Knowledge to Power Your Website

DreamCompute Jump Host

DreamCompute Jump Host thumbnail

DreamCompute plans come with one or two floating (public) IPv4 address. That’s perfect for exposing one machine to the public internet while keeping your other instances on the private network. For example, you’ll want your web server exposed on port 80 or 443 while keeping your database only on the private network. One complication of this configuration is how to access your private instances without a floating IP address. The answer to that is to use a jump host.

A jump host is easy to set up using SSH and its configuration options. The first thing you want to do is to make sure you have an instance running with a floating IP address. This could be any DreamCompute instance with a floating IP, but you’ll want to use a dedicated jump/bastion server or your web server in the example above. Ensure you can SSH into that machine with your SSH key. If you need instructions for that, check out our wiki.

Cloud Computing and DreamHost

When you partner with us, your website is in good hands! Our services pair friendly expertise with top-notch technology to give you all you need to succeed on the web.

I set up my SSH config file (~/.ssh/config) so that I can first connect to my jump host called “jump”. Replace “X.X.X.X” with the floating IP address for your instance in the HostName option. Also, be sure you’re using the correct public key.

Host jump
 HostName X.X.X.X #Replace with your Floating IP Address
 User dhc-user
 IdentityFile ~/.ssh/

Ensure you can log into your jump host with SSH

$ ssh jump

Once I verify that works, I update my SSH config to send all traffic from my machine to the private DreamCompute network through a proxy on the jump host. You can see that I’m using a separate key for my private instances than the jump host. The nice thing about that is I keep both keys on my machine and the jump host doesn’t need the private key for the other instances. A little extra security doesn’t hurt!

Host 10.10.10.*
    ProxyCommand ssh jump -W %h:%p
    User dhc-user
    IdentityFile ~/.ssh/dreamcompute.pem

The -W option forwards all stdin and stdout to the specified host and port. Now all I have to do to connect to my private instances from my local machine is to SSH to the private IP like this:

$ ssh

If you’re looking for more info on jump hosts, proxies and SSH configuration, check out this wikibook as a great reference and inspiration for this post.

About the Author:

Justin Lund is the Director of Product at DreamHost.