[Cyberduck-trac] [Cyberduck] #9304: BASTION - Need SSH Config Support (ForwardAgent, ProxyCommand)
Cyberduck
trac at trac.cyberduck.io
Fri Feb 26 08:15:12 UTC 2016
#9304: BASTION - Need SSH Config Support (ForwardAgent, ProxyCommand)
----------------------------+------------------------------------------
Reporter: jcw.dev | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: core | Version: 4.8
Severity: normal | Keywords: ssh, sftp, aws, bastion, osx
Architecture: Intel | Platform: Mac OS X 10.11
----------------------------+------------------------------------------
A very common access pattern for cloud environments is to set up a bastion
server as the central SSH login gateway. This is a handy and growing
pattern, especially within AWS Environments.
Consider the following SSH Config. This both tunnels my connection through
an intermediary SSH server and forwards my ssh agent context on to it,
allowing secure key exchange with the destination server, without storing
my private key on the intermediary.
Host bastion
Hostname bastion.mydomain.com
User jcw
IdentityFile /Users/.../jcw.pem
Host *.mydomain.com
User jcw
IdentityFile /Users/.../jcw.pem
ProxyCommand ssh -vvv bastion -W %h:%p -q
ForwardAgent yes
We NEED this facility. Having paid $40 for MountainDuck (great name!) I'd
hope to see richer ssh config options soon.
You are building tools for the power users, after all :)
BONUS: Support known_hosts directives, to make dealing with ephemeral
servers that have persistent hostnames more palatable!
Host *.dev.mydomain.com
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
--
Ticket URL: <https://trac.cyberduck.io/ticket/9304>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list