setup and configure ssh jump server
What is an SSH Jump server?
SSH Jump server, sometimes called SSH Jump host or SSH Bastion host or SSH gateway is an intermediate server running the sshd daemon where all users would have to login via ssh first to access the remote server or target servers behind the gateway. The ssh jump server can be on a public-facing network while the target servers or the destination servers can be on a private network behind a firewall for better security.
How to install, setup & configure Ezeelogin SSH Jump server on a Linux box?
We can guide you or install & configure Ezeelogin SSH Jump server software for you and give you a demo on how to use it at no extra charge. Contact our 24/6 Support Desk to schedule your free or guided installation. Also, schedule a free introductory session to get to know on how to use Ezeelogin Jump server solution effectively and ask your questions with our engineers.
If you are unsure of what your jump server IP is, simply log in to your ssh jump server and run the command
2. Install SSH jump server dependency packages
Refer to the system requirement below
7.27.0 is the last version of Ezeelogin that supports PHP versions from 5.6 to 7.0.
The firewall on the jump server should allow outbound connection to license.ezeelogin.com on port 443 to fetch the license and download the software from downloads.ezeelogin.com
telnet license2.ezeelogin.com 443
Connected to license2.ezeelogin.com.
Escape character is ’^]’.
telnet license.ezeelogin.com 443
Connected to license.ezeelogin.com.
Escape character is ’^]’.
telnet downloads.ezeelogin.com 80
Connected to downloads.ezeelogin.com.
Escape character is ’^]’ .
Ensure SELINUX is disabled on the jump server. The command #sestatus would show if it’s active or not. If it is not installed, then it's fine. Refer Disable Selinux to disable it
sestatus
SELinux status: disabled
Ensure time on the jump server is accurate. Use the command #ntpdate pool.ntp.org to sync time.
ntpdate pool.ntp.org
26 Sep 16:32:03 ntpdate[15219]: adjust time server 133.243.238.244 offset -0.124881 sec
Ensure that Root SSH login on the jump server is enabled and SSH key-based authentication is enabled in SSHD. The below example enables root access only from the ip 127.0.0.1 and it allows only key-based authorization which makes it secure. Add the following parameters to the END of /etc/ssh/sshd_config file.
Edit the file using nano or vi command
nano /etc/ssh/sshd_config
Add the following parameters to the in "/etc/ssh/sshd_config" file.
#SSHD Global Settings
AllowTcpForwarding no
PubkeyAuthentication yes
#SSHD localhost settings.
Match Address 127.0.0.1
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
If you are planning to install the cluster (master-slave), add the below lines in /etc/ssh/sshd_config.
- Append the below lines in the master node.
Match Address slave_node_ip
PermitRootLogin yes
- Append the below lines in the slave node.
Match Address master_node_ip
PermitRootLogin yes
Check SSHD configuration and restart the sshd daemon
[email protected]#~ sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedalgorithms\|Port'
[email protected]#~ service sshd restart
Recommended settings for hardening the Ezeelogin ssh jump server
Recommended SSHD settings in /etc/ssh/sshd_config OpenSSH server config file.
How to install SSH Jump server in Ubuntu 22?
Supported from Ezeelogin 7.29.5 version
Enter the following command on your terminal to install Ezeelogin dependency package on Ubuntu 22
Add the following to /etc/mysql/mysql.conf.d/mysqld.cnf configuration file under [mysqld] for MySQL 8.0 version
default_authentication_plugin=mysql_native_password
Enable the RSA key type in pubkeyacceptedalgorithms.
Open /etc/ssh/sshd_config and append the below line to enable ssh-rsa.
1. Checking database connectivity... when installing Ezeelogin.
For installing Ezeelogin, the MySQL root user should use the mysql_native_password plugin. Refer above step to add mysql_native_password in /etc/mysql/mysql.conf.d/mysqld.cnf
2. Error while adding user in Ezeelogin GUI "Error: User add failed. Failed to connect to database: Error: Plugin caching_sha2_password could not be loaded: Dynamic loading not supported. . An error occurred. Please contact administrator.. ]0;"
Refer article to change plugin to mysql_native_password for the Ezeelogin user.
