[Cyberduck-trac] [Cyberduck] #2865: SSH Tunnel
Cyberduck
trac at trac.cyberduck.io
Fri Feb 26 15:39:16 UTC 2016
#2865: SSH Tunnel
-------------------------------------------------+-------------------------
Reporter: ross.peoples@… | Owner: dkocher
Type: enhancement | Status: assigned
Priority: low | Milestone: 5.0
Component: sftp | Version: 4.4.5
Severity: normal | Resolution:
Keywords: ssh tunnel sftp gateway jump server | Architecture: Intel
Platform: |
-------------------------------------------------+-------------------------
Comment (by jcw.dev):
I'd like to also nominate this feature - it is critical in enterprise
environments that SSH bastion's or jumpbox's are reliably employed.
There are two primary configuration components needed for this to work
well: ProxyCommand, and ForwardAgent.
Consider this example where I first define my bastion host, and second
define a host domain range for which I'd like to tunnel connections
through the bastion.
{{{
Host bastion
Hostname bastion.mydomain.com
User jcw
IdentityFile /Users/.../jcw.pem
Host *.mydomain.com
User jcw
IdentityFile /Users/.../jcw.pem
ProxyCommand ssh -vvv bastion -W %h:%p -q
ForwardAgent yes
}}}
The '''ProxyCommand''' is self-explanatory, and the crux of this topic.
'''ForwardAgent''' is an important nuance, allowing the client to remain
the only holder of their private key (it should not live on the bastion!).
If these things were in place, I would be using Mountain Duck as part of
my core workflow every day!
--
Ticket URL: <https://trac.cyberduck.io/ticket/2865#comment:27>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows
More information about the Cyberduck-trac
mailing list