HOME
art gallery Linkedin Donations Recommendations
Login
Premium
Info
Vuln Fact Check Server Managment Links
SSH
Auth.log Debug DNS key share Security Key file transfers Cheatpapper
Ciphers
fido2 Twofish serpent .ssh/config cipher set sshd set cipher
Firewall
IP block list Fail2ban SELinux SSH Proxy Jump
Tools
Mpiexec Rsync Mosh Glances SSHFS Tmate autossh XQuartz hashcat
VPN
SSH Tunneling Cloudflare Onion Network/Tor sshuttle SSH Proxy Reverse Tunnel SSH Tunnel ssh socksv5 proxy
Keys
CA Info Generate Ed25519 key OTP Certificates keys CA & Host auth Backup Key Trezor Ledger ch341a coldstorage
Tweaks
DNS BASH Zsh ssh client env sshd env config
Config files
Single Node backup sshd_config Firewall Single Node Cloud Firewall Single Node Firewall X11 Win +10 sshd VMware ESXi Hardening fail2ban Config Dump Space

SSH Proxy Jump


Why use a SSH Proxy?
A SSH Proxy setup can simplify firewalling and improve security:
If you have a dynamic IP that keeps constantly changing, having a static IP from the SSH Proxy, reduces exposed attack surface. And makes Firewalling SSH users/connections, easier, and safer.


Use -J (ProxyJump) to reach hiddenssh.com through the jump host proxy.hiddenssh.com; 

ssh -J <jump_user>@proxy.hiddenssh.com <target_user>@hiddenssh.com

Example;

ssh -J user1@proxy.hiddenssh.com user1@httpd.hiddenssh.net

Jump host on a non-default port;

ssh -J user@proxy.hiddenssh.com:2222 user@hiddenssh.com

Target host on a non-default port;

ssh -J user@proxy.hiddenssh.com -p 2201 user@hiddenssh.com

Specify an identity key;

ssh -i ~/.ssh/id_ed25519 -J user@proxy.hiddenssh.com user@hiddenssh.com

Verbose debugging;

ssh -vvv -J user@proxy.hiddenssh.com user@hiddenssh.com

Tip: Save it in 

~/.ssh/config
Host hiddenssh
  HostName hiddenssh.com
  User user1
  ProxyJump proxy
  IdentityFile /location/yourkeyfile.priv

host proxy
  HostName proxy.hiddenssh.com
  User user
  IdentityFile /location/yourkeyfile.priv

Then connect with;

ssh hiddenssh

Technical: The data flow is encrypted in layers, similar to onion routing. The first encrypted layer goes to the proxy or jump host. The second encrypted layer continues through the proxy and reaches the main host, hiddenssh.com, without the proxy being able to decrypt the final SSH session.