Refer below article to set the MySQL root password from MySQL.
How to install SSH Jump server in Ubuntu 20?
Supported from Ezeelogin 7.22.0 version
Enter the following command on your terminal to install Ezeelogin dependency package on Ubuntu 20
Add the following to /etc/mysql/mysql.conf.d/mysqld.cnf configuration file under [mysqld] for MySQL 8.0 version
default_authentication_plugin=mysql_native_password
1. Checking database connectivity... when installing Ezeelogin.
For installing Ezeelogin, the MySQL root user should use the mysql_native_password plugin. Refer above step to add mysql_native_password in /etc/mysql/mysql.conf.d/mysqld.cnf
2. Error while adding user in Ezeelogin GUI "Error: User add failed. Failed to connect to database: Error: Plugin caching_sha2_password could not be loaded: Dynamic loading not supported. . An error occurred. Please contact administrator.. ]0;"
Refer article to change the plugin to mysql_native_password for the Ezeelogin user.
Refer below article to set the MySQL root password from MySQL.
How to install SSH Jump server in Ubuntu 18?
Enter the following command on your terminal to install ezeelogin dependency package on Ubuntu 18
If you want to install php-mcrypt ( For older ezeelogin versions [ Below 7.20.0 version ]
[email protected]:~# apt install php-dev libmcrypt-dev php-pear ; apt-get -y install gcc make autoconf libc-dev pkg-config
[email protected]:~# apt-get -y install php7.2-dev ; apt-get -y install libmcrypt-dev
[email protected]:~# sudo pecl install mcrypt-1.0.3
[email protected]:~# echo "extension=mcrypt.so" >> /etc/php/7.2/cli/php.ini
Set the root password with following command
[email protected]:~# mysql_secure_installation
How to install SSH Jump server in Ubuntu 16?
Enter the following command on your terminal to install ezeelogin dependency package on Ubuntu 16
How to install SSH Jump server in Ubuntu 14?
We do not recommend using Ubuntu 14 as it is no longer supported by the vendor (canonical) with security patches, vulnerabilities, or bug fixes. Therefore, continuing to use Ubuntu 14 could pose a significant security risk.
You can follow the article to migrate to a latest version of ubuntu box
How to install SSH Jump server in AlmaLinux 8.4 / Rocky Linux?
Supported from Ezeelogin 7.25.0 version
Enter the following command on your terminal to install Ezeelogin dependency package on Almalinux 8 / Rocky Linux
Make sure that web server and SQL server startup on boot
Set the root password with following command
How to install SSH Jump server in RHEL 8?
Supported from Ezeelogin 7.27.0 version
Enter the following command on your terminal to install ezeelogin dependency package on RHEL 8
Make sure that web server and SQL server startup on boot
Set the root password with following command
How to install SSH Jump server in Debian 10?
Enter the following command on your terminal to install the Ezeelogin dependency package on Debian 10
[email protected]:~# apt update; apt install php mariadb-client mariadb-server apache2 libapache2-mod-php php-mysql php-curl php-ldap nodejs git
Set the root password with the following command
[email protected]:~# mysql_secure_installation
How to install SSH Jump server in Debian 9?
Enter the following command on your terminal to install the Ezeelogin dependency package on Debian 9
[email protected]:~# apt update; apt install php mariadb-client mariadb-server apache2 php-mcrypt libapache2-mod-php7.0 php7.0-mysql php-curl php7.0-xml php7-ldap nodejs git
Set the root password with following command
[email protected]:~# mysql_secure_installation
How to install SSH Jump server in Centos 7?
Enter the following command on your terminal to install ezeelogin dependency package on centos 7
Make sure that the web server and SQL server startup on boot
Set the root password with the following command
How to install SSH Jump server in Centos 8.x?
Supported from Ezeelogin 7.22.0 version
Enter the following command on your terminal to install ezeelogin dependency package on centos 8
Make sure that web server and SQL server startup on boot
Set the root password with following command
How to install SSH Jump server in Centos 6?
