Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Need SSH Config Support (ForwardAgent, ProxyCommand) #9304

Closed
cyberduck opened this issue Feb 26, 2016 · 6 comments
Closed

Need SSH Config Support (ForwardAgent, ProxyCommand) #9304

cyberduck opened this issue Feb 26, 2016 · 6 comments
Labels
duplicate enhancement sftp SFTP Protocol Implementation
Milestone

Comments

@cyberduck
Copy link
Collaborator

a6e2bdf created the issue

A very common access pattern for cloud environments is to set up a bastion server as the central SSH login gateway. This is a handy and growing pattern, especially within AWS Environments.

Consider the following SSH Config. This both tunnels my connection through an intermediary SSH server and forwards my ssh agent context on to it, allowing secure key exchange with the destination server, without storing my private key on the intermediary.

Host bastion
Hostname        bastion.mydomain.com
User            jcw
IdentityFile    /Users/.../jcw.pem

Host *.mydomain.com
User            jcw
IdentityFile    /Users/.../jcw.pem
ProxyCommand    ssh -vvv bastion -W %h:%p -q
ForwardAgent    yes

We NEED this facility. Having paid $40 for MountainDuck (great name!) I'd hope to see richer ssh config options soon.
You are building tools for the power users, after all :)

BONUS: Support known_hosts directives, to make dealing with ephemeral servers that have persistent hostnames more palatable!

Host *.dev.mydomain.com
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
@cyberduck
Copy link
Collaborator Author

@dkocher commented

We have a list of options we support from OpenSSH configuration in OpenSSH Configuration Interoperability.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Closing as duplicate of #8688.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Duplicate for #2865.

@cyberduck
Copy link
Collaborator Author

a6e2bdf commented

I see that there was another ticket out there. Sorry for the duplicate. I also did review the list of supported options, they just aren't rich enough for my needs.
One thing that is not mentioned in that other ticket is the AgentForwarding bit, which is crucial to the security pattern of bastion or jumpbox setup. I'll add that comment to the winning ticket.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Replying to [comment:5 jcw.dev]:

I see that there was another ticket out there. Sorry for the duplicate. I also did review the list of supported options, they just aren't rich enough for my needs.
One thing that is not mentioned in that other ticket is the AgentForwarding bit, which is crucial to the security pattern of bastion or jumpbox setup. I'll add that comment to the winning ticket.
Great, thanks for your input!

@cyberduck
Copy link
Collaborator Author

a6e2bdf commented

Also, for clarity, was just being cheeky with my $40 comment. I really really REALLY love Cyberduck, have been using it for over a decade with pleasure and much gratitude. I'm very glad to be supporting the project and all it's efforts!

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
duplicate enhancement sftp SFTP Protocol Implementation
Projects
None yet
Development

No branches or pull requests

1 participant