Jumphost allows to set-up connection to the server which can be used as a proxy server for discovery purposes. IP Fabric uses an ssh connection to the jumphost server and python on the client and server side. Please check the following requirements for the jumphost server.
Please bear in mind, that once the connection is established, it will be enabled permanently, until disabled or removed! If there are any network issues, IP Fabric software will try to establish a connection periodically.
At least one seed IP address has to be provided as a starting point behind Jumphost in seed configuration.
Open jump host settings, using item Settings → Advanced → SSH/TELNET
At the bottom of the page, please select Add button
Fill in all necessary data
Label - the name for configuration (mandatory)
Jump host Address - IP address of FQDN name (mandatory)
IPv4 subnets - subnet in CIDR representation, allows adding more than open, separated with spaces (mandatory)
Exclude IPv4 subnets - subnet to exclude in CIDR representation, allows to add more than open, separated with spaces (optional)
Use credentials - require to provide username and password
Use SSH keys - if you copied ssh public key to the proxy server, it won’t require providing a password (please jump to the SSH key configuration section)
Username - Username for authentication (mandatory)
Password - password for authentication (mandatory if ‘Use credentials’ is used)
i.e., refer to the picture below
Click Add button
If a connection is open, you will see the Running status in Jumphost list
If you use 0.0.0.0/0 or another subnet that includes your network from which you are connecting to IP Fabric, make sure you put your network to “Exclude IPv4 subnet”. Otherwise, your IP connection will be lost and you will have to recover from the console.
Adding ssh key to proxy server allows you to avoid using passwords for authentication
Download ssh key from Jumphost settings
Copy file content to authorized_keys file of the user that will authenticate with Jumphost server. Please follow official ssh.com documentation https://www.ssh.com/ssh/authorized-key
Restart sshd service to apply settings
If the key has been copied you can use the option ‘Use SSH keys' while adding a new Jumphost server, instead of 'Use credentials’
Edit configuration that needs to be disabled, i.e.
Change the setting to Disabled,
Click the Update button
On Jumphost servers list, check configuration that needs to be removed
Click Delete button
Only TCP connections work through the Jump host. Traceroute with ICMP is not supported so the discovery process might not be able to get over the unreachable part of the network (for example sites separated by the provider’s network). In this case, you will have to add at least one IP from each site to the seeds settings.