What is a jump or bastion host? A bastion host is a machine specially locked down and fortified against internet based attacks that you can use to connect through to access machines that are only available on a backend or otherwise proctected (DMZ, etc) network.

The configuration is simple and only requires a few lines in your ~/.ssh/config file:

Host *.svwh.net !jump*.svwh.net
  ProxyCommand ssh jump1.svwh.net -W %h:%p

In this instance, we want to proxy everything host under svwh.net through jump1.svwh.net (with the exception of any hosts matching the jump*.svwh.net wildcard).

If you forget to exclude your jump hosts from the list of hosts that are proxied through the jump host you may see an error like this:

fork failed: Resource temporarily unavailable
ssh_exchange_identification: Connection closed by remote host

If this is the case make sure you list your jump host in the host line like is specified as a negation: !jump*.svwh.net. You should then see correct jump host functionality.

When your jump host configuration is working correctly connections should look something like the following:

$ ssh host.svwh.net
Host key fingerprint is SHA256:wa8ci85nxRVdFNub+kzZvt1bUuEhuCL3bmwVNhOtxE4
+---[ECDSA 256]---+
|            ...++|
|       .    oE..o|
|        o  .+oo+.|
|         o  oBo =|
|       .S+.o. ++.|
|       oo+=  ...o|
|      . +......oo|
|     o  o .+  +o+|
|      oo  o.   =*|
+----[SHA256]-----+
Host key fingerprint is SHA256:eyQ2fedVnNZ5gLagFs33kZaRA23FghrBB5fvi+XXqF8
+---[ECDSA 256]---+
|         +ooo*oB.|
|        . *.B @o=|
|         o B * B=|
|        o.. . + o|
|       .S o ... .|
|       . = . oo. |
|        . .  +.oE|
|         .  . +.o|
|            .o.. |
+----[SHA256]-----+
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-112-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.


You have new mail.
Last login: Wed Feb  7 00:02:25 2018 from 10.3.2.2
user@host:~$

Bastion hosts can be an alternative to complicated VPN configurations, depending on your needs. There may be times when VPN configurations are better suited, but bastion hosts can be used to access most resources that may be available only on a private network. Users can port forward over and through the jump host, you can rsync between machines through a jump host, and all this will happen automatically once your ~/.ssh/config file is configured properly.