Bastion hosts in SSH tunneling (ProxyJump) + use hosts defined in .ssh/config

[wiewiur]

Background My configuration is usually that the database host does not have an SSH service exposed (in fact, the database host does not expose any port at all). If I want to log in via SSH to a host with a database, I do it through another machine, the so-called "Bastion host". In the SSH configuration it is very easy to do, just use the .ssh/config file to define the target host and the bastion host:

Host db-vm
    hostname 10.1.99.5 # local IP available only from "public-bastion"
    user db
    port 22
    ProxyJump public-bastion

Host public-bastion
    hostname public-bastion.myhost123.com
    user john
    port 22122
    IdentityFile ~/.ssh/id_rsa

So we can connect to db-vm from CLI only by typing ssh db-vm

Feature Request My feature request is to:

• Make SSH tunnel work with this "bastion" approach
• Make an SSH tunnel to work using the hosts defined in .ssh/config - it's propably the easiest way to achive this bastion tunneling

[Fabio286]

Hi @wiewiur, Your request seems to me a good idea, I will evaluate if a similar feature is possible with the SSH module adopted by Antares. I add it to the ideas for future implementations.