Tag Archives: bastion

Working with bastions

In these days, accessing private resources behind a bastion is becoming more and more important

I found that the following works great for me

SSH and SCP:

ssh -J {bastion} {host}
scp -o 'ProxyJump {bastion}' {host}:{file} {file

Web traffic

1st you should establish a socks proxy (i use port 8888)

ssh -N -D8888 {bastion}

this will set up a socks proxy on port 8888, and keep the connection alive, without exposing a terminal

Using curl after this is like:

curl -x socks5h://localhost:8888 {url}

Curl will automatically forward the DNS lookup also over the socks connection

If you prefer to use a browser, for me the SwitchyOmega plugin worked great

In this, i’ve setup a proxy server, called socks-proxy as socks5, localhost, 8888

Then in the auto switch i have the following configuration

[SwitchyOmega Conditions]
@with result

10.* +socks-proxy
*.internaldomain.com +socks-proxy

* +direct

This will route any call for an IP starting with 10. thru the proxy and any call related to the internaldomain.com domain name