Campus SSH Jumpbox: User Guide -

What is an SSH Jumpbox?
Accessing the Jumpbox Servers
Logging into the Jumpbox
Using the Captive prompt
Using SSH/SCP passthrough
Managing sessions on the Target Host
- Using screen
- Using tmux
Summary of commands

This guide provides instructions for using the Campus SSH jumpbox to access internal hosts securely and manage sessions effectively. This resource is designed for use on the Policy Driven Network to enable SSH access to other resources. Please read these instructions carefully to ensure proper usage and avoid connectivity issues.

What is an SSH Jumpbox?

An SSH jumpbox acts as an intermediate server, controlling access between two networks. In this case, the campus SSH jumpboxes are controlling SSH into the policy-driven network. SSH connections to hosts on the policy-driven network must originate from the campus SSH jumpboxes. Otherwise, the connection will be blocked.

The campus SSH jumpboxes are not intended to be used as general-purpose login systems. As such, no files can be stored on these servers. Additionally, login shells are not provided. This means that users cannot run commands, scripts, or interactive sessions on the jumpboxes themselves. When a user connects to a jumpbox, the connection is immediately and securely forwarded (or tunneled) to the appropriate destination host inside the policy-driven network.

Top

Accessing the Jumpbox Servers

You must be granted permission to access the Campus SSH Jumpbox servers. Please review the Campus SSH Jumpbox: Access and Administration guide to request access.

Top

Logging into the Jumpbox

NOTE: You must be connected to the VPN to access the Campus SSH Jumpbox.

Campus SSH Jumpbox Hostname: campus-jump.umd.edu
Connect to the jumpbox: Open your terminal and initiate an SSH connection using your provided credentials: ssh [directory-id]@campus-jump.umd.edu
Upon logging in, you will be prompted to connect to a destination host and restricted from executing any other commands.

Top

Using the Captive prompt

The jumpbox will display a prompt:

You can SSH to another host. Enter the hostname or IP address to SSH to:
Connect: Enter the hostname or IP address of the destination and press Enter. The jumpbox will initiate an SSH connection to the selected host.
Logout: To exit the prompt and disconnect from the jumpbox, press Ctrl+C at any time.

Top

Using SSH/SCP passthrough

You can connect directly to a target host via the jumpbox using SSH or SCP passthrough. This bypasses the captive prompt.

SSH Passthrough Syntax: ssh -J [directory-id]@campus-jump.umd.edu [directory-id]@[hostname]
SCP Passthrough Syntax: scp -o ProxyJump=campus-jump.umd.edu [filename] [directory-id]@[destination]:[destination-path]

Top

Managing sessions on the Target Host

Use screen or tmux on your target machine to maintain long-lived sessions and avoid data loss from disconnections. These utilities allow you to maintain persistent sessions, so long-running tasks continue even if your connection drops.

Using screen

Start a new screen session: screen -S [session-name]
Detach from a screen session: Press Ctrl + A, then D
Resume a screen session: screen -r [session-name]
List active sessions: screen -ls

Using tmux

Start a new tmux session: tmux new -s [session-name]
Detach from a tmux session: Press Ctrl + B, then D
Resume a tmux session: tmux attach -t [session-name]
List active sessions: tmux ls

Top

Summary of commands

Summary of commands
Action	Command
Connect to the jumpbox	ssh [directory-id]@campus-jump.umd.edu
Connect via SSH passthrough	ssh -J [directory-id]@campus-jump.umd.edu [directory-id]@[hostname]
Copy via SCP passthrough	scp -o ProxyJump=campus-jump.umd.edu [filename] [directory-id]@[destination]:[destination-path]
Start a screen session	screen -S [session-name]
Detach from screen	Ctrl + A, then D
Resume a screen session	screen -r [session-name]
Start a tmux session	tmux new -s [session-name]
Detach from tmux	Ctrl + B, then D
Resume a tmux session	tmux attach -t [session-name]

Top