3

I need to connect to a remote server behind jump hosts. There are several jump hosts (residing in different regions) that I can tunnel through to reach this remote server.

So I need to connect to this remote server via any available jump host. If one of the jump host is down (or I may manually choose to), my connection must automatically choose any available tunnel, through the alternate jump host to connect to the remote server.

host A ------------JumpHost1----------------remote host
          |                                 |
          |--------JumpHost2----------------|
          |                                 |
          |--------JumpHost3----------------|
          |                                 |
          |--------Jumphost4----------------|
          |                                 |
          |--------JumpHost5----------------|
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
LKM
  • 31
  • 1

1 Answers1

3

Assuming -J destination (ProxyJump) is available on your version of the SSH client.

Configure your hosts (both destination and jump host) using ~/.ssh/config with the keywords found in ssh_config(5).

-J destination
Connect to the target host by first making a ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple jump hops may be specified sepa‐ rated by comma characters. This is a shortcut to specify a ProxyJump configuration directive. Note that configuration directives supplied on the command-line generally apply to the destination host and not any specified jump

Because the destination hosts in both -J and ProxyHosts are visited sequentially, you cannot use this for the failover jump hosts, so your configuration would look like, e.g.,

Host target.example.com
  User username
  IdentityFile ~/.ssh/id_ed25519

Host jumphost?.example.com
  User username
  IdentityFile ~/.ssh/id_ed25519

Then, you could use the -J option in a Bash script, say jump.sh destination:

#!/bin/bash

JumpHosts=(
  "jumphost1.example.com"
  "jumphost2.example.com"
  "jumphost3.example.com"
  "jumphost4.example.com"
  "jumphost5.example.com"
)

if [ "$#" -lt 1 ]; then
  echo "Usage: $0 [user@]target.example.com" >&2
  echo "Usage: $0 ssh://[user@]target.example.com[:port]" >&2
  exit 1
fi

for JumpHost in "${JumpHosts[@]}"; do
  echo "Connecting to $1 using jump host $JumpHost..."
  if ssh -J "$JumpHost" "$1"; then
    exit 0
  fi
  echo
done

echo "No working jump hosts available." >&2
exit 1
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129