SSH and ProxyJump
SSH and ProxyJump
Posted Jan 5, 2022 23:47 UTC (Wed) by rra (subscriber, #99804)In reply to: SSH and ProxyJump by nickodell
Parent article: Restricting SSH agent keys
ProxyJump can be easily simulated with older versions of ssh that don't support it by using ProxyCommand in .ssh/config instead:
ProxyCommand ssh <bastion> nc -w 1 %h 22
ProxyJump is basically shorthand for that, without requiring netcat be installed on the bastion host. (There are variations using other ssh options that were added later, but I think the above ProxyCommand syntax will work with quite old versions of ssh.)
Posted Jan 6, 2022 10:52 UTC (Thu)
by grawity (subscriber, #80596)
[Link]
Realistically, if someone holds valuable SSH keys on the local system, then they're likely using at least OpenSSH 5.2 (2010) which is when the netcat-free
SSH and ProxyJump
-W %h:%p option became available. So I'd rather describe ProxyJump as shorthand for ProxyCommand "ssh <bastion> -W %h:%p". Although netcat-based fallbacks are definitely still useful in situations where the jumphost's admin deliberately disabled TCP tunnelling...