DEV Community

loading...

SSH Tunneling via a Jump Host

claudiohigashi profile image Claudio Higashi Updated on ・2 min read

Many large companies use to implement strict rules for accessing servers hosting their applications. One of the security measures some of them implement is to place a gateway between "you" and the server you need to access. This gateway is also known as Jump server, Jump host, or Jump box.

A typical implementation of this requires you to, firstly, open an SSH connection to the Jump host with your own credential and, secondly, from the inside of the Jump host, open a second SSH connection to the actual server you need to access with another account (usually a non-personal account which can be the user used to deploy and run your application).

Let's suppose that you work in a company like this and that you want to create an SSH tunnel to port 1521 of an Oracle Database Server which is only accessible from your application server. What you need to do is to create an SSH tunnel like this:

SSH Tunneling via Jump Host

The following command creates this SSH tunnel via the Jump host (you will be prompted for the users' password):

$ ssh -v -N appusr@appserver -J myusr@jumphost -L 1521:dbserver:1521
Enter fullscreen mode Exit fullscreen mode

With this command, you are tunneling the port 1521 of localhost to the port 1521 of dbserver.

In other words, you are firstly doing an SSH connection to jumphost with user myusr, then another SSH connection to appserver with user appusr, and finally forwarding port 1521 from localhost to dbserver.

This command is being executed in verbose mode (-v), which is useful for debugging, and not returning the shell prompt of the appserver but just forwarding the port (-N).

After this, you can then use your preferred SQL client tool to connect to the remote database server as if it was running on localhost:1521.

Discussion (3)

pic
Editor guide
Collapse
ramnikov profile image
Andrey Ramnikov

I am using windows server.
How can i configure this command on Putty/Kitty?

Collapse
claudiohigashi profile image
Claudio Higashi Author • Edited

In case of Windows, it would be ideal if you install Cygwin or WSL (Windows Subsystem for Linux, available on Windows 10). You are going to find a way to install ssh command on these two options.

If you really wanna use Putty, you can still do it, but it will be a bit more complicated as it will require you to explicitly open two distinct SSH sessions: one via Putty and the other via ssh command on the jumphost server.

For the sake of simplicity, I'm gonna use the same example used in the article.

1. Your Putty SSH session

You will need to configure an SSH session to the jumphost server

Putty

And set up a tunnel, mapping your local port 1521 to the port 1521 of the jumphost server

Putty

Use this Putty session to log in to the jumphost server with user myusr

2. The second SSH session (via command line)

Once you are connected to jumphost server, you can now create the second SSH session to connect to the appserver and create a tunnel from the jumphost's local port 1521 to the port 1521 of the dbserver machine.

ssh -v -N appusr@appserver -L 1521:dbserver:1521
Enter fullscreen mode Exit fullscreen mode

You will be prompted to provide the appusr's password.

3. And it's done!

Now, you are ready to connect to the "behind-the-jumphost" database server via port 1521 of localhost.

Oh my gosh! This response seems to be almost as extensive as the original post :-p

Take care and be healthy!

Collapse
ramnikov profile image
Andrey Ramnikov

Many thanks for your advice and your time