SSH Cheatsheet
SSH Proxy Jump Techniques
External SSH Resources
SSH Proxy Jump Methods
Method 1: Using Local Keys for Bastion and Target
This method configures your SSH client to use specific identity files for both the bastion host and the target host, facilitating a seamless proxy jump.
Host *
Port 22
User ubuntu
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ServerAliveInterval 60
ServerAliveCountMax 30
Host jump-host
HostName bastion.domain.com
IdentityFile ~/.ssh/bastion.pem
Host target-a
HostName target-a.pvt.domain.com
IdentityFile ~/.ssh/target_a.pem
ProxyJump jump-host
Method 2: Using Local Key for Bastion and Remote Key for Target
In this scenario, your local key authenticates to the bastion, and the bastion uses a pre-configured remote key to access the target host.
Host *
Port 22
User ubuntu
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ServerAliveInterval 60
ServerAliveCountMax 30
Host jump-host
HostName bastion.domain.com
IdentityFile ~/.ssh/bastion.pem
Host target-b
HostName target-b.pvt.domain.com
IdentityFile /home/ubuntu/.ssh/id_rsa
ProxyCommand ssh -o 'ForwardAgent yes' jump-host 'ssh-add && nc %h %p'
Method 3: One-Liner Proxy Jump Command
A concise command-line approach for establishing a proxy jump connection without modifying your SSH configuration file.
ssh -i ~/.ssh/target.pem -o ProxyCommand="ssh -W %h:%p -i ~/.ssh/id_rsa -q ubuntu@bastion.domain" ubuntu@target.domain
SOCKS5 SSH Tunneling
Utilize SSH to create a SOCKS5 proxy, enabling secure tunneling for your network traffic. This is useful for bypassing firewalls or accessing resources securely.
To run a SOCKS5 SSH tunnel in the foreground:
ssh -D 1337 -q -C -N jump-host
To run a SOCKS5 SSH tunnel in the background (forked process):
ssh -D 1337 -q -C -N -f jump-host
Learn more about SOCKS5 SSH Tunnels
SSH Local Port Forwarding (Tunnel)
Set up a local tunnel to forward traffic from a local port to a specific port on a remote host, traversing through a bastion if necessary.
First, configure your SSH config for easier management (optional):
$ cat ~/.ssh/config
Host jump-host
HostName jump-host.mydomain.com
Port 22
User ruan
IdentityFile ~/.ssh/id_rsa
Host target-a
Hostname 172.31.16.3
User ec2-user
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh -o 'ForwardAgent yes' jump-host 'ssh-add && nc %h %p'
Method 1: Active SSH Session for Tunneling
This command establishes an SSH connection that remains active as long as you are logged in, forwarding local port 8080 to remote port 9100.
$ ssh -L 8080:localhost:9100 target-a
Method 2: Background SSH Tunneling
Fork the SSH session to the background for persistent tunneling without keeping an active terminal session.
$ ssh -fN -L 8080:localhost:9100 target-a
To terminate a background tunnel, find its process ID (PID) using ps aux | grep '8080:localhost:9100' and then kill it with kill $pid.
Method 3: Foreground SSH Tunneling with Options
Run the SSH tunnel in the foreground with compressed and quiet options for efficient and unobtrusive operation.
$ ssh -fN -L 8080:localhost:9100 -CqN target-a
Verify the tunnel by attempting to connect to the local forwarded port:
$ nc -vz localhost 8080
Connection to localhost port 8080 [tcp/*] succeeded!