DocumentationRelease Notes
Log In
Documentation

Install a Linux Jumpoint

Suggest Edits

Linux Jumpoints can be used for the following session types:

  • RDP
  • SSH/Telnet
  • VNC

Setup of a Jumpoint on a remote network is a multi-step process that includes ensuring dependencies are met, configuring from the /login administrative interface, downloading the installer, and running the installation wizard.

Install dependencies

Several Linux libraries must be installed on the Jumpoint host. Exact requirements depend on the distribution of Linux, however the following libraries are recommended.

  • libopengl0
  • libglx0
  • libxkbcommon-dev
  • libfontconfig
  • libx11 (for X server). X server does not need to be running.

ℹ️

Note

If the Jumpoint installation fails due to missing libraries, the error message includes information on what is missing.

To use Web Jump, install X server and an X dummy driver. For example:

Ubuntu:

apt install xserver-xorg-video-dummy

CentOS:

yum install xorg-x11-drv-dummy

Configure /etc/X11/Xwrapper.config. Create file if it is missing.

allowed_users=anybody
needs_root_rights=no

For more information about X servers, please see What is X11? or other online resources.

Configure

  1. From the administrative interface, go to Jump > Jumpoint.
  2. Click Add.
  3. Create a unique name to help identify this Jumpoint. This name should help users locate this Jumpoint when they need to start a session with a computer on its same network.
  4. Set a code name for integration purposes. If you do not set a code name, one is created automatically.
  5. If you have a Password Safe integration, and the Jumpoint for External Jump Item Sessions selection is set to Automatically Selected by External Jump Item Network ID, on the /login Security page, enter the External Jump Item Network ID. This value is equivalent to the Workgroup attribute for managed systems in Password Safe. It is matched against the Network ID property of external Jump Items returned by the Endpoint Credential Manager to determine which Jumpoint handles the session.
  6. Add comments to help identify this Jumpoint.
  7. Select Linux for the Jumpoint Platform. Once the Jumpoint has been created, this option cannot be changed.
  8. Leave the Disabled box unchecked.
  9. Check the Clustered box, if appropriate. Once the Jumpoint has been created, this option cannot be changed.

ℹ️

Note

  • A clustered Jumpoint allows you to install up to ten redundant nodes of the same Jumpoint on different host systems on the same local network. If this option is selected, the Jumpoint will be available as long as at least one of the installed nodes is online. This provides redundancy, preventing the failure of all Jump Items associated with the failure of a single, stand-alone Jumpoint, and improves load balancing across the system. All configuration of clustered Jumpoints is done in /login, with no local configuration available during the install. Once created, a clustered Jumpoint cannot be converted to stand-alone, nor a stand-alone Jumpoint converted to clustered.
  • Linux Jumpoints can only be used for RDP, SSH/Telnet, and VNC sessions, allowing for credential injection from user or Vault, as well as RemoteApp functionality and Shell Jump filtering. Clustered Jumpoints can only add new nodes of the same OS. You cannot mix Windows and Linux nodes.

⚠️

Important

Jumpoint cluster nodes must be installed on hosts residing in the same local area network.

  1. If you want users to be able to connect to SSH-enabled and Telnet-enabled network devices through this Jumpoint, check Enable Shell Jump Method.

  2. From the Jumpoint edit page, you can authorize users to start sessions through this Jumpoint. After the Jumpoint has been created, you can also grant access to groups of users from Users & Security > Group Policies.

  3. If you check Enable Jump Zone Proxy, you can set up this Jumpoint to function as a proxy server, allowing it to proxy connections for Jump Items on the network that do not have a native internet connection, such as POS systems. Using a Jumpoint as a proxy routes traffic only to the B Series Appliance.

    You can enable Jump Zone Proxy on either a standalone Jumpoint or a Jumpoint cluster. If you set up a Jumpoint cluster as a Jump Zone Proxy, then if an endpoint is connected to one Jump Zone Proxy and that system goes down, the endpoint can connect to another Jump Zone Proxy in the cluster. Jump Zone Proxies are not supported for Atlas deployments.

    1. Optionally, under Proxy Host, you can enter the hostname of the machine on which this Jumpoint will be installed. Do not start the hostname with http://_or _https://. IP addresses are not recommended as they might change. The Jumpoint will automatically detect the hostname if one is not provided. If this is a clustered Jumpoint, this field does not appear, and the Jumpoint will automatically detect the hostname on install. If the hostname changes, you may have to redeploy any Jump Items that use this Jumpoint as a proxy.

      ℹ️

      Note

      The proxy host and port should be set carefully since any Jump Item deployed using this Jumpoint as a proxy server uses the settings available to it at the time of deployment and are not updated should the host or port change. If the host or port is changed, the Jump Item must be redeployed.

