I'm trying to ProxyJump an ActiveDirectory/PAM user via a Bastion Host to AWS EC2 instance
If I try to login "per-server" i.e. log in to Bastion Host with AD/PAM credentials I can login. From the Bastion Host I can then use my AD/PAM user to login to the EC2. So there isn't an issue on this.
Step1: ssh [email protected]@bastion.example.com - I can login to the Bastion
Step2: ssh [email protected] -h 1.2.3.4 - I can login to the EC2 at IP 1.2.3.4
Now I want to use ProxyJump but the user and/or domain and/or bastion.example.com if malformed / incorrect when I check logs. So from what I can gather, I should be able to do something like:
ssh -J [email protected]@bastion.example.com [email protected] 1.2.3.4
From the Bastion Host I get following connection:
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -l user -v -W '[%h]:%p' [email protected]
debug1: Executing proxy command: exec ssh -l user -v -W '[example.com]:22' [email protected]
Authenticating to bastion.example.com:22 as 'example.com'
I have tried -l switch and removed -J which come through correct but lose the ProxyJump feature
ssh -v -l [email protected] bastion.example.com [email protected] 1.2.3.4
debug1: Authenticating to bastion.example.com:22 as '[email protected]'
Which is correct..
Any advice how I can ssh ProxyJump into a Basion Host with AD credentials? Do I need escapes in the command somewhere?
