How to Access a Remote Server Using a SSH Jump Host?

SSH Jump Host is an intermediate server that acts as a secure gateway to access remote servers that are not directly reachable from your local network. It provides an additional layer of security and allows you to connect to target servers through a controlled access point.

Remote servers, also known as cloud servers or virtual private servers (VPS), are computing machines hosted off-site that may be placed behind firewalls or in private networks. SSH jump hosts solve connectivity challenges by serving as a secure intermediary, allowing you to access remote servers without exposing sensitive information or compromising security.

How SSH Jump Host Works

Setting up the SSH Jump Host

To set up an SSH jump host on a Linux machine, you need to configure the SSH service and firewall settings properly.

Steps to Configure Jump Host

1. Install OpenSSH Server

sudo apt-get install openssh-server

2. Backup and Edit SSH Configuration

cd /etc/ssh/
sudo cp sshd_config sshd_config_backup
sudo nano sshd_config

3. Modify SSH Configuration

Uncomment and change the port (optional for security):

Port 2222

Add these lines to enable forwarding:

AllowAgentForwarding yes
GatewayPorts yes

4. Restart SSH Service

sudo systemctl restart ssh

Configuring Firewall Settings

Configure the firewall to allow SSH connections:

sudo apt-get install ufw
sudo ufw allow 2222/tcp
sudo ufw enable
sudo ufw status numbered

Configuring the Remote Server

Server SSH Configuration

Connect to the remote server and edit its SSH configuration:

sudo nano /etc/ssh/sshd_config

Add security settings:

PermitRootLogin no
AllowUsers yourusername

Restart the SSH service:

sudo systemctl restart ssh

Setting up SSH Key Authentication

Generate SSH key pair on your local machine:

ssh-keygen -t rsa -b 4096

Copy the public key to both jump host and target server:

ssh-copy-id user@jump-host
ssh-copy-id user@target-server

Connecting via Jump Host

Basic Connection Command

Use the -J option to specify the jump host:

ssh -J user@jump-host user@target-server

For custom ports:

ssh -J user@jump-host:2222 user@target-server:22

SSH Port Forwarding

Forward local port 8080 to remote port 80:

ssh -J user@jump-host -L 8080:target-server:80 user@target-server

Forward through jump host to another service:

ssh -J user@jump-host -L 3306:database-server:3306 user@target-server

SSH Config File Setup

Create a ~/.ssh/config file for easier connections:

Host jump-host
    HostName 203.0.113.10
    User jumpuser
    Port 2222

Host target-server
    HostName 192.168.1.100
    User targetuser
    ProxyJump jump-host

Now you can simply use:

ssh target-server

Security Considerations

• Key-based authentication Always use SSH keys instead of passwords

• Firewall rules Restrict access to specific IP addresses when possible

• Regular updates Keep SSH service updated on all machines

• Monitor logs Check SSH logs regularly for suspicious activity

• Disable root login Never allow direct root access via SSH

Conclusion

SSH jump hosts provide a secure and efficient way to access remote servers that are not directly reachable from your network. By properly configuring the jump host, target server, and SSH settings, you can establish secure tunneled connections with key-based authentication and port forwarding capabilities.