      In order for a Jumpoint to function as a Jump Zone Proxy, its host system cannot reside behind a proxy. The Jumpoint must be able to access the internet without having to supply proxy information for its own connection.

    2. Under Proxy Port, enter the port through which Jump Items will connect to this Jumpoint. If the port changes, you may have to redeploy any Jump Items that use this Jumpoint as a proxy.

    3. Check Allow HTTP GET to enable HTTP connections to proxy to the B Series Appliance. This is needed only if you want to use a browser to access /login or /console from behind the proxy.

    4. Under Restriction Type, select No access restrictions to allow Jump Item connections from any IP address. You can limit allowed connections by selecting Deny access only for the following IP addresses or Allow access only from the following IP addresses, then entering network address prefixes, one per line. Netmasks are optional, and they can be given in either dotted-decimal or integer bitmask format. Entries that omit a netmask are assumed to be single IP addresses.

  4. Under Allowed Users, you may authorize users to start sessions through this Jumpoint. After you have created the Jumpoint, you can also grant access to groups of users from Users & Security > Group Policies.

  5. Save the configuration. Your new Jumpoint now appears in the list of configured Jumpoints.

ℹ️

Note

Once you have installed the Jumpoint and started it at least once, Remote Support populates the table with the hostname of the system it is installed on, as well as with that system's public and private IP addresses. This information can help you locate the Jumpoint's host system in case you need to change the Jumpoint's configuration.

Download

Now that the Jumpoint is configured, you must install the Jumpoint on a single system in the remote network you wish to access. This system serves as the gateway for Jump sessions with other computers on the remote network. You can either install the Jumpoint directly to the host or email the installer to a user at the remote system. If this is to be a clustered Jumpoint, you add nodes after the Jumpoint is installed.

  1. From the table, find the appropriate Jumpoint and click the link to download the installer file.
  2. If you are logged into the system you want to use as the Jumpoint host, you can run the installation file immediately.
  3. Otherwise, save the file and then transfer it to and deploy it onto the system that will serve as the Jumpoint host.

ℹ️

Note

  • If you need to change the Jumpoint's host system, click Redeploy. This uninstalls the Jumpoint from its current location and makes the download links available. You can then install the Jumpoint on a new host. The new Jumpoint replaces the old one for any existing Jump shortcuts that are associated with it.
  • The Jumpoint installer expires 7 days after the time of download.

Install

  1. Once the installer file is on the remote system, use a command interface to install the file and specify any desired parameters. The Jumpoint must be installed within 7 days of downloading it. The exact install process depends on the Linux distribution and version, but general steps are provided below.

    • Install the Jumpoint using --install-dir . You must have permission to write to this location, and the path must not already exist.

      sh ./bomgar-jpt-{uid}.bin --install-dir /home/username/jumpoint

    • If you wish to install under a specific user context, you can pass the --user argument. The user must exist and have rights to the directory where the Jump Client is being installed. If you do not pass this argument, the Jumpoint installs under the user context that is currently running.

      sh ./bomgar-jpt-{uid}.bin --install-dir /home/username/jumpoint --user jsmith

⚠️

Important

We do not recommend installing the Jumpoint under the root context. If you attempt to install when the current user is root, you receive a warning message and are required to pass --user to explicitly specify the user that the process

  1. After installing the Jumpoint, you must start its process.

    /home/username/jumpoint/init-script start

    This init script also accepts the stop, restart, and status arguments. You can use ./init-script status to make sure the Jumpoint is running.

  2. You must also arrange for init-script start to run at boot in order for the Jumpoint to remain available whenever the system restarts. An example system.d service displays once the Jumpoint is installed. Copy this information and create the new service for the Jumpoint, filename.service (where filename is any name you choose), following these steps:

    • cd /etc/systemd/system
    • vi filename.service
    • Paste copied information.
    • Run chmod 777 filename.service
    • Reload the systemctl daemon.
    • Enable and start the service file:
      • Run sudo systemctl start filename.service to start the service file.
      • Run sudo su - to get to root.
      • Run systemctl enable filename.service to enable the service file, so the Jumpoint service will automatically start after every reboot.
      • Reboot the Jumpoint machine.

  3. To remove the files, use the uninstall.sh script included in the installation.

ℹ️

Note

If the Jumpoint installation fails due to missing libraries, the error message includes information on what is missing.

Clustered Jumpoint setup: adding nodes

The steps for creating a clustered Jumpoint in /login are the same as for a standalone, with one difference: once you have created the clustered Jumpoint, you add nodes to it. At least one node needs to be installed for the Jumpoint to be online.

