Those who know me know about my love of the Raspberry Pi. I’ve got tons of them stashed around various places to provide a variety of services. One thing I use them for is to allow me access into remote networks via Twingate for troubleshooting or maintenance purposes. Usually these networks are less sophisticated with consumer-grade tech enabling them, and Twingate provides a nice way to be able to access specific hosts easily over their technology. It does like to have two connectors per network, so in order to keep the portal green, I will put normally a Raspberry Pi and a Pi Zero on that network and have them connect back to Twingate.
In my world, Twingate is used more in the “I need to access this resource at this time” mode, and not “All on, all the time.” I’ve had some issues with leaving Twingate open all the time (be it connected or not) as it sometimes plays with route tables in ways that prevent traffic from flowing. This is especially true in situations of IP conflict.
In order to have an always-on setup for the main Raspberry Pi, I have it VPN back into my network so I can see it just on the LAN like it’s hidden somewhere in my house (this happened once, but rest assured I found the rogue RPi). This way I can do maintenance without firing up Twingate, but it creates a small issue. I don’t want to have BOTH devices VPN back in, just one. This means that if I want to say update the Pi Zero, I need to first jump on the Pi, then ssh from the Pi to the Pi Zero.
A bit of a hassle, especially when I’m trying to automate things with Ansible.
I wanted a way to be able to touch the Pi Zero “directly” from hosts on my LAN. Thankfully, ssh provides a jump host proxy function natively, and I got it set up in less than a minute! Look below for config if you are in a similar situation, be it for work or pleasure.
To enable this functionality, you need to define both hosts in your ~/.ssh/config file. It will look like this:
# Define the proxy host first.
Host remotepi
HostName remotepi.example.com
User username # replace with your username
IdentityFile ~/.ssh/id_rsa # replace with your key
# Now define the Pi Zero attached to that same network.
Host pizero
HostName 192.168.1.234
User username
IdentityFile ~/.ssh/id_rsa
ProxyJump remotepiThis setup assumes you have ssh access from your LAN (via VPN) to remotepi. You can replace that hostname with a local IP on your network, or in my case, I just use a local DNS server to define the name. As long as you can ssh to remotepi then the next step going to the pizero is available to you. You need the IP on the remote network of pizero, but the magic happens with the “ProxyJump” config line under the pizero definition. This tells SSH to first go to remotepi, then seamlessly launch into pizero.
So there ya go! Seamless proxying of ssh via a jump host
Possibly Related Posts:
- PCI DSS 4.0 and TLS
- Why APA is Important in your Masters Journey
- Writing a Book in Markdown with GitHub
- HowTo: Kindle Paperwhite Night Mode
*** This is a Security Bloggers Network syndicated blog from Branden R. Williams, Business Security Specialist authored by Branden Williams. Read the original post at: https://www.brandenwilliams.com/blog/2025/10/14/ssh-proxy-using-a-jumphost/?utm_source=rss&utm_medium=rss&utm_campaign=ssh-proxy-using-a-jumphost
