In this article I am going to draw a conclusion on a topic, I was researching on the last days: SSH Jump Host Software. I tested ShellHub, Teleport and Warpgate, but decided to stick with the solution I am most confident with: a simple LXC Debian Container with some small Bash Scripts, whose key is distributed to other servers manually.
What is a Jump host?
This Wikipedia article describes perfectly what a Jump host is. Different to a Bastion host, I do not use it to span between two network zones, I mainly use it to decrease complexity and to simplify the process of distributing SSH keys on my home lab servers.
Which Software did I test?
I picked these three open-source solutions from awesome-selfhosted and tried every software. My goal was to spent ~one hour with each software, set it up, and see if I get it running. If I do not get it up and running, I will ditch it and use another solution, because one of my main concerns on this was to select a solution which simplifies the setup as much as possible (KISS).
Let me list the tested software and its pros and cons:
+ active development
+ self-hosted community edition (paid cloud edition otherwise)
+ deployable via docker compose
- requires a docker as agent (or build yourself/use Yocto Project)
- no TOTP
+ many users (08/23: ~15k Stars on GitHub)
- the compose files are outdated (updated one year ago...) and the project switched to a one line installer
- too complex, the recent versions include K8s, Web Apps, Databases & Desktops
- requires an agent
+ can be hosted with docker compose
+ active development
- no built-in web terminal (see issue)
As you can see, my favorite solution would be agentless and can be deployed via docker compose. Furthermore, I would like it to have TOTP and a web terminal. I tested the three projects in this order, but none seemed to fit my needs.
But my main problem with all three solutions was, that I was not able to get any of the three solutions up and running with a test host in an hour, because I faced many different problems (outdated commands, documentation, etc.).
That's where I stopped testing solutions and just realized I should stick to the solution I am already using for a long time: My sshgateway.gerhards.lan server with some simple aliases & bash scripts, that I set up with Debian 9 and upgraded from there (it's the longest standing server in my home-lab) and reachable via my WireGuard VPN.
When I am bored, I will maybe look into sshwifty, which might fit my needs, despite offering no TOTP (which is solvable via Authelia, it's already on my To-Do list for a decade).
Sadly I did not find anything on r/selfhosted, which might be worth to look at.
Maybe someone, who reads this, has a suggestion what I could use?