Stark & Wayne
  • by Ramon Makkelie

Wouldn't it be nice to have a jumpbox available for your users without needing to maintain a list of users?

Well, we did it again! And made it happen...
It's called oauth-jumpbox

So let's get you up and running...
We are going to use the UAA from BUCC in this example;
if you are not familiar with BUCC check out our blog post here

First, you need a working BUCC

git clone
cd bucc
bucc up

Upload a cloud-config
cp src/bosh-deployment/warden/cloud-config.yml .
Add another static IP that we are going to use for the oauth-jumpbox
change line 21 in cloud-config.yml

static: []



Upload our edited cloud-config

bosh update-cloud-config cloud-config.yml

Let's get the latest manifest that is already configured to use the BUCC-UAA

Upload the lastest stemcell for warden see

bosh deploy oauth-jumpbox.yml -d oauth-jumpbox

If the deployment succeeded, we can retrieve the generated password from CredHub that we need to use when creating the client in the UAA.

credhub get -n /bucc/oauth-jumpbox/client_secret

Take a note of the value and replace MY_SECRET below.

We can now create a client in the UAA.

bucc uaac
uaac client add jumpbox \
     --name jumpbox \
     --scope openid \
     --autoapprove true \
     --authorized_grant_types password,refresh_token \
     --secret "MY_SECRET"

Create a user in the UAA.

bucc uaac
uaac user add -p test

Set up routes on your local machines.
bucc routes

Let's login.
ssh ""@

And now you are logged in via the UAA in a busybox container.

We are really exited to hear your opinions or PR's.

Find more great articles with similar tags author-rmakkelie bucc