SSH Proxy

Advertisement

Merlin
Joined:
Posts:
3
Location:
Paris, France

SSH Proxy

Is there any way to use a SSH proxy with WinSCP ?
I need to get files from a SSH box which is behind another SSH box.
I usually connect with PuTTY to the first one then to the second one and scp files to my local SSH server.
But it would save me great time if I could directly get my files using WinSCP.

Thanks.

Reply with quote

Advertisement

Merlin
Joined:
Posts:
3
Location:
Paris, France

I've seen the Proxy tab, but I don't think it's working for me here.
Let's take an example to describe what I'm trying to do:

On one side, there is my local network connected to the internet (no problem on this side).
On the other side, a distant network connected to the internet with a gateway. On the distant network every computer can get access to the internet, but due to routing mechanism it's only one way (you cannot connect directly to a computer inside this network from the internet).
  • The only way is to login on this distant network's gateway using ssh and then to any computer you want inside the network.
  • The gateway is a very minimalist system and I do not have access to my files directly on it, I need to connect to the fileserver inside the distant network.
  • As I am not root on any computer of the distant network I cannot change anything on the gateway's configuration.
So we'll say that my local network is localnet.com and the network I'm trying to reach distantnet.com.
I have an account (ie: johndoe) on every box I need to connect to with my private/key pairs set correctly so I do not have to type any password.
Usually I would proceed like this using any SSH client:
winbox.localnet.com> ssh johndoe@gateway.distantnet.com
gateway.distantnet.com> ssh johndoe@fileserver.distantnet.com
fileserver.distantnet.com> scp  whateverfiles johndoe@linuxbox.localnet.com:/tmp
At this point I have all the files I need on my linux box in my local network and I use WinSCP to get the files to my windows box.

So what I am trying to do is use WinSCP to connect to the fileserver through the gateway to avoid copying the files on my Linux box.

I've tried to use the telnet proxy on the ssh gateway (with the port set to 22 and with different command) but it doesn't seems to work. Maybe I am doing something wrong or maybe winscp doesn't support using a ssh connection as a proxy?

Reply with quote

martin
Site Admin
martin avatar

OK, now I understand, what is your question. WinSCP cannot do this. You may try to setup your account on Proxy to directly ssh to other server on login. But it would work only if there would be no password prompt.

Reply with quote

Merlin
Joined:
Posts:
3
Location:
Paris, France

Maybe it could be a feature on an upcoming version of WinSCP? ;)

Anyway, it worked for me the way you suggested:
I've set de command option in my authorized_keys file on the gateway to ssh to the fileserver.
So know I have a key I use only when I identify using WinSCP and only with this key the gateway login to the fileserver before reading the current directory.
This way I can still login to the gateway without being forwarded whenever I use another key and I can enjoy WinSCP to retrieve my files :)

Update by @martin: See last post to this topic for other solution.

Thank you for your help and your work on WinSCP.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

First of all, thanks for sharing you solution.

Merlin wrote:

Maybe it could be a feature on an upcoming version of WinSCP? ;)
I'm not sure if this can be done. I may invoke ssh command of startup, the way you did it. However WinSCP cannot allocate pseudo-terminal, which means that ssh cannot prompt user for password, etc. So it would work only with unencrypted private key, which is very restrictive. Any suggestions are appreciated.

Reply with quote

Guest

Wow, this topic is almost 20 years old...
The current pre-release version of PuTTY 0.77 now supports SSH proxy, analogous to -J option or ProxyJump, which is way easier to configure than using tunnels. Perhaps the next WinSCP version could also support this.

Reply with quote

Advertisement

You can post new topics in this forum