New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Does anyone still use VMs for SSH jump host?
I'm looking to acquire a cheap-o VPS, say <$7/year to just use for SSH jump host with all my tmux setup the way I like it. My home internet randomly disconnects from servers after a couple of days and it's annoying enough to spend a few bucks a year to not experience it again.
Anyhow.. does anyone still use cheap/lowend VMs for jump host, or is there any other fancy software/services I may have missed?
Thanks, and happy new year everyone 
Thanked by 1mandala
Comments
You can use a cheap VPS as a jump box, and Bastion Servers are still a good idea in 2025, but uptime is key because if your jump server is down then you'll lose access to the servers behind it.
You don't need a lot of resources for a jump box, so when you go for a "cheap" VPS the tradeoff should be for a decent Provider with the minimum of resources rather than a flaky Provider with more resources.
Your use case is not at all uncommon. For example, at work our VPN drops after a certain period (active or not), so my team has a jump server where they can kick off long-running processes and then if VPN drops, screen or RDP back into them.
What you're looking for is a "cloud desktop" almost, only with a limited CLI interface.
Have you considered
ServerAliveIntervalandClientAliveInterval? Should help for brief connectivity loss situations.Yeah, I do exactly this. Been using one of my colocrossing vps whenever I want to do soemthing and expect the internet to cut out or if I'm going out. It's nice to have a workspace I can jump back into after a few days off too instead of trying to keep everything open. I go back and putty is still connected. Love it.
Thank you, I completely forgot the terminology about Bastion, time to re-discover all of that again!
Yep, pretty much. Back at my old-old job, everything was just ran straight from your local device, which sucked. Next job had a dedicated jump host with all of the internal tools required to do your daily tasks, which was great to have. I'd love to have something like that setup again, that way I can SSH in from any of my laptops or desktop at any point and just "resume" from where I was.
My current tmux configs are pretty complex, so re-doing all of that again won't be fun but it will be worth it in the long run.
Sure have, not really working out for me, either on my local devices or my little UnRAID server. Still getting random timeouts, and a few bucks a year is worth it to me to not have to endure it any longer, lol.
Nice! Yeah it's a great way to keep everything centralized, too. I'm just curious who the host will be. I'd rather not spend to much, but also don't want to end up on a flaky host.
Clouvider is usually my go-to for production things and I've never had any network issues with them, though they don't really have any cheap/low VM plans for this.
Actual requirements on the VM itself wouldn't be more then 512mb ram, IPv4 & IPv6 (native), 5-10GB SSD, max 100GB bw, if that.
I think it is pretty much an unnecessary spendings. Having a tmux/screen session on the remote end might work for you to prevent software from stopping due to ssh session terminated
I see your point, but for me personally, I like to just fire up the terminal and just resume from where I was. I usually have 9482481 things going on at once (thanks, ADHD), and being able to get right back into it right away would help then trying to remember which host was running what and where.
Running my tmux with all of the servers already open would bring me "peace of mind" to know where everything is at a given time.
FWIW: I've tried running tmux/screen sessions on the remote servers before, but I literally get lost in the sauce and distracted on the way to the server, so it's a no-go for me.
vps.blackfriday I've put windows on their vps and it's fast compared to other places with similar specs
This is VirMach, right? How is their network reliability? I haven't used them in the past.. 6-8 years or so.
Yeah it is. Seems alright. I don't really monitor it like a lot of people do here but I haven't experienced anything yet. Never came back to a restart or anything and RDP is really quick. Not sure what mines running tbh but it's 4gb ram and is faster or just as fast to use as my servers at netcup 8gb and prepaidhost 16gb. Definitely fastest out of all I've tried using RDP if that's what you plan on doing.
edit: note that their aup is 30% usage of the cpu for those servers, probably why it's the fastest out of all mine
Gotcha, thank you! I'm not using Windows at all (except for my gaming rig), so won't RDP or anything alike. Literally just use it as a SSH jump host through CLI. Won't ever need any crazy specs, as I'm kind of just tunneling through it.
What is a ssh jump server?
I'm a full LET user so I don't use Google 😅
In my usecase it would be like an "in-between" server. Instead of connecting to all your idling VMs from your local PC, you connect to the jump server.
