Forum / Remote Desktop Manager - Support

Create one "Jump host" and assign to multiple connections

  • Create an Issue
  • Cancel


Is there a way to create a SSH "jump host" and then assign it to SSH connections that require a jump host? I find it odd that you're required to specify the jump host IP address, login and password for each and every connection that requires a jump host. What am I missing?


Thanks

Clock2 mths

Hello,

I think you mean SSH Tunnel when you mentioned SSH Jump Host right?
If it's the case, I think the solution you are looking for is in this blog
https://blog.devolutions.net/2016/10/how-to-configure-ssh-tunnel-in-remote-desktop-manager

Best regards,



Jeff Dagenais

signaturesignature

Clock2 mths


I was under the mistaken impression "jump host" and "SSH Tunnel" were synonymous. You are correct, I'm referring to an SSH tunnel. The blog article provides instructions on how to tunnel to a remote host using the local port forwarding method. This method works well if you only need to tunnel traffic to single host. If you need to tunnel traffic to multiple hosts then this method quickly becomes an administrative nightmare.

I'm looking for a feature like this in RDM: https://blog.royalapplications.com/2015/04/21/new-feature-secure-gateway-ssh-tunnels/


I'd like to create one SSH tunnel object and then reference that object for any connection that can be reached via that particular SSH tunnel. Is something like this possible? I assume I'd have to use the dynamic ssh tunnel option somehow.

Clock2 mths

Hello,

Indeed, what you are looking for is available in RDM and explain in the blog above.

After creating the SSH Tunnel session, go in VPN section of you entry and configure it like the following:
2019+06+19+08+37+53

This should do the trick.


Best regards,



Jeff Dagenais

signaturesignature

2019-06-19_08-37-53.png
Clock2 mths


Thanks for the reply. Please correct me if I am wrong but specifying a session in VPN/SSH/Gateway ---> settings tab as mentioned in your previous message makes RDM auto-start the specified SSH tunnel prior to starting the session. That's it. It doesn't mean "Route this session through the specified SSH tunnel." It's a shortcut to auto-connect the tunnel. Nothing more nothing less.

I think there is some confusion in regards to what I'm asking about. Assuming I have 30 servers behind a firewall and want to connect to said servers via an "ssh jump host/SSH tunnel" I would have to create 60 total entries using the instructions provided in that blog post.


30 SSH-tunnel connections. One for each server

30 SSH connections pointed at 127.0.0.1


I have a hard time believing that this is the only method available to connect hosts via an SSH tunnel. If this is indeed how things work in RDM then there has been a gross oversight to say the least which I'd like to believe isn't the case.

Ideally I'd create ONE ssh tunnel entry with a type of dynamic or something and point all connections to use the SOCKS proxy created by that SSH tunnel. An added benefit of doing it this way is that my ssh server entries don't have to be pointed to an artificial IP address such as 127.0.0.1.


If you're unsure of what I'm trying to do please see: https://blog.royalapplications.com/2015/04/21/new-feature-secure-gateway-ssh-tunnels/

Thanks for your help on this.

Clock2 mths

Hello,

I had a chat with our engineering department and we think that you should use a dynamic port and force the localhost. Then, you can enable the Force "allow multiple instances" of VPN option.
jump1

With this option and a VPN Group that is matching, it should work.


Best regards,



Jeff Dagenais

signaturesignature

jump1.png
Clock2 mths


Sorry for the late reply, I was out of town. I've followed your instructions but still can't get it working.


  • What is the difference internally between the method you're suggesting and specifying an SSH Gateway (Jump Host) for each individual connection? Specifying a SSH Gateway (Jump Host) seems work okay although the administrative overhead of using that method doesn't make it practical.
  • Why isn't there an option to specify a predefined ssh jump host on the aptly named tab "SSH Gateway (Jump Host)"?





The error I get is:

image

Here's my config:

SSH Tunnel Connection:


image

The ssh session that is configured to connect through the ssh tunnel:


image

The VPN/SSH/Gateway tab of the ssh-connection:

image

The settings tab of the ssh session


image

Thanks for all your help on this.

Clock28 days

Hello,

The SSH Gateway feature is different than using an SSH Jump host, I mean Gateway is an ssh feature itself. You need to install SSH Gateway on the server to be able to use it.


That being said, the configuration seems fine, have you any error message?

Is the Tunnel connect properly? You should see a window like

ssh+dynamic

Best regards,



David Grandolfo

signaturesignature

ssh_dynamic.png
Clock27 days


The error I get is:
image

Something isn't adding up. If I connect the ssh tunnel session manually I get this:

image


That tells me that a socks proxy has been setup to listen on 127.0.0.1 on port 41813. If I configure Firefox to use that socks proxy listening on 127.0.0.1 port 41813 it works. I'm able to browse the internet via that SSH tunnel in Firefox. This tells me that the ssh-tunnel is up and that the socks proxy is working as expected.

Now if I click on an SSH-connection connection that is configured to use that ssh-tunnel another ssh-tunnel session is opened. Why would RDM open another socks proxy on 127.0.0.1 when it already has one open?

Are you saying that you're able to connect to an SSH session using that ssh-tunnel connection you have setup and working? The screenshot only shows that your ssh-tunnel session is opened. Can you actually connect to an SSH session through said tunnel?

Thanks

Clock27 days

Hello Isaac,

First I would like to thank you for all the tests you performed. I was able to reproduce the behavior.

It seems that we miss understood the needs and we did not talk about the proxy option in the SSH Shell entry.

I sent you a personal email to schedule a remote session, so we could assist you in the session of the SSH Shell entry.

Best regards,



David Grandolfo

signaturesignature

Clock27 days

Hello,

As brief descriptions for customers that will look at this thread. The final solution for Isaac is to use an SSH Tunnel dynamic, configure the SSH Shell session to open this SSH Tunnel in the VPN/SSH/Gateway section.

And to add the Proxy configuration in the proxy tab of the SSH Shell entry. The IP and the port is the one set in the SSH Tunnel Dynamic. As example:

SSH+Shell+Proxy

Best regards,



David Grandolfo

signaturesignature

SSH_Shell_Proxy.png
Clock25 days