Jump Host / Bastion
Jump host (bastion) support allows you to connect to a target server through an intermediate SSH server. This is common in enterprise environments where internal servers are not directly accessible from the internet.
Availability: Pro tier — All platforms
How It Works
Section titled “How It Works”Instead of connecting directly to your target server, ZestSSH first establishes an SSH connection to the jump host, then tunnels a second SSH connection through it to reach the target server. The entire chain is encrypted end-to-end.
Your Device --> Jump Host (bastion) --> Target ServerConfiguration
Section titled “Configuration”- First, make sure the jump host is saved as a connection in ZestSSH.
- Create or edit the target server connection.
- In the connection settings, find the Connect Via field.
- Select the jump host connection from the dropdown.
- Save and connect.
ZestSSH handles the entire chain automatically. You authenticate to both the jump host and the target server in sequence.
Multi-Hop Chains
Section titled “Multi-Hop Chains”You can chain multiple jump hosts by setting the Connect Via field on each intermediate connection. For example:
Device --> Bastion A --> Bastion B --> TargetSet Bastion A as a standalone connection, set Bastion B to connect via Bastion A, and set the target to connect via Bastion B.
Use Cases
Section titled “Use Cases”- Accessing servers in private subnets behind a bastion host.
- Connecting to cloud instances that only allow SSH from within a VPC.
- Complying with security policies that require all SSH access to go through a monitored gateway.
- Make sure your jump host connection is tested and working on its own before using it as a hop.
- Authentication is separate for each hop — you can use different keys or passwords for the jump host and the target.
- Keep-alive settings apply independently to each connection in the chain.