1

I'm trying to SSH from my home device to end host via jump host using the ProxyJump option of OpenSSH.

Jump host happens to have two IP addresses bound to its only interface: x.x.x.x and y.y.y.y. There is a firewall with a whitelist of IPs that are permitted ssh access to end host. y.y.y.y is on the list but x.x.x.x is not.

Problem is, the default on jump host is to use x.x.x.x for outbound SSH.

If I manually ssh from jump host to end host I can override the default with OpenSSH’s -b option, like ssh -b y.y.y.y endhost. This works fine.

However when trying to get directly from my personal device to endhost using jumphost as the intermediate I can’t seem to make it work. I’ve tried a few variations on specifying bind address is my ~/.ssh/config but no luck.

Is there a way to instruct the jump host to use a specific bind address?

Improve this question
1
  • @JakeGould, many of those edits were not helpful. jumphost and endhost were dummy hostnames. Changing them to two separate words confuses things in my opinion. Commented Mar 19, 2020 at 1:42

1 Answer 1

Reset to default
0

The issue in my setup was that the default gateway of the jumphost was set to use a different IP (x.x.x.x in your example) than the one I wanted sshd to use for its outbound traffic (y.y.y.y in your example).

So, one method that worked for me was to set a specific route on the jumphost for the endhost's IP.

On the jumphost (mine is running Ubuntu 20.04):

route add -host <endhost's IP>/32 gw y.y.y.1 dev <y.y.y.y's Iface>

Where <endhost's IP> is IPv4 like n.n.n.n and <y.y.y.y's Iface> is the interface that y.y.y.y is associated to, like eth0.

References:

Note, I was specifically working on getting sshd to route through DigitalOcean's Floating IP. In that case, y.y.y.y needs to be discovered using:

curl -s http://169.254.169.254/metadata/v1/interfaces/public/0/anchor_ipv4/address

So if that command returns 10.10.0.7, then y.y.y.y is 10.10.0.7.

References:

Improve this answer
1
  • Thank you! The DigitalOcean floating IP was my use case as well, and this works perfectly. Commented Aug 19, 2021 at 23:09

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.