If you have:

intertubes ~~ (my so called life in the...) DMZ ~~~ some top secret lab

And you can go from the DMZ to the internet… and to the lab… but you can’t escape to the internet from the lab…

You need a jump server!

SSH added a -j option in version 7.3, along with a matching configuration option called ProxyJump.

You can set up a hostname configuration to jump directly from lab to internet (home of AWS btw):

  • configure a host shortcutAwsInstancefrom dmz to internet
  • configure a host shortcutDmzHostfrom lab to dmx
  • configure a host shortcutAwsInstanceJumpfrom lab to internet, with ProxyJump DmzHost

I had to set up an sshd server using Cygwin on my Windows lappie in the dmz – it was all shiny and modern and had ProxyJump capability.

I had to bump up all my crusty old Ubuntu 16.04 boxes (2016 is so yesterday) to get from ssh 7.2 to 7.4.  Good to go!

See the wiki for the latest instructions.

I cloned a Windows machine today on AWS.  So easy, immediate creation of a fully-configured Windows machine, including all software.  Linux set this cloning standard, Windows has to keep up.  Think about how disruptive this is.  I don’t see how the CEOs at Microsoft are sleeping well, they are having to let go of everything that made Windows the bottomless cash pit it has been for decades.  Software developers as well.  The King is dead, long live the King…