0

How can I simplify this? Perhaps using agent forwarding?

I have an SSH jump host with 2FA via TOTP x2 and a machine which uses 2FA as well(jump host and machine):

ssh myuser@host.corp.com -L 22222:my_machine.corp.com:22
# requires password + 2FA TOTP code
ssh myuser@localhost -p 22222
# requires password + 2FA TOTP code

How can I ideally simplify this (via SSH config or so) to simply call ssh myhost and then if needed be asked for the 2FA and password 2x - but not having to connect 2x

Georg Heiler
  • 103
  • 3

1 Answers1

1

You can use the ProxyJump option of the ssh client to achieve that:

ssh -J myuser@host.corp.com my_machine.corp.com

or as an entry in ~/.ssh/config:

Host my_machine.corp.com
  ProxyJump myuser@host.corp.com
Saïmonn
  • 325
  • 2
  • 8
  • I experimented with it earlier today - but somehow got a too many failed attempt error this way – Georg Heiler Nov 09 '21 at 16:40
  • I've not experimented with 2FA on ssh. I there a possiblity for you to use private/public key authentication instead ? I guess the prompt for 2FA can be messing with tunneling/ProxyJump – Saïmonn Nov 10 '21 at 11:05