-
-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tunnel : Proxy Jump Host : VPN-Over-SSH #266
Comments
Will this feature allow you to do proxy jumps, such as connecting directly to an ssh client via another ssh client? The following .ssh/config example illustrates what I mean:
Thanks. |
It would be great if there was some support for the ProxyJump directive / SSH jump hosts as they are a common method to provide access to LAN servers from the Internet. What are the chances of this feature being implemented, and is there anything anyone can do to assist with this? Thanks! 🙏 |
Chance to have this feature implemented is near 100% because I need it too 😇 It's not a hard task for the backend part but a little harder for the frontend part (connection errors, connection progress bar, etc.) I would like also to implement a more generic way to customize connections by the use of #327 an SSH config file |
Manque juste une fonction et ce serait top
By volfoni69 on the App Store |
Thx for considering this issue. I was just wondering if using ProxyJump, which is a recent feature of ssh, would also work with a gateway/bastion using an older (aka pre 7.3) version of ssh .. in any case we assume that at least the gateway/bastion is running nectat. Still, I'm not an ssh expert and didn't even know about ProxyJump. For my personal usage I will give it a try using my laptop to check if it works as expected with the bastion, and wait for an update on your side 👍 |
Bonjour Jean-Christophe @jcaude 👋 You're right ProxyJump is a newer way to establish bastion connections. In fact ProxyCommand - used for bastion connection - could be used right now inside WebSSH :
Documentation about DPF is available here : https://webssh.net/documentation/help/networking/port-forwarding/#dynamic-port-forwarding Could you test these steps? Belle journée à vous |
Yes, just give it a try now and it works perfectly (I work differently right now..). The only issue I have now is local DNS entry within the bastion that are not available through the tunnel.. it's not a big deal because these are static @ip. But then everything is working fine (at least ssh). Thx for all .. |
Interesting! Thanks for notifying me to try this ProxyJump workaround. Unfortunately something isn't quite working for me using this method. I can only test this on my Intel Mac version of WebSSH at the moment, so I'll try it on my iPhone/iPad later today. What I've done so far is create a new Tunnel connection with the following settings:
After saving the changes, I click on this connection within Tunnel tab, and the status icon goes green.
When I click on this connection, the Connecting... popup window appears, but no connection is established. My laptop is on a remote connection to home, so the Docker profile can't normally connect. Based on the instructions provided above, and given that the guide says "Dynamic Port Forwarding will forward all connections INSIDE WebSSH (SSH, SFTP) to a dynamic remote IP and port through your SSH server (aka bastion)", am I correctly assuming that Docker should be able to connect to 192.168.0.10 via the established "Proxy" connection? If so then this doesn't seem to work for me. I'll be happy to try any testing or troubleshooting to help work out the problem. |
Thank you a lot for your feedback!
Your need is to have connection' hostname (child) resolved by your local DNS server?
You're Welcome
Thank you again 🙏 |
Yes the configuration you have shown seems good to me Could you enable verbose logging in order to check further? In order to enable verbose logging you can follow the steps :
|
Thanks @isontheline - is there an equivalent "Log Level -> Verbose" setting within the Intel Mac version of WebSSH? I can't test this on my phone at the moment. I see within the app Settings there's "SSH Settings" and WebSSH Settings", but I can't find any verbose option within there. |
@jarrah31 Yes you will find it here : Menu bar macOS > WebSSH > Settings |
Ah there it is - WebSSH Menubar -> Preferences. Thanks. Sorry @isontheline, where are the log files kept? Tried looking within my home folder, hidden files, Library, Application Support. Searched my Mac for WebSSH too but it only found the .app file. |
@jarrah31 You can locate the directory by launching WebSSH > mashREPL > Then use this folder location and access it through the Finder |
Please come back to me at any time Have a nice day ☀️ |
A restart of WebSSH is what I was missing! Logs now appear within Documents as you described. :) Tested this at home today and found the connection to 192.168.0.10 only works when on my local network (with or without the tunnel). When I connect externally (via my phones data connection), the tunnel link works but the subsequent connection to 192.168.0.10 doesn't.
|
Some relevant log lines should be there in your report but I don't find them, perhaps an older release (or a bug on my side). Could you give me your WebSSH build number? |
Really sorry, I should know that the first rule of thumb is to always upgrade to the latest version before saying something doesn't work! I was on v17.0, so upgraded to 17.3 and now it all works. :) Thank you for being patient, and for producing such an excellent SSH app! Finally - a proper Putty for macOS alternative! |
@jarrah31 Don't worry, you're Welcome! Thank you again for your feedback about WebSSH usage 👍
🙏 You have made my day |
Just a little suggestion for future new WebSSH users, could you make a note on your "Dynamic Port Forwarding" help pages that says this is a ProxyJump alternative please? (perhaps it could say (aka Bastian or ProxyJump)) |
@jarrah31 This could be an alternative but I've juste created an issue for the "true" jump feature : Jump and multi-jumps May I ping you when this new jump feature will be ready? |
Yes please, that would be great! Thanks! |
Describe the feature
Ability to use a "wildcard" jump host from the tunnel feature.
Why?
Yet the Local Port Forwarding and Dynamic Port Forwarding are using the VPN in order to work.
But if we use a VPN (like Cisco, OpenVPN) then we can't use the LPF / DPF features.
So if we can use a Jump Host without using the VPN it would be great :)
What to do?
The text was updated successfully, but these errors were encountered: