[Cyberduck-trac] [Cyberduck] #9304: BASTION - Need SSH Config Support (ForwardAgent, ProxyCommand)

Cyberduck trac at trac.cyberduck.io
Fri Feb 26 08:15:12 UTC 2016

#9304: BASTION - Need SSH Config Support (ForwardAgent, ProxyCommand)
    Reporter:  jcw.dev      |      Owner:
        Type:  enhancement  |     Status:  new
    Priority:  normal       |  Milestone:
   Component:  core         |    Version:  4.8
    Severity:  normal       |   Keywords:  ssh, sftp, aws, bastion, osx
Architecture:  Intel        |   Platform:  Mac OS X 10.11
 A very common access pattern for cloud environments is to set up a bastion
 server as the central SSH login gateway. This is a handy and growing
 pattern, especially within AWS Environments.

 Consider the following SSH Config. This both tunnels my connection through
 an intermediary SSH server and forwards my ssh agent context on to it,
 allowing secure key exchange with the destination server, without storing
 my private key on the intermediary.

 Host bastion
 Hostname        bastion.mydomain.com
 User            jcw
 IdentityFile    /Users/.../jcw.pem

 Host *.mydomain.com
 User            jcw
 IdentityFile    /Users/.../jcw.pem
 ProxyCommand    ssh -vvv bastion -W %h:%p -q
 ForwardAgent    yes

 We NEED this facility. Having paid $40 for MountainDuck (great name!) I'd
 hope to see richer ssh config options soon.
 You are building tools for the power users, after all :)

 BONUS: Support known_hosts directives, to make dealing with ephemeral
 servers that have persistent hostnames more palatable!

 Host *.dev.mydomain.com
 UserKnownHostsFile /dev/null
 StrictHostKeyChecking no

Ticket URL: <https://trac.cyberduck.io/ticket/9304>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list