If you have:

intertubes ~~ (my so called life in the...) DMZ ~~~ some top secret lab

And you can go from the DMZ to the internet… and to the lab… but you can’t escape to the internet from the lab…

You need a jump server!

SSH added a -j option in version 7.3, along with a matching configuration option called ProxyJump.

You can set up a hostname configuration to jump directly from lab to internet (home of AWS btw):

  • configure a host shortcutAwsInstancefrom dmz to internet
  • configure a host shortcutDmzHostfrom lab to dmx
  • configure a host shortcutAwsInstanceJumpfrom lab to internet, with ProxyJump DmzHost

I had to set up an sshd server using Cygwin on my Windows lappie in the dmz – it was all shiny and modern and had ProxyJump capability.

I had to bump up all my crusty old Ubuntu 16.04 boxes (2016 is so yesterday) to get from ssh 7.2 to 7.4.  Good to go!

See the wiki for the latest instructions.

Cygwin/X can do a lot, including giving you a nice xterm for your Windows-to-linux ssh sessions.

But you’d think it would be easier… (continued…)