Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ProxyJump with another keyfile #1930

Open
2649 opened this issue Nov 18, 2024 · 6 comments
Open

ProxyJump with another keyfile #1930

2649 opened this issue Nov 18, 2024 · 6 comments

Comments

@2649
Copy link

2649 commented Nov 18, 2024

First of all, great tool!

I saw, that in version 1.5 proxy jumps made it into the tool. However, my remote ssh connection works with another keyfile for the ProxyJump. However according to the ssh implementation there is no keyfile used for proxy jumps.

Is there a workaround for that or does this needs to be implemented?

@buhtz
Copy link
Member

buhtz commented Nov 18, 2024

Hello Laurenz,

Thank you for taking the time to report the bug and providing the details. I appreciate your feedback.

I am not sure if I get this correct. I never explicit specified key files myself. BIT runs on hostA, over hostB (the jump host), into hostC (the backup destination).
So you talk about the key-file for hostB?

I even wonder why BIT need to manage the key-file for hostC. Should hostB manage the key-file for hostC?
I am confused. :D

Is your use case a rare case? I don't want to make the GUI more complex at all. But I also don't say "no".
I need to mangle this in my head.

If you have any more details to share, feel free to reach out.

Not sure when we'll find the time to work on it. Please see the projects background information to get an idea about our workflow and priorities:

Best regards,
Christian

@2649
Copy link
Author

2649 commented Nov 18, 2024

I think the use case is indeed a niche one. So I'll understand, that there are more important things to do.

After your comment, I just realized BIT uses -J flag for specifying the proxy jump, which is totally fine.

However, it is also possible with -o "ProxyCommand=..", where you could define a second key and thus manage all keys in on one host. But it would not make sense to change it to, because the -J is more convenient.

I think it could be implemented by allowing arbitrary ssh options like the "Paste additional options to rsync" in "Expert Options"

@buhtz
Copy link
Member

buhtz commented Nov 18, 2024

Thank your for reporting back.

I wonder myself if the key-file specified in "Manage profiles" dialog is just to access the jump host or to access the backup host with a jumphost inbetween... (#1931)

EDIT: Let me know if "Add prefix to SSH command..." (Export Options) works for you. Then I will add this special case to the documentation.

@2649
Copy link
Author

2649 commented Nov 18, 2024

I do not think it is possible to do with "Add prefix to SSH command". It would need a new settings, which adds ssh options to the ssh command like "Paste additional options to rsync", which is placed after "rsync" in the command line.

Another way would be to allow using ssh config files. So instead of specifying ssh user@ip -i keyfile, just specify a ssh config name like ssh configuredHostA.

@buhtz
Copy link
Member

buhtz commented Nov 18, 2024

Just for my own learning. Why don't you let the jump host manage its keyfile to access the destination host?

@2649
Copy link
Author

2649 commented Nov 18, 2024

It is a bit more secure, so when the jump server is compromised, it still cannot connect to the remote server.

@buhtz buhtz added this to the 2nd release from now milestone Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants