SSH tunneling to your secured server through bastion/jump server with forwarded port

This is a quick guide will show you how to open ssh tunnel to ssh into your target server that can only be accessed from jump server. So this is how to do it:

ssh -v -t -L 10443:localhost:20443 <jump_server> ssh -t -L 20443:localhost:443 user@<target_server>
  • jump_server is the host that accessible from you and the only host that can access target_server
  • target_server is the host that you want to access that only can be accessed from jump _server or bastion if you’re using AWS
  • 10443 is the forwarded port that you can access to SSH to target_server

So, here is the example:

ssh -v -t -L 10443:localhost:20443 123.456.1.1 ssh -t -L 20443:localhost:443 user@
  • 123.456.1.1 is my jump_server that I can only access to access target_server
  • is the target_server

And try it out, see the magic for yourself! after the last command above executed, you will inside your target_server and 10443 port is open from your localhost.


If you want to just have your SSH session running in background and you want to SSH it by yourself, just try this command:

ssh -f -N -v -t -L 10443:localhost:20443 123.456.1.1 ssh -t -L 20443:localhost:443 user@

if you want to remove the logs (disable verbose mode) when you logging in, just remove the “-v”

SSH to localhost with port 10443, to access your target_server

$ ssh localhost 10443