Hi - I would like to know the best practices to setup an SSH Jump server (sometimes referred to as a jumpbox) that acts as an intermediary host or an SSH gateway to a remote network with a Digital Ocean droplet.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers

Hello, @zabius

You can basically create a droplet that will be used as a jumpbox to connect to your other droplets/servers. Than on the jumpbox you can setup ssh-keys which you will later on upload to the servers you’re going to access from the jumpbox.

You can check the following tutorials for the ssh-keys:

How To Set Up SSH Keys
How-to Add SSH Keys to New or Existing Droplets

You can also make sure that the jumpbox is secure in order to use it without any hesitation. You can check the following tutorials:

Recommended Security Measures to Protect Your Servers
Recommended Initial Droplet Configuration
Initial Server Setup - You can select other OS if you’re planning to use CentOS for example

Let me know if you have any questions.

Hope that this helps!
Regards,
Alex

by Etel Sverdlov
by Brian Boucheron
SSH keys provide a more secure method of logging into a server than using a password. With SSH keys, users can log into a server without a password. This tutorial explains how to generate, upload, and use an SSH key pair, and optionally how to disable password-based SSH authentication.

Hi there @zabius,

Fully agree with what @alexdo mentioned already. In addition, I could add a couple of things:

  • Make sure to have a firewall on the server, you could either go with a software firewall like UFW or CSF, or go with a Cloud Firewall
  • Follow the steps from this tutorial here on how to harden your OpenSSH service:

https://www.digitalocean.com/community/tutorials/how-to-harden-openssh-on-ubuntu-18-04

Regards,
Bobby

by Jamie Scaife
Linux servers are often administered remotely using SSH by connecting to an OpenSSH server, which is the default SSH server software used within Ubuntu, Debian, CentOS, FreeBSD, and most other Linux/BSD-based systems. In this tutorial, you will harden your OpenSSH server by using different configuration options to help ensure that remote access to your server is as secure as possible.