From the jump server, you connect to any other VMs you have, but you can also store all your "internal" tools you may have, scripts, Ansible, whatever it is.
For me it's great, as I can just ssh to that one server and instantly get back into my tmux session which is then already connected to the rest of my VMs.
If it's only about keeping your SSH session alive then I'm not sure a jump box would help. In fact it's another connection that can die on you, so it'd probably make that issue worse.
However, SSH can be configured to send "keepalive" packets to stop the connection from timing out, which is what I think you actually need here rather than a jump box: https://askubuntu.com/questions/936728/how-to-keep-ssh-connection-alive
Not necessarily just for keeping the session alive (although it's a high percentage); but if I was to lose connection to my jump server, it would still keep the connection up for everything else, so no real disruption.
Also makes it easier to whitelist my jump server in all the firewalls as it's a dedicated IP, versus my home IP which COULD (but never has) change.
Edit: oh forgot to mention last part about keepalive; I've tried this on my laptops, desktop and UnRAID server (local lab), still won't work. So I believe it may just be my damn AT&T network dropping randomly.
Thanks, this way I'm learning much faster then using google
lol.
even though, LET users seems to be using things differently, so at least you get to know my usecase and terminology, I guess.
I'm just a noob and have absolutely no knowledge of ansible but I can understand your use case. If I understand your use case correctly, it also helps you with some automation managing your servers. Is that correct?
This is exactly the reason you'd want a jump box. I'm not sure if SSH sessions persist if they get broken at any point in the chain though, so losing the connection to the jump box would break the session because it's only serving as a relay.
I think if you also setup Wireguard on the jump box you'll be able to use keepalives on the VPN connection and that would keep your SSH sessions alive, (even if AT&T is dropping your connections)
I suppose? For me it's a timesaver and helps me keep on track with what needs to be done. Timesaver as in it's already connected to all servers, my workflow is ready to go, internal scripts and what not is already present. Just need to setup a cron to git clone my repo of scripts to keep them up-to-date.
If I lose connection to the jum box, it still keeps connections to my other servers as it has nothing to do with me (tmux running the connections). Perhaps I'm not grasping what you're saying here, lol, but it shouldn't be an issue, and reconnecting again should put me back wherever I was.
Being a full-time stay at home dad also has me randomly AFK, get disconnected during this time, reconnecting should put me back in action.
Thanks for the advice on Wireguard, may put that up as well, or Tailscale.. not sure which.
Damn. So many projects, so little time..
nat vps is cheap for your use case
I was thinking that as well, however, I would prefer to have my own IPv4 and IPv6 to whitelist and not necessarily share with anyone else. It sure is cheaper, though, but I would prefer to not share same IP with anyone.
I have for pretty much my entire technical career, had some sort of box I can have a remote desktop on that I jump to everything else via. I even used to have a BT Leased Line at home back when avg broadband speeds were like ~10Mbps max. to ensure access to it anywhere and a static IP allocation.
These days I do the same thing, but with redundancy by having a box in a datacentre too (and thankfully much cheaper broadband!). Definitely not a dead concept - plus being in consultancy, the amount of clients who wish to just whitelist my IP (temporarily, of course) for me to handle things makes it even more essential.
Our jump host is a 2013 BeagleBone Black running Debian bullseye on ARMv7 512MB RAM.
We don't have IP allowlists on any SSH server, but the private key to access the SSH servers are only stored on this jump host and our primary desktop.
If our cellphone is lost, we only need to delete its public key from the BeagleBone Black, instead of dozens of idlers.
Nice! Makes sense in terms of clients just having to whitelist one IP, allowing you to SSH/VPN from it so much easier for everyone involved. Glad to hear it's not a dead concept too, lol.
Dang, haven't heard about Beagle in quite a while, LOL. Cool to hear it's still trucking along though! Your setup for it sounds pretty sweet.
Just use autossh. There, saved you $7/y to buy another VPS for idling
I don't see the need.. I have SSH open to the world on port 22 on any system I might need to connect to.
I see no point in jump box except vpn for security. If you’re doing too many things, you’re idling. That’s it.
Just speaking from experience
If it's just connectivity issues you're trying to solve then what you want is Mosh.