Hello,
It would be great if the Android SFTP plugin for TotalCommander allowed the use of pivot host to access remote servers.
It could be like the firewall option in the ftp plugin or the equivalent of the ssh ProxyJump or ProxyCommand option.
Feature request: SFTP ssh pivot (ProxyJump/ProxyCommand)
Moderators: sheep, Hacker, Stefan2, white
-
- Junior Member
- Posts: 60
- Joined: 2003-02-07, 23:44 UTC
- ghisler(Author)
- Site Admin
- Posts: 40180
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Re: Feature request: SFTP ssh pivot (ProxyJump/ProxyCommand)
I don't know whether this was added yet to the used library sshj or not, see this github discussion:
https://github.com/hierynomus/sshj/pull/337
https://github.com/hierynomus/sshj/pull/337
Author of Total Commander
http://www.ghisler.com
http://www.ghisler.com
-
- Junior Member
- Posts: 60
- Joined: 2003-02-07, 23:44 UTC
Re: Feature request: SFTP ssh pivot (ProxyJump/ProxyCommand)
Well, the discussion page is tagged as 'merged'.
The merge (commit 9e8bef2) happened on July 6 2017:
https://github.com/hierynomus/sshj/commit/9e8bef24c5dcf5353677333037d5a52ac3f3a34f
There's even an example provided: https://github.com/hierynomus/sshj/blob/master/examples/src/main/java/net/schmizz/sshj/examples/Jump.java
Given the commit date, one could only hope it's available in the compiled builds
The merge (commit 9e8bef2) happened on July 6 2017:
https://github.com/hierynomus/sshj/commit/9e8bef24c5dcf5353677333037d5a52ac3f3a34f
There's even an example provided: https://github.com/hierynomus/sshj/blob/master/examples/src/main/java/net/schmizz/sshj/examples/Jump.java
Given the commit date, one could only hope it's available in the compiled builds

- ghisler(Author)
- Site Admin
- Posts: 40180
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Re: Feature request: SFTP ssh pivot (ProxyJump/ProxyCommand)
So how do I test this? I have SFTP servers on ghisler.com and ghisler.ch, can I connect to ghisler.com and then forward the connection to ghisler.ch? Or do I need a special SFTP proxy server software or special configuration on the server?
Author of Total Commander
http://www.ghisler.com
http://www.ghisler.com
-
- Junior Member
- Posts: 60
- Joined: 2003-02-07, 23:44 UTC
Re: Feature request: SFTP ssh pivot (ProxyJump/ProxyCommand)
Let's say that ghisler.ch is in a private network and ghisler.com can be used as a gateway to reach it from the Internet.
You can test if your SSH/SFTP server would support the scenario with the following ssh config file in a linux VM:
~/.ssh/config
Once configured in you ssh config file, you should be able to access ghisler.ch through ghisler.com just by typing
or
and you system will automatically connect through to the private target through the public one.
By enabling verbosity in the ssh client you can confirm the use of the proxy host which should look more or less like this:
Once you validated it's OK with a regular linux client, you're safe to test it within the plugin implementation.
Of course, it doesn't make much sense to do this with two public hosts, but it allows you to test the jump functionality nevertheless.
Beware, the proxy host ssh daemon (the public one in this example, ghisler.com) has to allow proxying (which is usually enabled by default in regular distros, but might not be the case if you don't have full control over the host).
If the SSH server at ghisler.com does not allow this for whaterver reason and you prefer not to fiddle with its configuration, a standard Debian 10 VM with the ssh daemon enabled will do just fine as ProxyHost.
You can test if your SSH/SFTP server would support the scenario with the following ssh config file in a linux VM:
~/.ssh/config
Code: Select all
Host public
Hostname ghisler.com
User <username>
IdentityFile <path_to_ssh_private_key>
Host private
Hostname ghisler.ch
User <username>
IdentityFile <path_to_ssh_private_key>
ProxyJump public
#ProxyCommand ssh -W %h:%p public #use as an alternative if your ssh client doesn't support the ProxyJump directive
Code: Select all
sftp private
Code: Select all
ssh private
By enabling verbosity in the ssh client you can confirm the use of the proxy host which should look more or less like this:
Code: Select all
ssh -v private
...
debug1: Setting implicit ProxyCommand from ProxyJump: ssh -v -W '[%h]:%p' public
...
debug1: Executing proxy command: exec ssh -v -W '[ghisler.ch]:22' public
...
[Banner of ghisler.com SSH server]
...
[Banner of ghisler.ch SSH server]
Of course, it doesn't make much sense to do this with two public hosts, but it allows you to test the jump functionality nevertheless.
Beware, the proxy host ssh daemon (the public one in this example, ghisler.com) has to allow proxying (which is usually enabled by default in regular distros, but might not be the case if you don't have full control over the host).
If the SSH server at ghisler.com does not allow this for whaterver reason and you prefer not to fiddle with its configuration, a standard Debian 10 VM with the ssh daemon enabled will do just fine as ProxyHost.