Subscribe to Help Center RSS FeedJumpCloud Vault allows users to establish SSH connections to target servers through the Connector, this approach enables secure, audited SSH access without requiring direct network exposure of target servers.
This article explains the SSH command format used to connect to a target Linux server through the JumpCloud Vault Connector.
Prerequisites
Before using this SSH method, ensure the following conditions are met:
- The Connector is deployed and running within your network
- The target server is registered as a resource in JumpCloud Vault and is reachable from the Connector
- The user has the appropriate permissions and credentials configured in JumpCloud Vault for the target server
- The user's machine can reach the Connector on the configured Shell Port (network/firewall rules must allow outbound traffic to the Connector's address on that port)
How It Works
The Connector acts as a bastion/jump host within the JumpCloud Vault architecture. When a user initiates an SSH session using the format described below, the Connector:
- Receives the incoming connection on the configured Shell Port
- Proxies the session to the target server on behalf of the user
- Records the session for audit purposes
The user never connects directly to the target server, all traffic is routed through the Connector.
SSH Command Format
ssh <username>#<target_server_ip_or_id>@<connector_subdomain>.connect.vault.jumpcloud.com -p <shell_port>
| Parameter | Description |
| <username> | The credential username registered in JumpCloud Vault for the target server. |
| <target_server_ip_or_id> | The IP address or the Resource ID of the target server as registered in JumpCloud Vault. |
| <connector_subdomain> | The unique subdomain of your Connector (e.g., w00korg3c6aw96wzdo) |
| <shell_port> | The Shell Port configured on the Connector (e.g., 2222) |
Example
bash
ssh john.doe#10.144.10.10@w00korg3c6aw96wzdo.connect.vault.jumpcloud.com -p 2222
In this example:
- Username:
john.doe - Target server:
10.144.10.10(IP address) - Connector subdomain:
w00korg3c6aw96wzdo - Shell Port:
2222
You can also use the Resource ID instead of the IP address:
bash
ssh john.doe#6cd04da58b159766e@w00korg3c6aw96wzdo.connect.vault.jumpcloud.com -p 2222
Both formats are supported and functionally equivalent.
Finding Your Connector Details
To retrieve your Connector subdomain and Shell Port, navigate to your JumpCloud Vault admin console and locate the Connector configuration under the Connectors section. The subdomain and port are displayed in the Connector details.
- If the connection fails, verify that your local network or VPN allows outbound traffic to the Connector's Shell Port.
- The
#character in the SSH command is the delimiter between the username and the target server identifier, this is expected behavior and not a comment. - Sessions established through this method are fully recorded and auditable within JumpCloud Vault.
In this Article