SFTP connection via ssh jump fails

Discuss and announce Total Commander plugins, addons and other useful tools here, both their usage and their development.

Moderators: white, Hacker, petermad, Stefan2

Post Reply
marco.l
New Member
New Member
Posts: 1
Joined: 2022-08-16, 07:59 UTC

SFTP connection via ssh jump fails

Post by *marco.l »

Hi,
I'm trying to connect to a Raspberry Pi via SFTP plugin for deploying files. There is another Raspberry Pi in between. So I need to jump from a, let's call it bastion server (first Raspberry Pi), to the actual destination (second Raspberry Pi). To the first RPi my PC (Windows) is connected by cable. The RPi then is connected to a WLAN. As well as the second RPi. No direct connection between my PC and the destination RPi. For convenience, I set up my ~/.ssh/config file as follows:

Code: Select all

Host bastion
Hostname bastion.local
User admin

Host destserver
Hostname destserver.local
User admin
ProxyCommand ssh bastion -W %h:%p bastion
What works:
I can connect to the first Raspberry Pi and deploy my files there. I did that several times, already.
I can connect via ssh in a terminal (windows powershell) to the destination RPi.

What doesn't work:
If I try to connect via SFTP plugin to destserver, I get an error saying

Code: Select all

Couldn't find host, getaddrinfo failed. (Actually in german: SFTP Error - Konnte Host nicht finden, getaddrinfo fehlgeschlagen.)
Is that a known issue or am I doing something wrong?

Best regards
Marco
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: SFTP connection via ssh jump fails

Post by *ghisler(Author) »

To my knowledge, the used LibSSH library does not support jump servers.
Author of Total Commander
https://www.ghisler.com
larry99
Junior Member
Junior Member
Posts: 44
Joined: 2009-01-16, 16:03 UTC
Location: Germany

Re: SFTP connection via ssh jump fails

Post by *larry99 »

I have the same requirement, so I would strongly back this request.

I am not an expert and don't know any C but found this:
https://api.libssh.org/stable/group__libssh__session.html#ga7a801b85800baa3f4e16f5b47db0a73d
linked from this question:
https://www.mail-archive.com/libssh@libssh.org/msg04105.html
So there should be at least support for proxycommand

For the even better proxyjump I didn't find any real help but at least it is somehow referenced in the source code:
https://git.libssh.org/projects/libssh.git/tree/src/config.c

If we cannot get proxyjump, perhaps at least the old fashioned proxycommand is possible?

As a workaround I had to start a socks5 proxy on the bastion and used that to get to the target, not very reliable (I have to make sure it keeps running)
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: SFTP connection via ssh jump fails

Post by *ghisler(Author) »

Sorry, I'm using libssh2, not libssh:
https://www.libssh2.org/
Author of Total Commander
https://www.ghisler.com
User avatar
AntonyD
Power Member
Power Member
Posts: 1231
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: SFTP connection via ssh jump fails

Post by *AntonyD »

Hmm, but aren't you looking for this?
https://www.libssh2.org/libssh2_channel_direct_tcpip_ex.html
host - Third party host to connect to using the SSH host as a proxy.
https://www.libssh2.org/mail/libssh2-devel-archive-2010-04/0041.shtml
A common way is to do the HTTP CONNECT request
to the proxy
to get a
"tunnel" through, as once you've got that you can hand over the socket to
libssh2 and it can continue on from there just fine.
https://github.com/marianafranco/libssh2-tunnel-example
Example of permanent reverse tunnel using libssh2. More at: Reverse SSH tunnel with libssh2
#146217 personal license
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: SFTP connection via ssh jump fails

Post by *ghisler(Author) »

I still don't see how this should help here. When I connect to the jump server via SSH and then use the command libssh2_channel_direct_tcpip_ex to open a connection to the second server, it returns some kind of raw channel. I cannot use this to send command, and I cannot use this to call libssh2_sftp_init to initiate an sftp connection to that second server.

