new | ask | show | jobs
m348e912 3 hours ago  [ - ]

>ssh -J user1@bastion1,user2@bastion2 targetuser@targethost

Are you using SSH key auth or password authenticating three times when you do this?

chasil 2 hours ago  [ - ]

If you don't have an agent running with an accessible key, then you will get three password prompts, with suggestions for any default keys.

The final target is a pre-elliptic curve OpenSSH server, so legacy is enabled. I could probably have removed that for clarity.

  C:\Users\me\>ssh -J me@bhost1,me@bhost2 -o KexAlgorithms=diffie-hellman-group14-sha1 -o HostKeyAlgorithms=ssh-rsa -o MACs=hmac-sha1 oracle@target
  Enter passphrase for key 'C:\Users\me/.ssh/id_ed25519':
  me@host1's password:
  Enter passphrase for key 'C:\Users\me/.ssh/id_ed25519':
  me@host2's password:
  oracle@target's password:
  Last login: Wed Jun 24 13:29:55 2026 from bhost2
That client is Microsoft's port of OpenSSH.
saltcured 2 hours ago  [ - ]

I always use keys in my SSH agent.

Because the jump mechanism works via use of TCP forwarding, each host authn step is talking "directly" to your client. Importantly, this means it still works without requiring "agent forwarding" for the connection you are making.