  1. From the administrative interface, go to Jump > Jumpoint.
  2. From the table of existing Jumpoints, find the appropriate Jumpoint and click the Add Node link to download the installer file (bomgar-jpt-{uid}.bin).
  3. If you are logged into the system you want to use as the Jumpoint host, you can run the installation file immediately.
  4. Otherwise, save the file and then transfer it to and deploy it onto the system that will serve as the Jumpoint host.
  5. Install the node following the same steps for Install, as above.
  6. In the Jumpoint table, the clustered Jumpoint now shows information about each installed node, including public and private IP addresses and online or offline status.

Nodes can be deleted but cannot be individually edited. In the representative console, none of the nodes are visible; only the clustered Jumpoint under which they are installed is visible. Nodes function as redundant connection points. When a user needs to use the Jumpoint, one of the nodes is selected randomly. At least one node must be online for the Jumpoint to work.

Set up a Jump Zone Proxy in public clouds

Cloud environments may not broadcast mDNS by default, which is required for the auto-detection of a Jump Zone Proxy. Below are two workaround methods.

AWS Transit Gateway

Set up an AWS Transit Gateway to provide multicast to the Virtual Private Cloud.

ℹ️

Note

For more information, see Multicast in Amazon VPC Transit Gateways.

Manually edit a Jumpoint proxy connection

Manually edit the bomgar.ini file of the Jumpoint or the settings.ini file of the Jump Client to point to the proxy or proxies.

If you see this line, delete it:

Proxy=DIRECT

If connecting to a standalone Jump Zone Proxy, add these lines:

[Proxy\<your_site>:443\Detected\1]
Proxy="<ip_of_jump_zone_proxy_node>:<port_configured_in_login>"

If connecting to a clustered Jump Zone Proxy, each node of the cluster must be defined separately. In case of node failure, fallback will occur in this order. Add these lines:

[Proxy\<your_site>:443\Detected\1]
Proxy="<ip_of_jump_zone_proxy_node>:<port_configured_in_login>"
[Proxy\<your_site>:443\Detected\2]
Proxy="<ip_of_jump_zone_proxy_node>:<port_configured_in_login>"

Deploy a clustered Linux Jumpoint as a Docker image

You can run a clustered Linux Jumpoint in a Docker container. To do so, you need the Jumpoint's deploy key. You can get the deploy key in one of three ways:

  • Click the Copy Docker deploy key button from the main Jumpoint table.
  • Edit the Jumpoint and copy the value from the Docker DEPLOY_KEY field.
  • Use GET /jumpoint/{id} in the configuration API.

Pass the deploy key to the Jumpoint image in the Docker environment as DEPLOY_KEY.

The Docker image uses a bound volume to persist the Jumpoint install between image restarts and upgrades. To enable this, bind a volume to /jpt in the image. The Jumpoint install data is located under /jpt/home/install. The image requires the ipc_lock capability to do keyring operations.

The deploy key is saved under /jpt/. Deleting this file will force a re-install the next time the container runs.

Example Docker run command:

docker run -e DEPLOY_KEY=<deploy_key> -v <local_path>:/jpt --name <jumpoint_name> --cap-add ipc_lock -d <image_name>:latest
<deploy_key>The key that ties this Docker image to the specific Jumpoint or cluster in your Remote Support site.
<local_path>The local path where the container is mounted to preserve settings and configuration across restarts.
<jumpoint_name>Any name to identify this container in Docker.
<image_name>The location in the Docker repository where the image is stored.

Jumpoint through a Jumpoint deployed as a proxy server

You can configure a Jumpoint to go through another Jumpoint deployed as a proxy server. This allows secure access to isolated, non-routable, OT networks without being constrained to only Jump Clients. Follow these steps:

  1. On System 1, install a Jumpoint configured as a Jump Zone Proxy server.
  2. On System 2, which can be non-routable and on a network isolated from the internet, install a Jumpoint.
  3. On System 2, configure the Jumpoint's basic proxy configuration to point to the Jump Zone Proxy on System 1.
  4. You can now create new Jump Items using the Jumpoint on System 2, for endpoints in the same isolated network as System 2, and start sessions with them through the Jump Zone Proxy on System 1.

ℹ️

Note

  • The Jump Zone Proxy, whether standalone or clustered, must be deployed to the target network before installing the Jump Client or Jumpoint used to create Jump Items. This enables automated discovery of the broadcasting proxy.
  • Automated discovery works only if the installing Jumpoint or Jump Client is on the same subnet as the Jump Zone Proxy or if you have configured mDNS broadcasts to route across networks.
  • You currently can’t daisy chain Jump Zone Proxies, so System 2 can’t also have Jump Zone Proxy enabled and connect out through the System 1 Jump Zone Proxy. Thus, Jump Client Jumps likely will not work since they would need to connect directly to System 1’s Jump Zone Proxy.
    However, remote push works. Other Jump types get their proxy configuration from the Jumpoint’s bomgar.ini file, so if the Jumpoint itself is able to connect then other Jump types should also be able to connect.

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.