SSH Bastion Host

Sometimes, you just can't host an SSH server outside, for any number of reasons... But you have at least one main SSH host that has access to the internal network where the SSH server you want to access is?

This is where Bastion Hosts come into play!

graph TD
subgraph External IP
  A[SSH Client] -- SSH 12.34.56.78 --> B(SSH Bastion Host External IP)
end
subgraph LAN
  B -- SSH Listening on 192.168.1.1:22 --> C{SSH Server}
  C -- SSH 192.168.1.100 --> D{Remote Host}
end

The only modification that has to be done is on the SSH Client.

Option #1

.ssh/config

Host bastion
  HostName bastion.krisfremen.com # 12.34.56.78

Host supersecureserver
  HostName supersecureserver.krisfremen.com # 192.168.1.100
  ProxyJump bastion

Option #2

Host bastion
  HostName bastion.krisfremen.com # 12.34.56.78

Host supersecureserver
  HostName supersecureserver.krisfremen.com # 192.168.1.100
  ProxyCommand ssh bastion.krisfremen.com -W %h:%p

Finally, ssh supersecureserver