An SSH Proxy Jump Host is available for users to connect to servers via SSH from off campus networks. The Proxy Jump server acts like a secure bastion and will require you to use your BlueKey ID, password and MFA. You will be prompted to enter your Entra ID Password (BlueKey Password) and validate your login with MFA (a request will then be sent to your default MFA option).
The proxy jump command is supported by many OpenSSH based clients, which includes the standard command line ssh clients on Linux, macOS, and Windows. To use the proxy you will need to pass the -J flag to tell your client to use a jump server, you then specify your BlueKey username and remote server username in your SSH command. An example looks like this:
ssh -J bluekey_username@sshjump.depaul.edu remote_server_username@target_server.depaul.edu
Generally, your BlueKey username will be the same user account used for many DePaul services, such as BlueMail or D2L. The "remote server username" is the specific username assigned to you for login to the remote server. These accounts may be the same or may be different depending on the remote server you are logging in to. Specific examples for common operating systems are shown below and assume that you are using Push Notification with the Microsoft Authenticator for MFA. Note, the FileZilla and Cyberduck file transfer clients currently do not support proxy jump with MFA and are therefore not compatible when used to connect from an off campus network. If you require the use of these clients they can be accessed from the campus virtual lab.
Key-based Authentication is also supported through the proxy jumphost service in addition to password-based authentication. Key-based authentication brings increased security by providing cryptographic strength that even extremely long passwords can not offer. If you are planning to use an SSH key pair for authentication to a DePaul server please head to keymgmt.sshjump.depaul.edu to upload your public key. Instructions on how to upload your public SSH key to your BlueKey Account are located here.
When you connect to the Jump Host for the first time, SSH will display the server's host key fingerprint. You should compare the fingerprint shown with the public keys listed below. Doing so will ensure that you are connecting to DePaul servers and have not been directed to a malicious host. It is recommended that you also follow this best practice when first connecting to any remote server. Contact the server administrator or your professor for the server's public key.
DePaul SSH Jump Host Public Keys:
4096 MD5:a4:c4:8d:dd:8c:f3:c1:74:00:28:1e:c9:d6:d5:75:52 sshjump.depaul.edu (RSA)
4096 SHA256:Lok/3o4awx5hcMU2o4uxMI7x5mWWl8qDTUEBSkSnurY sshjump.depaul.edu (RSA)521 MD5:32:9a:61:86:67:13:6e:d5:0f:8d:1b:ea:a4:a0:31:ea sshjump.depaul.edu (ECDSA)
521 SHA256:y7Fbr//Fw9LtdLocSLT24M+vV2fbTMNC7D3lXgafUEs sshjump.depaul.edu (ECDSA)256 MD5:30:57:4d:60:ac:74:50:da:1f:15:ef:2e:6b:56:47:fd sshjump.depaul.edu (ED25519)
256 SHA256:dfHH4qjaoxDHOE1mIDtupLGWjmXQVVJUk0o75SdZUAc sshjump.depaul.edu (ED25519)