0

I'm in the process of setting up a jump server/bastion host for several of our developers and was wondering if it is possible to use the config file on the bastion for final server resolution.

E.g. we have

  • developer
  • bastion
  • client

Currently, I have the following in the developer .ssh/config

Host bastion
  HostName bastion-address.com
  User developer

Host client
  User client-user
  HostName client-ip
  ProxyJump bastion

However, what would be great is if I could set the client user & ip on the bastion. That way, the developer doesn't need to know the details, just the Host name to connect.

So would imagine something like the following on the developer laptops:

Host bastion
  HostName bastion-address.com
  User developer

Host client-server
  HostName client-name
  ProxyJump bastion

And then this on the Bastion:

Host client-name
  User client-user
  HostName client-ip

Hope that makes sense.

mikestreety
  • 101
  • 1
  • The "problem" is that "ProxyJump" works by TCP forwarding traffic to `client` over the connection to the bastion server. It doesn't run a ssh (or any other helper command ) on the bastion, so it won't use/read configuration files there either. – diya Dec 13 '22 at 11:42
  • That's kind of what I expected, I didn't know if I could use `ProxyCommand` instead to utilise the bastion host? – mikestreety Dec 13 '22 at 12:28

1 Answers1

0

Use DNS.

Create AAAA records for bastion.example.net, client.example.net and so on with the IPs in question.

Delete IP addresses in ssh_config.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34