SSH Proxy Jump (Might as Well Proxy Jump!)

Announcement (March 06, 2023)

As of March 06th, 2023, direct internet access to the CS Department bastion servers is no longer allowed. If you want to access these bastion servers then you need to be on the Vassar College VPN .

If you want to SSH into a CS Department lab or classroom and you are not on the Vassar network (e.g. CS Dept wired, Vassar wired, Vassar wireless) then you need to “jump” through the remote bastion server, hostname=mote. Logically, what you are trying to achieve is 

                                      ssh:443          ssh:22
   your device (Vassar College VPN) ----------> mote ----------> CS workstation

First set up keys on your personal device and install the public key in your CS account in your ~/.ssh/authorized_keys file. Then, when you are logged into a CS Dept system create another set of keys on the CS Dept computer and add that public key to your ~/.ssh/authorized_keys file.

Once you have your keys in place you should be able to SSH to mote and then to any CS lab or classroom workstation using just your SSH keys. But this requires you to manually SSH 2x. 

     (your device)$ ssh -p 443 username@mote.cs.vassar.edu 
     (mote)$ ssh workstation
     (workstation)$

Can we make this easier? Yes we can! You can create a file named “config” under ~/.ssh as ~/.ssh/config with the following information where “username” is the name you enter to login to your Computer Science Department computer account, which is typically the same as your email id. Your username does NOT contain “@vassar.edu” it is just your “username” from “username@vassar.edu”. 

     (your device)$ cat  ~/.ssh/config
     ### The Bastion Hosts
     Host mote
       HostName mote.cs.vassar.edu
       User username
       Port 443
       
     ### The Remote Host
     Host workstation
       HostName workstation.cs.vassar.edu
       User username
       ProxyJump mote

So now when you 

       (your device) $ ssh workstation
       (workstation) $

from your device, the config file will be consulted and it will SSH into hostname=mote as a proxy and then SSH into the target device hostname=workstation using your SSH keys.

References: https://linuxize.com/post/using-the-ssh-config-file/

NOTE: If you are using MS Windows then you can alternative use OpenSSH from the command line. There is the notion of a config file for SSH under MS Windows. In Windows, the OpenSSH Client (ssh) reads configuration data from a configuration file in the following order: 1. By launching ssh.exe with the -F parameter, specifying a path to a configuration file and an entry name from that file. 2. A user's configuration file at %userprofile%\.ssh\config.