SSH proxy config

Apr 7, 2016 • Matt Karmazyn
Edited: Apr 7, 2016

Set up SSH proxy config file.

I always like to keep a bastion host or jumpbox in a dmz so I can tunnel through it to a private network. In AWS this can be a t2.nano instance and can be shared with other admins (each having their own user account).

Setting up the config

The file we are looking to create/modify here is ~/.ssh/config

Host jump
  Port 22
  User your-username-on-jumpbox
  IdentityFile ~/.ssh/path/to/your/key/to/access/jumpbox.pem
  ForwardAgent yes
Host 10.*
  ProxyCommand ssh -q jump nc %h 22
  User your-username-on-remote-host
  StrictHostKeyChecking no

Using the tunnel

Now you can just ssh to a 10.* address and it will first connect to the jumpbox, passing along your ssh-agent so you can continue to the next hop of 10.* without any other hoops. You can of course expand on this or modify this depending on the hostnames of your private instances.