I found this discussion thread here where someone has the same problem:
https://libssh2-devel.cool.haxx.narkive.com/tEHtVxn5/help-with-libssh2-channel-direct-tcpip-ex

Someone links to the libssh2 mailing list, but that doesn't give me any clues either:
http://www.libssh2.org/mail/libssh2-devel-archive-2010-02/0026.shtml
Author of Total Commander
https://www.ghisler.com
User avatar
AntonyD
Power Member
Power Member
Posts: 1231
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: SFTP connection via ssh jump fails

Post by *AntonyD »

https://www.libssh2.org/mail/libssh2-devel-archive-2021-02/0002.shtml
yep, looks like from directly this one lib we will not ever get the support of this feature(((
it is left for the application to do by itself.
#146217 personal license
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: SFTP connection via ssh jump fails

Post by *ghisler(Author) »

it is left for the application to do by itself.
But how? What can you do with a raw channel to another SSH server? How to do the connection negotiation and encryption? I think it could be used for unencrypted traffic like FTP or Telnet, but not for SSH over SSH.
Author of Total Commander
https://www.ghisler.com
User avatar
AntonyD
Power Member
Power Member
Posts: 1231
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: SFTP connection via ssh jump fails

Post by *AntonyD »

2ghisler(Author)
But how?
Good question, and perhaps we should to figure out it.... somehow ...
https://stackoverflow.com/questions/70685164/is-there-a-way-to-make-an-sftp-connection-to-a-remote-machine-through-jump-serve
for example
https://man.openbsd.org/sftp#J

which means that special tools ALREADY do exist and provide the end-user with ability to use server-in-the-middle as a "Proxy Jump" element.
so, somehow they were developed specifically for this case ;)

https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
docs saying that linux tools make some special innner command for simple ssh connection:
$ sftp -o 'ProxyCommand ssh -i /Volumes/Home/fred/.ssh/server1_rsa \
-l user2 server1.example.edu nc sftp.example.edu 22' \
-o 'HostKeyAlias=sftp.example.edu' sftp.example.edu
Last edited by AntonyD on 2022-08-31, 10:50 UTC, edited 1 time in total.
#146217 personal license
User avatar
AntonyD
Power Member
Power Member
Posts: 1231
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: SFTP connection via ssh jump fails

Post by *AntonyD »

"Unfortunately, libssh2 SFTP functionality is rather limited and its performance very poor." - I found during googling...
So very probably that the initial problem lies in the area of choosing the wrong library to support features (((
#146217 personal license
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: SFTP connection via ssh jump fails

Post by *ghisler(Author) »

So do you have any suggestion for a better library? It has to support Microsoft Visual C++.
Author of Total Commander
https://www.ghisler.com
User avatar
AntonyD
Power Member
Power Member
Posts: 1231
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: SFTP connection via ssh jump fails

Post by *AntonyD »

Not yet. I just googled all of this, probably exactly as you did in your turn.
#146217 personal license
User avatar
AntonyD
Power Member
Power Member
Posts: 1231
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: SFTP connection via ssh jump fails

Post by *AntonyD »

Maybe give it a try to this?
https://www.syncovery.com/tgputtylib/
"Proxy support has been available since build 8."
https://github.com/superflexible/TGPuttyLib

or libcurl + libssh2(as the base for ssh internal calls inside this lib) - and all operations with sftp:// to make from libcurl functions.
#146217 personal license
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48021
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Re: SFTP connection via ssh jump fails

Post by *ghisler(Author) »

The following plugin uses puttylib:
http://totalcmd.net/plugring/sftp4tc.html

The sources are available, just use the mirror link.
Author of Total Commander
https://www.ghisler.com
User avatar
AntonyD
Power Member
Power Member
Posts: 1231
Joined: 2006-11-04, 15:30 UTC
Location: Russian Federation

Re: SFTP connection via ssh jump fails

Post by *AntonyD »

puttylib
which when was updated last time? ~2014. is not enough for hoping that it will support ProxyJump command
#146217 personal license
Post Reply