SSH tunnelling with Keys using JumpProxy without using config

Question

For the following set up:

Machine A can connect to the Bastion host machine via SSH using command:

ssh -i keyA.pem user@bastion_host

How would you connect to Machine C (inner Server) using a single SSH command, e.g. without using .ssh/config when Machine C (inner Server) uses it's own keys (key B) and they are held on Machine A (local machine) not Machine B (the Bastion host)

How would you connect to Machine C using the jump parameter e.g. ssh -J user@ip_address from machine A? e.g. something like this

ssh -J bastionUser@Bastion_host -i keys_A.pem serverUser@Inner_Server -i key_B.pem

Answer 1

There are 2 ways to do this

1. Adding the keys via ssh-add command for ssh-agent

Add key A for machine B on local machine (i.e. Machine A)

ssh-add path_to_keyA/key_A.pem

Add key B for Machine C on local machine (i.e. Machine A)

ssh-add path_to_keyB/key_B.pem

Then use the ssh command to connect

ssh -v username@Machine_C -o "ProxyCommand=ssh -W %h:$p username@Machine_B"

• The -v is just to output what is going on
• You would replace the username for each machine with the username that is configured on the remote machines
• Replace Machine_C and Machine_B with host names or IP addresses in your setup

2. Without adding keys to the agent

If you want to just connect through a single command without using agent, then you can use

ssh -v -i path_to_key_B/key_B.pem username@Machine_C -o "ProxyCommand=ssh -i path_to_key_A/key_A.pem -W %h:%p username@Machine_B"

Again...

• The -v is just to output what is going on
• You would replace the username for each machine with the username that is configured on the remote machines
• Replace Machine_C and Machine_B with host names or IP addresses in your setup
• the -i flag is followed by where the keys are located in each case on the local machine (i.e. Machine A)

In the event of an issue with key permissions ensure the keys are sudo chmod 600 key_file_name.pem