Its common to use bastion/bounce/jump machine to access machines in a separate security zone.
I have been doing it in two steps so far:
- ssh into bastion-machine with agent authentication forwarding
ssh -A <user>@<bastion-machine>
2. then from bastion-machine ssh to the secure-machine:
Recently, I learned that this can be done in a single step:
ssh -J <user>@<bastion-machine> <user>@<secure-machine>
Additionally, its also possible to do port-forwarding through the secure-machine in a single step. For example to forward requests to
5433 port of your local machine to
5432 of Postgres instance that is accessible only from the secure-machine:
ssh -J <user>@<bastion-machine> -L 5433:<postgres-machine>:5432 <user>@<secure-machine>
Originally published at https://arunvelsriram.dev.