Skip to content
ZestSSH Docs

Jump Host Configuration Guide

This guide explains how to set up jump host (bastion) connections in ZestSSH, allowing you to reach servers that are not directly accessible from your device.

When You Need a Jump Host

Section titled “When You Need a Jump Host”

Common scenarios:

  • Your target servers are in a private subnet (e.g., AWS VPC, home network) and only the bastion is exposed to the internet.
  • Your organization’s security policy requires all SSH access to go through a monitored gateway.
  • You need to reach a server that only accepts connections from specific IP addresses (the bastion’s IP).

Architecture

Section titled “Architecture”
Your Device --[internet]--> Bastion/Jump Host --[private network]--> Target Server

ZestSSH establishes an SSH connection to the bastion, then creates a tunneled SSH connection through it to the target.

Step-by-Step Setup

Section titled “Step-by-Step Setup”

1. Create the Jump Host Connection

Section titled “1. Create the Jump Host Connection”

First, create and test a connection to the bastion/jump host:

  1. Tap + to add a new connection.
  2. Enter the bastion’s details:
    • Label: “Bastion” or “Jump Host”
    • Host: The bastion’s public IP or hostname.
    • Port: SSH port (usually 22).
    • Username: Your username on the bastion.
  3. Set authentication (key recommended).
  4. Save and test the connection — make sure you can connect to the bastion on its own.

2. Create the Target Server Connection

Section titled “2. Create the Target Server Connection”

Now create the connection to the target server:

  1. Tap + to add a new connection.
  2. Enter the target server’s details:
    • Label: “Production DB” or whatever describes the target.
    • Host: The target’s private IP or hostname (as reachable from the bastion, e.g., 10.0.1.50).
    • Port: SSH port on the target.
    • Username: Your username on the target.
  3. Set authentication for the target server.
  4. In the Connect Via field, select the bastion connection you created in step 1.
  5. Save the connection.

3. Connect

Section titled “3. Connect”

Tap the target server connection. ZestSSH will:

  1. Connect to the bastion first.
  2. Tunnel through the bastion to the target server.
  3. Authenticate to the target server.
  4. Open the terminal session.

The process is seamless — you interact with the target server’s terminal directly.

Multi-Hop Chains

Section titled “Multi-Hop Chains”

For environments with multiple network layers:

  1. Create Connection A (first bastion) — no Connect Via.
  2. Create Connection B (second bastion) — Connect Via: Connection A.
  3. Create Connection C (target) — Connect Via: Connection B.

Each hop authenticates independently, so you can use different keys or credentials for each.

Tips

Section titled “Tips”
  • Test each hop independently before chaining them.
  • Use different keys for the bastion and target when possible, following the principle of least privilege.
  • Keep-alive settings are important for jump host connections to prevent idle timeouts on either hop.
  • Port forwarding works through jump host chains — you can forward ports from the target through the bastion to your device.
Section titled “Related”