[Cyberduck-trac] [Cyberduck] #2865: SSH Tunnel

Cyberduck trac at trac.cyberduck.io
Fri Feb 26 15:39:16 UTC 2016

#2865: SSH Tunnel
 Reporter:  ross.peoples@…                       |         Owner:  dkocher
     Type:  enhancement                          |        Status:  assigned
 Priority:  low                                  |     Milestone:  5.0
Component:  sftp                                 |       Version:  4.4.5
 Severity:  normal                               |    Resolution:
 Keywords:  ssh tunnel sftp gateway jump server  |  Architecture:  Intel
 Platform:                                       |

Comment (by jcw.dev):

 I'd like to also nominate this feature - it is critical in enterprise
 environments that SSH bastion's or jumpbox's are reliably employed.
 There are two primary configuration components needed for this to work
 well: ProxyCommand, and ForwardAgent.

 Consider this example where I first define my bastion host, and second
 define a host domain range for which I'd like to tunnel connections
 through the bastion.
 Host bastion
 Hostname        bastion.mydomain.com
 User            jcw
 IdentityFile    /Users/.../jcw.pem

 Host *.mydomain.com
 User            jcw
 IdentityFile    /Users/.../jcw.pem
 ProxyCommand    ssh -vvv bastion -W %h:%p -q
 ForwardAgent    yes

 The '''ProxyCommand''' is self-explanatory, and the crux of this topic.
 '''ForwardAgent''' is an important nuance, allowing the client to remain
 the only holder of their private key (it should not live on the bastion!).

 If these things were in place, I would be using Mountain Duck as part of
 my core workflow every day!

Ticket URL: <https://trac.cyberduck.io/ticket/2865#comment:27>
Cyberduck <https://cyberduck.io>
Libre FTP, SFTP, WebDAV, S3 & OpenStack Swift browser for Mac and Windows

More information about the Cyberduck-trac mailing list