Cyberduck Mountain Duck CLI

#9304 closed enhancement (duplicate)

Need SSH Config Support (ForwardAgent, ProxyCommand)

Reported by: jcw.dev Owned by:
Priority: normal Milestone: 5.0
Component: sftp Version: 4.8
Severity: normal Keywords: ssh, sftp, aws, bastion, osx
Cc: Architecture: Intel
Platform: Mac OS X 10.11

Description (last modified by jcw.dev)

A very common access pattern for cloud environments is to set up a bastion server as the central SSH login gateway. This is a handy and growing pattern, especially within AWS Environments.

Consider the following SSH Config. This both tunnels my connection through an intermediary SSH server and forwards my ssh agent context on to it, allowing secure key exchange with the destination server, without storing my private key on the intermediary.

Host bastion
Hostname        bastion.mydomain.com
User            jcw
IdentityFile    /Users/.../jcw.pem

Host *.mydomain.com
User            jcw
IdentityFile    /Users/.../jcw.pem
ProxyCommand    ssh -vvv bastion -W %h:%p -q
ForwardAgent    yes

We NEED this facility. Having paid $40 for MountainDuck (great name!) I'd hope to see richer ssh config options soon. You are building tools for the power users, after all :)

BONUS: Support known_hosts directives, to make dealing with ephemeral servers that have persistent hostnames more palatable!

Host *.dev.mydomain.com
UserKnownHostsFile /dev/null
StrictHostKeyChecking no

Change History (8)

comment:1 Changed on Feb 26, 2016 at 8:16:33 AM by jcw.dev

  • Description modified (diff)

comment:2 Changed on Feb 26, 2016 at 10:01:17 AM by dkocher

We have a list of options we support from OpenSSH configuration in OpenSSH Configuration Interoperability.

comment:3 Changed on Feb 26, 2016 at 10:02:00 AM by dkocher

  • Component changed from core to sftp
  • Milestone set to 5.0
  • Resolution set to duplicate
  • Status changed from new to closed

Closing as duplicate of #8688.

comment:4 Changed on Feb 26, 2016 at 10:05:22 AM by dkocher

Duplicate for #2865.

comment:5 follow-up: Changed on Feb 26, 2016 at 3:22:15 PM by jcw.dev

I see that there was another ticket out there. Sorry for the duplicate. I also did review the list of supported options, they just aren't rich enough for my needs. One thing that is not mentioned in that other ticket is the AgentForwarding bit, which is crucial to the security pattern of bastion or jumpbox setup. I'll add that comment to the winning ticket.

comment:6 in reply to: ↑ 5 Changed on Feb 26, 2016 at 3:35:33 PM by dkocher

Replying to jcw.dev:

I see that there was another ticket out there. Sorry for the duplicate. I also did review the list of supported options, they just aren't rich enough for my needs. One thing that is not mentioned in that other ticket is the AgentForwarding bit, which is crucial to the security pattern of bastion or jumpbox setup. I'll add that comment to the winning ticket.

Great, thanks for your input!

comment:7 Changed on Feb 26, 2016 at 3:54:20 PM by jcw.dev

Also, for clarity, was just being cheeky with my $40 comment. I really really REALLY love Cyberduck, have been using it for over a decade with pleasure and much gratitude. I'm very glad to be supporting the project and all it's efforts!

comment:8 Changed on Apr 19, 2016 at 12:26:12 PM by dkocher

  • Summary changed from BASTION - Need SSH Config Support (ForwardAgent, ProxyCommand) to Need SSH Config Support (ForwardAgent, ProxyCommand)
Note: See TracTickets for help on using tickets.
swiss made software