feat(ssh): support proxyjump, proxy command, forwardagent#2151
Merged
jschwxrz merged 11 commits intoMay 21, 2026
Merged
Conversation
…-proxyjump-and-forwardagent-in-ssh-connections # Conflicts: # src/main/core/tasks/provisionTask.ts
Contributor
Greptile SummaryThis PR adds ProxyJump, ProxyCommand, and ForwardAgent support to SSH connections, alongside a major internal restructuring: the SSH config parser, connect-config resolver, connection manager, and test-connection flow have all been split into focused modules and are now dependency-injectable for testing.
Confidence Score: 5/5The change is safe to merge; proxy transport, auth, and ForwardAgent modules are well-structured with strict input validation and comprehensive test coverage. All core paths are correctly implemented. The two findings are cosmetic/UX issues in the renderer form that do not affect connection correctness or data integrity. ssh-connection-form-model.ts (auth-type default) and add-ssh-conn-modal.tsx (name-clear on alias reset) are the only files with actionable feedback.
|
| Filename | Overview |
|---|---|
| src/main/core/ssh/transport/transports.ts | New file implementing ProxyJump and ProxyCommand transport spawning with strict regex guards on all substitution tokens. |
| src/main/core/ssh/connect/resolve-ssh-connect-config.ts | New core resolver assembling ConnectConfig from auth, ForwardAgent, and proxy sources with correct ProxyCommand > ProxyJump precedence. |
| src/main/core/ssh/connect/ssh-connect-auth.ts | IdentityFilteredAgent now conditionally assigns getStream only when the inner agent supports it, fixing the previously flagged unconditional-getStream hang. |
| src/renderer/lib/components/add-ssh-conn-modal.tsx | UI extended with alias selector, ForwardAgent toggle, and ProxyJump/ProxyCommand display; name field cleared unconditionally on alias-to-manual switch. |
| src/renderer/lib/components/ssh-connection-form-model.ts | suggestedAuthTypeForSshConfigHost falls back to 'agent' even with no agent configured, which can produce a confusing failure. |
| src/shared/ssh.ts | Adds sshConfigAlias, forwardAgent, proxyJump to SshConfig and proxy/forward fields to SshConfigHost; all optional for backward compatibility. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[resolveSshConnectConfig] --> B{alias?}
B -- yes --> C[resolveSshConfig\nssh -G alias]
B -- no --> D{authType === agent?}
D -- yes --> E[resolveManualAgentSshConfig]
D -- no --> F[agentResolved = undefined]
C --> G[buildAuthConfig]
E --> G
F --> G
G --> H[applyForwardAgent]
H --> I{proxyCommand\nfrom SSH config?}
I -- yes --> J[spawnProxyCommandWithShell]
I -- no --> K{proxyJump?}
K -- yes --> L[spawnProxyJump]
K -- no --> M[direct TCP]
J --> N[SshConnectResult]
L --> N
M --> N
Prompt To Fix All With AI
Fix the following 2 code review issues. Work through them one at a time, proposing concise fixes.
---
### Issue 1 of 2
src/renderer/lib/components/ssh-connection-form-model.ts:5-9
When neither `identityAgent` nor `identityFile` is configured for a host, the function returns `'agent'` as the default. A user with no SSH agent running will get an immediate connection failure with a potentially confusing "SSH agent socket not found" error rather than being prompted for a password. Defaulting to `'password'` here is safer for an unconfigured host.
```suggestion
export function suggestedAuthTypeForSshConfigHost(host: SshConfigHost): AuthType {
if (host.identityAgent) return 'agent';
if (host.identityFile) return 'key';
return 'password';
}
```
### Issue 2 of 2
src/renderer/lib/components/add-ssh-conn-modal.tsx:313-326
**Name cleared on alias-to-manual switch in edit mode**
When a user is editing a saved connection that is alias-backed and switches the dropdown back to "Manual connection", `form.setFieldValue('name', '')` clears the connection name unconditionally. If `isEditing` is true the user already has a name they want to keep, and clearing it forces them to retype it before the form can be submitted.
Reviews (2): Last reviewed commit: "fix(ssh): strip unsupported proxy comman..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Collaborator
Author
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.