Kevin Dees
← All writing
 ·  2 min read

How to Use Transmit with SFTP and a Bastion Host

Learn how to configure Transmit to connect to an SFTP server via a bastion host with easy-to-follow steps and SSH configurations.

#Coder Notes#Servers#Tips
How to Use Transmit with SFTP and a Bastion Host

When working with secure systems, you may need to access an SFTP server that sits behind a bastion host. If you're using the popular SFTP client Transmit, you might find that it doesn’t natively support SSH ProxyJump configurations. Fortunately, there’s a simple workaround to get SFTP working seamlessly through a bastion.

In this guide, we’ll walk you through setting up a local SSH tunnel and configuring Transmit to connect via that tunnel. We’ll also provide code examples for a typical ssh_config setup and terminal commands.

Why Use a Bastion Host?

A bastion host acts as a secure gateway between your local machine and a private network, allowing controlled access to your target servers. This setup enhances security by minimizing direct exposure of sensitive systems.

Steps to Configure Transmit for SFTP Through a Bastion Host

Step 1: Configure Your SSH Config File

Create or update your SSH configuration file (usually located at ~/.ssh/config) with a setup similar to the following:

bash
Host sftp-server
  Hostname example.internal.net
  User username
  Port 22
  ProxyJump bastion-user@example-bastion.com:22
  ForwardAgent yes

Host example-bastion.com
  Hostname example-bastion.com
  User bastion-user
  Port 22

This configuration tells your system how to connect to sftp-server by using the bastion host as a jump server.

Step 2: Set Up an SSH Tunnel

Since Transmit doesn’t support ProxyJump directly, you’ll need to create a local SSH tunnel that forwards traffic through the bastion. Open a terminal and run:

bash
ssh -N -L 2222:example.internal.net:22 bastion-user@example-bastion.com

Here’s what each flag does:

  • -N: Don’t execute any commands, just set up the tunnel.
  • -L 2222:example.internal.net:22: Forward local port 2222 to the SFTP server through the bastion.

Keep this terminal window open while using Transmit.

Step 3: Configure Transmit

In Transmit, set up a new SFTP connection:

  1. Server: 127.0.0.1
  2. Port: 2222
  3. Username: Use the username for the SFTP server.
  4. Authentication: Use your private key or password, as required.

Now, Transmit will connect through the local SSH tunnel to the SFTP server.

Example Code Snippets

SSH Config Example for Transmit

bash
Host my-sftp-server
  Hostname example.internal.net
  User sftp-user
  Port 22
  ProxyJump bastion-user@example-bastion.com:22

Command to Set Up a Local SSH Tunnel

bash
ssh -N -L 2222:example.internal.net:22 bastion-user@example-bastion.com

Alternate Tunnel Command (With Specific Keys)

bash
ssh -i ~/.ssh/my-key.pem -N -L 2222:example.internal.net:22 bastion-user@example-bastion.com

Automating the Process

To simplify your workflow, consider using a script:

bash
#!/bin/bash
ssh -N -L 2222:example.internal.net:22 bastion-user@example-bastion.com

Save this as start-sftp-tunnel.sh, make it executable (chmod +x start-sftp-tunnel.sh), and run it whenever you need the tunnel.

Conclusion

Using Transmit with an SFTP server behind a bastion is straightforward once you set up a local SSH tunnel. By configuring your SSH settings and forwarding traffic through the bastion, you can maintain a secure and efficient workflow.

With the steps and examples provided, you’ll be able to integrate Transmit into your setup seamlessly. Happy file transferring!