yiays · March 25, 2024 06:21 · Nov 21, 2023 · Apr 25, 2020 · Apr 25, 2020 · Apr 25, 2020
diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -60,7 +60,7 @@ Host ProxyJumpTarget
 Host ProxyJumpTarget
   User www-data # the username used to login to the target machine
   HostName webserver # could also be 192.168.1.100, for example
-  ProxyJump ProxyJump # points to the existing config for Host ProxyJump, reduces redundancy
+  ProxyJump JumpGate # points to the existing config for Host JumpGate, reduces redundancy
 ```
 
 ## Done!

diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -37,16 +37,6 @@ PS C:\Users\User> $command = 'echo "{0}" >> ~/.ssh/authorized_keys' -f $(cat ~/.
 PS C:\Users\User> ssh JumpGate $command
 # This command reads your public key, and appends it to .ssh/authorized_keys on the jumpgate.
 ```
-3. Create a public/private RSA key pair on the JumpGate
-```bash
-user@jumpgate:~$ ssh-keygen
-# should be exactly the same as last time
-```
-4. Add the public key for the JumpGate to each client
-```powershell
-PS C:\Users\User> ssh JumpGate "cat ~/.ssh/id_rsa.pub" >> ~\.ssh\authorized_keys
-# This command fetches the public key from JumpGate and appends it to your local ~\.ssh\authorized_keys file.
-```
 
 You should now be able to run the following command without being prompted for a password.
 ```powershell

diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -80,4 +80,4 @@ ssh ProxyJumpTarget
 ```
 ### Next steps
  - You can rince and repeat with more private hosts or setup passwordless authentication with the remote host as a next step. The process is identical, just with different hostnames.
- - Once you're confident your key-based authentication is complete, you can consider disabling password authentication in the JumpGate SSH Server completely. *Note that you will always need access to one authenticated client working to authenticate any new clients in future.*
+ - Once you're confident your key-based authentication is complete, you can consider disabling password authentication in the JumpGate SSH Server completely. *Note that you will always need access to one working authenticated client to authenticate any new clients in future.*
diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -44,7 +44,7 @@ user@jumpgate:~$ ssh-keygen
 ```
 4. Add the public key for the JumpGate to each client
 ```powershell
-PS C:\Users\User> echo $(ssh JumpGate "cat ~/.ssh/id_rsa.pub") >> ~\.ssh\authorized_keys
+PS C:\Users\User> ssh JumpGate "cat ~/.ssh/id_rsa.pub" >> ~\.ssh\authorized_keys
 # This command fetches the public key from JumpGate and appends it to your local ~\.ssh\authorized_keys file.
 ```
 

diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -24,15 +24,15 @@ With this in the config file, you can now log into the remote host with a simple
 To avoid inputting a password each time you connect, you can generate public and private keys for each machine involved in the connection.
 
 1. Create a public/private RSA key pair for each machine you plan to use to connect to the JumpGate with the following command;
-```ps
+```powershell
 PS C:\Users\User> ssh-keygen
 # stick with all the default settings when prompted
 # creates the following files;
 #   ~\.ssh\id_rsa
 #   ~\.ssh\id_rsa.pub
 ```
 2. Add the public key for each client to the JumpGate.
-```ps
+```powershell
 PS C:\Users\User> $command = 'echo "{0}" >> ~/.ssh/authorized_keys' -f $(cat ~/.ssh/id_rsa.pub)
 PS C:\Users\User> ssh JumpGate $command
 # This command reads your public key, and appends it to .ssh/authorized_keys on the jumpgate.
@@ -43,13 +43,13 @@ user@jumpgate:~$ ssh-keygen
 # should be exactly the same as last time
 ```
 4. Add the public key for the JumpGate to each client
-```ps
+```powershell
 PS C:\Users\User> echo $(ssh JumpGate "cat ~/.ssh/id_rsa.pub") >> ~\.ssh\authorized_keys
 # This command fetches the public key from JumpGate and appends it to your local ~\.ssh\authorized_keys file.
 ```
 
 You should now be able to run the following command without being prompted for a password.
-```
+```powershell
 ssh JumpGate
 ```
 
@@ -75,7 +75,7 @@ Host ProxyJumpTarget
 
 ## Done!
 With this, you should now be able to seamlessly connect to a private host in the ProxyJump network with the command below.
-```
+```powershell
 ssh ProxyJumpTarget
 ```
 ### Next steps

diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -28,12 +28,12 @@ To avoid inputting a password each time you connect, you can generate public and
 PS C:\Users\User> ssh-keygen
 # stick with all the default settings when prompted
 # creates the following files;
-#   C:\Users\User\.ssh\id_rsa
-#   C:\Users\User\.ssh\id_rsa.pub
+#   ~\.ssh\id_rsa
+#   ~\.ssh\id_rsa.pub
 ```
 2. Add the public key for each client to the JumpGate.
 ```ps
-PS C:\Users\User> $command = 'echo "{0}" >> .ssh/authorized_keys' -f $(cat .ssh/id_rsa.pub)
+PS C:\Users\User> $command = 'echo "{0}" >> ~/.ssh/authorized_keys' -f $(cat ~/.ssh/id_rsa.pub)
 PS C:\Users\User> ssh JumpGate $command
 # This command reads your public key, and appends it to .ssh/authorized_keys on the jumpgate.
 ```
@@ -44,8 +44,8 @@ user@jumpgate:~$ ssh-keygen
 ```
 4. Add the public key for the JumpGate to each client
 ```ps
-PS C:\Users\User> echo $(ssh JumpGate "cat .ssh/id_rsa.pub") >> .ssh\authorized_keys
-# This command fetches the public key from JumpGate and appends it to your local .ssh\authorized_keys file.
+PS C:\Users\User> echo $(ssh JumpGate "cat ~/.ssh/id_rsa.pub") >> ~\.ssh\authorized_keys
+# This command fetches the public key from JumpGate and appends it to your local ~\.ssh\authorized_keys file.
 ```
 
 You should now be able to run the following command without being prompted for a password.
@@ -62,14 +62,15 @@ Host ProxyJumpTarget
   User www-data # the username used to login to the target machine
   HostName webserver # could also be 192.168.1.100, for example
   ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe -Y {PROXYJUMP USERNAME}@{PROXYJUMP HOSTNAME} -W %h:%p
+  # A function call within ssh currently requires an absolute directory to SSH in Windows 10.
 ```
 > **Note:** Using ProxyCommand like this is an inelegant solution, ideally, we'd be using ProxyJump, like the following example, but issues with OpenSSH for Windows are currently preventing this.
 ```
 # An alternative we can hopefully use in the future
 Host ProxyJumpTarget
   User www-data # the username used to login to the target machine
   HostName webserver # could also be 192.168.1.100, for example
-  ProxyJump ProxyJump # points to the existing config for Host ProxyJump
+  ProxyJump ProxyJump # points to the existing config for Host ProxyJump, reduces redundancy
 ```
 
 ## Done!

diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -1,12 +1,18 @@
-# What is ProxyJumping?
+# ProxyJumping
+## Introduction
 ProxyJumping is a method used to get access to a terminal in a private network via SSH.
 
 First, you SSH into a JumpGate (a SSH server exposed to the internet), and then use that JumpGate to pass through a SSH connection to a machine on the JumpGate's local network. By the end of this guide, you should be able to seamlessly connect to a remote private host through a JumpGate with one parameter in a `ssh` command.
 
 Security should always be paramount when establishing connections like this because the password of a JumpGate can and will be brute-forced by bots on the internet constantly.
 
+## Compatiblilty notes
+The provided client-side commands are intended for PowerShell. Open PowerShell by right-clicking on the start menu button and selecting *Windows Powershell*.
+
+The ProxyJump in this tutorial is using a bash shell with linux binaries. If the proxyjump server is Windows-based, some commands don't work in CMD, so you will need to use powershell instead.
+
 ## Adding the JumpGate to ssh config
-Create a file at %UserProfile%\\.ssh\config *(if it doesn't exist)*, and add the following lines to it *(with placeholders changed)*.
+Create a file at ~\\.ssh\config *(if it doesn't exist)*, and add the following lines to it *(with placeholders changed)*.
 ```
 Host JumpGate
   User {USERNAME}

diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -6,13 +6,13 @@ First, you SSH into a JumpGate (a SSH server exposed to the internet), and then
 Security should always be paramount when establishing connections like this because the password of a JumpGate can and will be brute-forced by bots on the internet constantly.
 
 ## Adding the JumpGate to ssh config
-Create a file at %UserProfile%\.ssh\config *(if it doesn't exist)*, and add the following lines to it *(with placeholders changed)*.
+Create a file at %UserProfile%\\.ssh\config *(if it doesn't exist)*, and add the following lines to it *(with placeholders changed)*.
 ```
 Host JumpGate
   User {USERNAME}
   HostName {HOSTNAME}
 ```
-With this in the config file, you can now log into the remote host with a simple command, like `ssh JumpGate`!
+With this in the config file, you can now log into the remote host with a simple command; `ssh JumpGate`!
 
