You may sometimes need to connect to an SSH host that cannot be reached directly from your local machine but can be reached from another SSH host to which you do have access. This problem can be solved with local port forwarding or, perhaps, more conveniently using the host chaining feature.
Host chaining lets you connect to SSH hosts that require you first to connect to another, intermediary, SSH server, such as bastion server or jump box. Host chaining is similar to the -J argument or ProxyJump option, which are available in OpenSSH.
Note: Host chaining is not available in the Starter (free) plan.
To connect through an intermediary server (or servers), in short, you'll need to:
- Add the target host and intermediary hosts to Termius.
- Specify the intermediary hosts in the properties of the target host.
- Connect to the target host (tap or double-click it).
When you connect through an intermediary, you connect through a tunnel between your local machine, the intermediary host, and the target host. All data sent from your local machine to the target host and back from the server is transmitted in an encrypted form.
Important: Host chaining cannot be used for connecting to servers not allowing port forwarding.
Set up a host chain
- Add the intermediary host(s) and the target host to Termius.
- Right-click the target host and click Edit.
- Next to the Host Chaining field, click Edit Chain.
- Click Add host.
- Select the host from where the target host is reachable.
- Click Done.
- To add a host from where the host you've just added is reachable:
- Click Add Host.
- Select the intermediary host.
- Click Done.
- Save the changes.
- Connect to the target host entry.
- Add the intermediary host(s) and the target host to Termius.
- Open the Hosts screen.
- Tap the target host and hold, then tap Edit.
- Tap the Host chaining field and then Add host.
- Select the host from where the target host is reachable.
- To add a host from where the host you've just added is reachable:
- Tap Add host.
- Select the intermediary host.
- Save the changes. Connect to the target host entry.
- Add the intermediary host(s) and the target host to Termius.
- Open the Hosts screen.
- Tap the target host's icon, then tap Edit.
- Tap the Host chaining field and then Add host.
- Select the host from where the target host is reachable.
- To add a host from where the host you've just added is reachable:
- Tap Add host.
- Select the intermediary host.
- Save the changes. Connect to the target host entry.
Host chaining in groups
When you have several hosts behind the same bastions, it may not be convenient to manage host chains for each of those hosts. Instead, you can create a group and set up host chaining in it, and then just add the hosts to the group. Each host will inherit the host chaining setting from the group – provided, however, that a particular host entry was not using a host chain already.
When you have several hosts behind the same bastions, it may not be convenient to manage host chains for each of those hosts. Instead, you can create a group and set up host chaining in it, and then just add the hosts to the group. Each host will inherit the host chaining setting from the group – provided, however, that a particular host entry was not using a host chain already.
I had a hard time to find out that the bastion server host configuration cannot use a biometrical key. I've confirmed to myself that a JumpHost configuration works as expected in my desktop terminal. Then I've configured the same private key into Termius and it has worked from the start.
Here is my concern: I don't want to use the private softkey in Termius. This was meant as "backup". The only keys I've use till now where Biometric keys stored in the Secure Enclave.
Hello
<a href="https://docs.google.com/spreadsheets/d/1zsh1CmHs2pw08cfmWj82cqh8lPgtTZ6ZeHxZql3PDOI/edit?gid=0#gid=0">Thank you</a> for sharing this article.
Interesting take on host chaining! If you’re managing servers and need to visualize complex data or systems, Remini Old Version can help sharpen up old screenshots or diagrams, giving them a clearer, more professional look.
How to set up ”intermediary, SSH server“ and log in with different passwords for security purposes