Jump Hosts

[isontheline]

Feature description

Ability to jump a SSH / SFTP connection without the need to create a Dynamic Port Forwarding tunnel.

• Select a jump connection inside
• Change the alert loading dialog in order to have a progress bar
• Check that jumping connections use the DNS resolution of the jump server and not the device
• Ping jarrah31 when feature is ready

[jarrah31]

Having had time to think about some of my use cases for ProxyJump, I can indeed see why you created a separate feature request for this.

For example, #266 is great because it allows me to SSH to an internal client via my proxy (tunnel) SSH server. However, what (I think) it doesn't let me do is forward ports from that internal SSH client, via the tunnel SSH server.

From what I can gather, the Tunnel connection has a Port Forwarding field, but does this only allow me to forward ports from that tunnel SSH server only?

What I would like to do is forward ports from different internal servers via my single proxy/tunnel SSH server. e.g. access an internal VNC server (on port 8123) from my laptop when away from home, via my tunnel/proxy server (locked down with public/private keys only).

I imagine this working by adding "Port Forwarding" fields to the SSH tab connections, and then still using a Tunnel connection with * in Port Forwarding.

Or perhaps I've misunderstood how the current implementation works and this is indeed something that can already be done?

[isontheline]

@jarrah31

From what I can gather, the Tunnel connection has a Port Forwarding field, but does this only allow me to forward ports from that tunnel SSH server only?

You could forward external hosts and ports reachable from your jump host :
Jump Host : 10.0.0.2
Forwarded rule : 5900:10.0.0.10:8123
So port 5900 (local to your computer / iPad / iPhone) will allow you to access the host and port 10.0.0.10:8123 behind the jump host 10.0.0.2

About the * wildcard for Dynamic Port Forwarding :

• The * wildcard char is a shortcut to enable Dynamic Port Forwarding.
• On "regular SSH command" this will open a SOCKS server on a specific port. Then you can use this SOCKS port with other tools like web browser or other apps that supports SOCKS protocol.
• On WebSSH, by default, the * wildcard open a random port (but you could fix it with *:1985 for example, not documented yet). When WebSSH knows that a DPF tunnel is enabled, it tries to establish all SSH / SFTP connections above it. So it "could" be a "little" replacement to the "true real" jump feature.

Does I have understand your use case?
I will be happy to disclose any needed further information about jump and port forwards.

[jarrah31]

Ah yes I see now, I didn't realise it could be used that way! I've just tested and can confirm that it works as I was hoping! Thank you again Arnaud! 🎉
Also apologies for not quite understanding the features straight away, I'm the type of person who needs to see working examples to fully understand how something works.

[isontheline]

You're Welcome @jarrah31

Don't worry I'm also the same type of person 😉
Don't hesitate to tell me if the documentation need to be updated in any way.

[jarrah31]

Don't hesitate to tell me if the documentation need to be updated in any way.

Actually, what you wrote above would work really well as a working example within the Port Forwarding page because it explains the feature in a simple way and goes into more detail on how Dynamic Port Forwarding works.

Perhaps one suggestion could be a couple of blogs linked from help pages that do in-depth working examples to explain to users how they can make the most out of your app.

e.g.
How to set up a secure SSH server on your home network (public/private keys, disable password access, different SSH port, etc)

How-to do Remote Desktop (RDP) access to internal Windows Desktop PCs from outside your home (3389:192.168.0.10:3389 - using Microsoft RD Client on iPad - works great!)

I know how time consuming these type of guides can be though, plus you'd have to keep maintaining them, and ensuring they offer correct advice, etc. Just a thought anyway, not necessarily these topics. :)