SSH with a Jump – connecting to a “doubly-remote” server

Maybe I did it wrong, but the way my various LANs and systems are set up, I can’t always get to a few of my endpoints without a 2 step process of doing an SSH to 1 “server”, and then from there, doing a 2nd SSH to the desired endpoint. eg. If the remote endpoint machine is attached to a VPN at any given moment, then it won’t like being connected to except from a machine on its LAN (like I said, maybe I set it up wrong, but who knows).

It works perfectly well this way, but I recently discovered that it can be done in 1 step…using the SSH ProxyJump, (which is available in OpenSSH version 7.3+).

ssh -J user1@192.168.100.100:10022 user2@192.168.100.200 -p 20022

This will let you connect to the server 192.168.100.200 (which has ssh on port 20022) VIA a ProxyJump through the more-accessible server at 192.168.100.100 (which has ssh on port 10022).
To scriptify it, you can do something like this…

#!/bin/bash

#final destination
SSHPORT="20022"; SSHREMOTE="192.168.100.200"; SSHUSER="USER002";
#interim jump server
SSHPORTj="10022"; SSHREMOTEj="192.168.100.100"; SSHUSERj="USER001";

#actual SSH+jump command
ssh -J $SSHUSERj@$SSHREMOTEj:$SSHPORTj $SSHUSER@$SSHREMOTE -p $SSHPORT

If you have already set up passwordless logins using PKI infrastructure, then you can add a link to your key

ssh -J $SSHUSERj@$SSHREMOTEj:$SSHPORTj $SSHUSER@$SSHREMOTE -p $SSHPORT -o IdentityFile=~/.ssh/id_rsa