If you have:
intertubes ~~ (my so called life in the...) DMZ ~~~ some top secret lab
And you can go from the DMZ to the internet… and to the lab… but you can’t escape to the internet from the lab…
You need a jump server!
SSH added a -j option in version 7.3, along with a matching configuration option called ProxyJump.
You can set up a hostname configuration to jump directly from lab to internet (home of AWS btw):
- configure a host shortcut
AwsInstance
from dmz to internet - configure a host shortcut
DmzHost
from lab to dmx - configure a host shortcut
AwsInstanceJump
from lab to internet, withProxyJump DmzHost
I had to set up an sshd server using Cygwin on my Windows lappie in the dmz – it was all shiny and modern and had ProxyJump capability.
I had to bump up all my crusty old Ubuntu 16.04 boxes (2016 is so yesterday) to get from ssh 7.2 to 7.4. Good to go!
See the wiki for the latest instructions.