We do not recommend using Centos 6 as it is no longer supported by the Linux community with security patches, vulnerabilities, or bug fixes. Therefore, continuing to use CentOS 6 could pose a significant security risk.
You can follow the article to migrate to a Centos 7 Machine
How to install SSH Jump server in SUSE LINUX 15?
Supported from Ezeelogin 7.24.1 version
Enter the following command on your terminal to install Ezeelogin dependency package on SUSE Linux 15
Make sure that web server and SQL server startup on boot
Set the root password with following command
3. Download & install Ioncube Loader
Ezeelogin SSH jump server software is encrypted with ioncube loader.You need to download & install ioncube loader to decrypt before jump server installation.Refer the following article to download & install ioncube loader.
4. Download & Install Ezeelogin ssh jump server software.
You may download the ezeelogin jump server package corresponding to your PHP version installed on your server
Execute the following command as the root user on your server.
If you are planning to connect to remote MySQL/RDS servers, you should grant to access to database on the remote database server. This is not required if your MySQL server is running on localhost.(Replace root with user admin user)
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
mysql> flush privileges;
(For AWS RDS MySQL 5.6,5.7 & MariaDB 10.2)
You can install ezeelogin jump server by simply executing installation script
Follow the prompts and the installation would complete without issues.
Note: you need to accept the license agreement by manually typing " I AGREE " or running the following command to auto accept the license.
sh ezlogin_7.x.x.bin -- -I_ACCEPT_EULA
you may be prompted to enter the missing settings. The default value will be given in bold. Simply pressing enter key will choose the default value.
You need to specify the Document root here ,if it is different from default else you press enter to choose default.
If you need to access the ezeelogin jump server webpanel as www.yourdomain.com choose " / " & change your document root to {your existing document root}/ezlogin. For example ,If your document root is /var/ww/html change to /var/ww/html/ ezlogin , else press enter to choose default
Enter the hostname/ip address of the remote database server or use localhost, if you are going to run the database server on the current server.
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'PASSWORD' WITH GRANT OPTION;
mysql> flush privileges;
Do NOT enable this if you are not sure. You can always manually enable after installation as well. This is useful only if you will be setting up master/slave node for redundancy.
Refer the below articles to configure MySQL SSL configuration
If you are using SSL for AWS RDS, you can specify "mysql_ssl_ca /var/lib/mysql/rds-combined-ca-bundle.pem" in /usr/local/etc/ezlogin/ez.conf
Refer the following article to configure secure web panel (https)
Creating and setting up database... done
Adding ezsh to shells... done
Creating group and users... done
Creating directories... done
Copying files... done
Setting access... done
Setting file modes... done
Setting file owners... done
Setting file groups... done
Setting up config... done
Setting up cron... done
Downloading GeoLiteCity database from www.maxmind.com... done
########################################################
Ezeelogin installed. (Log: /var/log/ezlogin_install.log )
########################################################
###################################################################
Web panel installed at:
’ /var/www/html/ezlogin/ ’
( http://yourdomain.com/ezlogin/ ).
###################################################################
Note: Please check the log file to see if any error occurred.
TODO NOTES:
Enable web server, MySQL server and cron to startup at boot time.
For free assistance, please contact [email protected]
Thank you for choosing Ezeelogin.
To install in one step with the default settings and without being prompted. Be ready with MySQL root password if not in /root/.my.cnf
[[email protected]~]# sh ezlogin_7.21.0._x_x.bin -- -skipgeolite -auto -force -ACCEPT_SETTINGS -I_ACCEPT_EULA
If SSH Daemon on ssh jump host is running on a non standard port other than 22, do update Gateway SSH Port in the Webgui.


You can refer the article to install secondary node on Ezeelogin.
We can guide you, install it for you and give you a demo on how to use it at no extra charge. Contact our 24/6 Support Desk to schedule your free or guided installation. Also, schedule a free introductory session to get to know how to use the Ezeelogin Jump server solution effectively and ask your questions with our engineers.