23
Jun
15

SSH Jump server in Mac

This config is a pretty common setup it allos one to use a jump server to access all other sevrers seemlesly. In this example my Jump server will be called jump.example.com and the protected serveres will be under the domain *.private.example.com. Without anyconfig i could access a server by doing something like the folllowing

ssh -t jump.example.com ssh server1.private.example.com.

However this is somewhat cumbersome so lets create a config that makes this seemless.

UPDATE: As per the comments you dont need the launchd section. Possible i originally did this so we dont have the cost of establishing an ssh tunnle each time. however with Control persist i doubt ther is much saving. as such the following is all that is needed

Host bastion
  DynamicForward localhost:1080
  HostName jump.example.com
  ProxyCommand none
Host *.private.example.com.
  ProxyCommand ssh bastion nc %h %p
  ServerAliveInterval 10

The first thing we need to do is create a tunnel to jump.exmaple.com, im using mac osx so this will be done in Launchd

#cat ~/Library/LaunchAgents/com.b4ldr.ssh-tunnel.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.b4ldr.ssh-tunnel</string>
  <key>OnDemand</key>
  <false/>
  <key>ProgramArguments</key>
  <array>
    <string>/usr/bin/ssh</string>
    <string>-C</string>
    <string>-N</string>
    <string>-c</string>
    <string>blowfish</string>
    <string>-o</string>
    <string>ServerAliveInterval=3</string>
    <string>bastion</string>
  </array>
</dict>
</plist>

This creates a launchd process which will automatically connect to the server bastion which is defined in my ~/.ssh/config file to act as a socks proxy with the following config, we could put the following config in the launchd job however this allows us to easily change which server is the jump box.

Host bastion
  DynamicForward localhost:1080
  HostName jump.example.com
  ProxyCommand none

Finally we need some config to tell all servers with a domain name of *.private.example.com. to forward its commands via the socks proxy

Host *.private.example.com.
  ProxyCommand nc -x localhost %h %p
  ServerAliveInterval 10

Finnaly load and start the plist

launchctl load ~/Library/LaunchAgents/com.b4ldr.ssh-tunnel.plist
launchctl start com.b4ldr.ssh-tunnel

Hope its useful

Advertisements

2 Responses to “SSH Jump server in Mac”


  1. 1 IllustriousFox
    September 1, 2015 at 8:55 pm

    You don’t need the launchd bits, this will do the same:

    Host *.private.example.com.
    ProxyCommand ssh bastion nc %h %p
    ServerAliveInterval 10

  2. 2 Bob Johnson
    December 15, 2016 at 2:33 pm

    Just what I needed!!!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s


%d bloggers like this: