do not forget, you can use SSH keys! If you import your public key in the ~/.ssh/authorized_keys in each server, you won't have to enter a password.

Note that the "privateserver" label must be resolvable by your last jump. This could be easily fixed by adding it in the /etc/hosts file if it is not a fully resolvable FQDN or an IP.

Good luck!