ProxyJump allows a SSH connection to be used as a proxy for another SSH connection.
It is thus possible to use a host as a bastion before reaching other hosts.
For example, to reach the host remote.restricted-domain.local using bastion.domain.local as a proxy:
ssh -J user@bastion.domain.local user@192.168.0.10If you have an internal DNS server, you can use the DNS name of your host.
It’s the proxy machine that will resolves it for you!
It is also possible to use multiple proxies:
ssh -J user@bastion1.domain.local,user@bastion2.domain.local user@remote.restricted-domain.localThe sshd service on the proxy machine must be configured with the following parameter:
AllowTcpForwarding yesYou can also restrict the port reachable by the SSH connection jumping the proxy machine:
PermitOpen *:22