In these days, accessing private resources behind a bastion is becoming more and more important
I found that the following works great for me
SSH and SCP:
ssh -J {bastion} {host}
scp -o 'ProxyJump {bastion}' {host}:{file} {file
Web traffic
1st you should establish a socks proxy (i use port 8888)
ssh -N -D8888 {bastion}
this will set up a socks proxy on port 8888, and keep the connection alive, without exposing a terminal
Using curl after this is like:
curl -x socks5h://localhost:8888 {url}
Curl will automatically forward the DNS lookup also over the socks connection
If you prefer to use a browser, for me the SwitchyOmega plugin worked great
In this, i’ve setup a proxy server, called socks-proxy
as socks5, localhost, 8888
Then in the auto switch i have the following configuration
[SwitchyOmega Conditions]
@with result
10.* +socks-proxy
*.internaldomain.com +socks-proxy
* +direct
This will route any call for an IP starting with 10. thru the proxy and any call related to the internaldomain.com domain name