Just SSH to My Jump Box!


I am a professional software engineer and do an absolute ton of devops work as well.

I’ve actually never been hired into devops roles as I always go in as a programmer, but I also always end up doing devops as well for various reasons.

What tasks?

These usually include things like:

  • I like to get my code running on infrastructure as soon as possible for Proof of Concepts (POCs) and the like.
  • I’m often one of the first people in the team, or am part of starting the project.
  • I have a good grasp on the system admin side of things and like to get my hands dirty.
  • I made the first prototypes of the software so like to get all the other parts up so that new joiners have a good understanding of how things work together.

One of the things I have found about getting this all going each time is that I end up with usually quite a lot of rapidly changing Compute machines (EC2s) and other services. It is perfectly fine for me to login and get the latest IPs to SSH to, or keep a local config, but as soon as I have a team that needs to start using them, connecting to things or getting onto boxes to made changes then this doesn’t really work all that well.

This is usually where I setup a Jump Box.

What is a Jump Box?

A Jump Box (or sometimes called a Bastion) is a machine that everyone has the SSH config setup for locally that I can use to store configs on and let everyone SSH to. Once they are on that machine, they can then easily connect to any of the machines or services with the most up to date configs.

This is because I only need to make sure that the Jump Box machine has the latest configs, which is so much easier than having to send everything around each time, or updating a Confluence (or similar) page and making sure everyone uses the latest revision.

So what I do is send around the SSH Config along with either a shared PEM key file, or individual PEM associated to each person (for their eyes only). They can then use that to connect to the Jump Box via SSH.

Once they land on the Jump Box, I echo out all the things that they can do in the user’s ~/.bash_profile, which is obviously shown to them everytime on login, and I make sure that there are relevant and correct SSH configs stored on that machine (with PEMs).

It’s such a simple yet amazingly effective way to do things and I can’t believe that in the past I even worked on projects that didn’t make use of this remarkably uncomplicated and useful way of doing things.

How important is it?

The Jump Box is the Window to your Infrastructure – for the team..

This way you can also limit team members to things that they should or should not be connecting to as well, for example, developers can connect to dev resources and environments, while other devops or deployment people may need access to pre-prod or prod environments.

What do you do on your projects?