#jumphost — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #jumphost, aggregated by home.social.
-
Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.
Apache Guacamole Remote Access Gateway als lokaler Jump-Host
https://www.thierolf.org/de/posts/2026/apache-guacamole-remote-access-gateway-als-lokaler-jump-host/ -
Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.
Apache Guacamole Remote Access Gateway als lokaler Jump-Host
https://www.thierolf.org/de/posts/2026/apache-guacamole-remote-access-gateway-als-lokaler-jump-host/ -
Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.
Apache Guacamole Remote Access Gateway als lokaler Jump-Host
https://www.thierolf.org/de/posts/2026/apache-guacamole-remote-access-gateway-als-lokaler-jump-host/ -
Apache Guacamole ist ein Open Source Remote Desktop Gateway, welches Remote Sessions wie SSH oder RDP in einem Web Browser zur Verfügung stellt. In diesem Blog Post zeige ich, wie Apache Guacamole in einem lokalen Netzwerk als Jump-Host für RDP- und SSH-Verbindungen genutzt werden kann.
Apache Guacamole Remote Access Gateway als lokaler Jump-Host
https://www.thierolf.org/de/posts/2026/apache-guacamole-remote-access-gateway-als-lokaler-jump-host/ -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
@clacke Yes and no…
Instead of the overhead of containers, my 'jump' machines bind specific keys to the ssh commands that do the specifically authorized next hops and (where possible) restrict to specific client IPs. The OS of those machines are only accessible over a VPN or (for some VMs) a tightly secured web interface that has VNC over WebSockets inside a private network to their virtual consoles. -
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
When you have an ssh jumphost, the trivial setup is one that conflates OS access and application access.
The application is ssh, providing the jump to the privileged network, but ssh also allows OS access, potentially allowing privilege escalation within the jumphost.
Are people taking this seriously and e.g. running an unprivileged sshd inside a container? Access the OS over port 22 to the privileged sshd, restricting that to the segregated admin network, access the jumping over port 2222 and minimize the attack surface on the outer host?
-
-
-
-
Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.
In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.
I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.
-
Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.
In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.
I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.
-
Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.
In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.
I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.
-
Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.
In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.
I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.
-
Today‘s SideQuest involves debugging an #OpenSSH connection via a containerized #jumphost where some jumps fail.
In that case sshd on the jumphost logs that it cannot resolve the target host. Checking on the host shows that it can correctly resolve that hostname and even successfully connect to it.
I guess somewhere between the container and the container host, some hostname resolutions seem to fail causing SSH jumping to fail.
-
Just discovered an #openSource #jumphost software that is really nice….
-
Just discovered an #openSource #jumphost software that is really nice….
-
Just discovered an #openSource #jumphost software that is really nice….
-
Just discovered an #openSource #jumphost software that is really nice….