top | item 46456310

(no title)

idatum | 1 month ago

If you are already running a VPS, the SSH -J option is useful if you don't want to expose your SSH to your home public address.

You create an SSH reverse tunnel (-R option) from a server in your home network to your remote VPS. This gives you a localhost port on your VPS to your server SSH port. Something like:

    ssh -NT -R 2222:localhost:22 vpsuser@yourvps.com

From your laptop, use your your VPS address and localhost port in the -J option. Something like:

    ssh -J vpsuser@yourvps.com:2222 homeuser@yourhome.com

I only allow ssh key auth and only my laptop is trusted by my home server. The home server doesn't need to trust the VPS "jump server".

discuss

No comments yet.