ProxyJump allows a SSH connection to be used as a proxy for another SSH connection.
It is thus possible to use a host as a bastion before reaching other hosts.
For example, to reach the host
bastion.domain.local as a proxy:
ssh -J firstname.lastname@example.org email@example.com
If you have an internal DNS server, you can use the DNS name of your host.
It’s the proxy machine that will resolves it for you!
It is also possible to use multiple proxies:
ssh -J firstname.lastname@example.org,email@example.com firstname.lastname@example.org
sshd service on the proxy machine must be configured with the following parameter:
You can also restrict the port reachable by the SSH connection jumping the proxy machine: