I'm trying to ProxyJump an ActiveDirectory/PAM user via a Bastion Host to AWS EC2 instance
If I try to login "per-server" i.e. log in to Bastion Host with AD/PAM credentials I can login. From the Bastion Host I can then use my AD/PAM user to login to the EC2. So there isn't an issue on this.
Step1: ssh user@example.com@bastion.example.com - I can login to the Bastion
Step2: ssh user@example.com -h 1.2.3.4 - I can login to the EC2 at IP 1.2.3.4
Now I want to use ProxyJump but the user and/or domain and/or bastion.example.com if malformed / incorrect when I check logs. So from what I can gather, I should be able to do something like:
ssh -J user@example.com@bastion.example.com user@example.com 1.2.3.4
From the Bastion Host I get following connection:
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -l user -v -W '[%h]:%p' example.com@bastion.example.com
debug1: Executing proxy command: exec ssh -l user -v -W '[example.com]:22' example.com@bastion.example.com
Authenticating to bastion.example.com:22 as 'example.com'
I have tried -l switch and removed -J which come through correct but lose the ProxyJump feature
ssh -v -l user@example.com bastion.example.com user@example.com 1.2.3.4
debug1: Authenticating to bastion.example.com:22 as 'user@example.com'
Which is correct..
Any advice how I can ssh ProxyJump into a Basion Host with AD credentials? Do I need escapes in the command somewhere?