 ## Setting up passwordless login to the JumpGate
 To avoid inputting a password each time you connect, you can generate public and private keys for each machine involved in the connection.
@@ -67,7 +67,10 @@ Host ProxyJumpTarget
 ```
 
 ## Done!
-With this, you should now be able to seamlessly connect to a private host in the ProxyJump network with the command below. You can rince and repeat with more private hosts or setup passwordless authentication with the remote host as a next step. The process is identical, just with different hostnames.
+With this, you should now be able to seamlessly connect to a private host in the ProxyJump network with the command below.
 ```
 ssh ProxyJumpTarget
-```
+```
+### Next steps
+ - You can rince and repeat with more private hosts or setup passwordless authentication with the remote host as a next step. The process is identical, just with different hostnames.
+ - Once you're confident your key-based authentication is complete, you can consider disabling password authentication in the JumpGate SSH Server completely. *Note that you will always need access to one authenticated client working to authenticate any new clients in future.*
diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -1,7 +1,7 @@
 # What is ProxyJumping?
 ProxyJumping is a method used to get access to a terminal in a private network via SSH.
 
-First, you SSH into a JumpGate (a SSH server exposed to the internet), and then use that JumpGate to pass through a SSH connection to a machine on the JumpGate's local network.
+First, you SSH into a JumpGate (a SSH server exposed to the internet), and then use that JumpGate to pass through a SSH connection to a machine on the JumpGate's local network. By the end of this guide, you should be able to seamlessly connect to a remote private host through a JumpGate with one parameter in a `ssh` command.
 
 Security should always be paramount when establishing connections like this because the password of a JumpGate can and will be brute-forced by bots on the internet constantly.
 

diff --git a/openssh-for-windows-proxyjump-guide.md b/openssh-for-windows-proxyjump-guide.md
@@ -0,0 +1,73 @@
+# What is ProxyJumping?
+ProxyJumping is a method used to get access to a terminal in a private network via SSH.
+
+First, you SSH into a JumpGate (a SSH server exposed to the internet), and then use that JumpGate to pass through a SSH connection to a machine on the JumpGate's local network.
+
+Security should always be paramount when establishing connections like this because the password of a JumpGate can and will be brute-forced by bots on the internet constantly.
+
+## Adding the JumpGate to ssh config
+Create a file at %UserProfile%\.ssh\config *(if it doesn't exist)*, and add the following lines to it *(with placeholders changed)*.
+```
+Host JumpGate
+  User {USERNAME}
+  HostName {HOSTNAME}
+```
+With this in the config file, you can now log into the remote host with a simple command, like `ssh JumpGate`!
+
+## Setting up passwordless login to the JumpGate
+To avoid inputting a password each time you connect, you can generate public and private keys for each machine involved in the connection.
+
+1. Create a public/private RSA key pair for each machine you plan to use to connect to the JumpGate with the following command;
+```ps
+PS C:\Users\User> ssh-keygen
+# stick with all the default settings when prompted
+# creates the following files;
+#   C:\Users\User\.ssh\id_rsa
+#   C:\Users\User\.ssh\id_rsa.pub
+```
+2. Add the public key for each client to the JumpGate.
+```ps
+PS C:\Users\User> $command = 'echo "{0}" >> .ssh/authorized_keys' -f $(cat .ssh/id_rsa.pub)
+PS C:\Users\User> ssh JumpGate $command
+# This command reads your public key, and appends it to .ssh/authorized_keys on the jumpgate.
+```
+3. Create a public/private RSA key pair on the JumpGate
+```bash
+user@jumpgate:~$ ssh-keygen
+# should be exactly the same as last time
+```
+4. Add the public key for the JumpGate to each client
+```ps
+PS C:\Users\User> echo $(ssh JumpGate "cat .ssh/id_rsa.pub") >> .ssh\authorized_keys
+# This command fetches the public key from JumpGate and appends it to your local .ssh\authorized_keys file.
+```
+
+You should now be able to run the following command without being prompted for a password.
+```
+ssh JumpGate
+```
+
+## Automatically use the JumpGate to connect to a private server
+The goal of this step is to be able to specify the names of any machines in the private network that the JumpGate is connected to, and connect to them with one command on the client machine.
+
+1. Add the connection details to .ssh/config
+```
+Host ProxyJumpTarget
+  User www-data # the username used to login to the target machine
+  HostName webserver # could also be 192.168.1.100, for example
+  ProxyCommand C:\Windows\System32\OpenSSH\ssh.exe -Y {PROXYJUMP USERNAME}@{PROXYJUMP HOSTNAME} -W %h:%p
+```
+> **Note:** Using ProxyCommand like this is an inelegant solution, ideally, we'd be using ProxyJump, like the following example, but issues with OpenSSH for Windows are currently preventing this.
+```
+# An alternative we can hopefully use in the future
+Host ProxyJumpTarget
+  User www-data # the username used to login to the target machine
+  HostName webserver # could also be 192.168.1.100, for example
+  ProxyJump ProxyJump # points to the existing config for Host ProxyJump
+```
+
+## Done!
+With this, you should now be able to seamlessly connect to a private host in the ProxyJump network with the command below. You can rince and repeat with more private hosts or setup passwordless authentication with the remote host as a next step. The process is identical, just with different hostnames.
+```
+ssh ProxyJumpTarget
+```