When working with secure systems, you may need to access an SFTP server that sits behind a bastion host. If you’re using the popular SFTP client Transmit, you might find that it doesn’t natively support SSH ProxyJump configurations. Fortunately, there’s a simple workaround to get SFTP working seamlessly through a bastion.

In this guide, we’ll walk you through setting up a local SSH tunnel and configuring Transmit to connect via that tunnel. We’ll also provide code examples for a typical ssh_config setup and terminal commands.

Why Use a Bastion Host?

A bastion host acts as a secure gateway between your local machine and a private network, allowing controlled access to your target servers. This setup enhances security by minimizing direct exposure of sensitive systems.

Steps to Configure Transmit for SFTP Through a Bastion Host

Step 1: Configure Your SSH Config File

Create or update your SSH configuration file (usually located at ~/.ssh/config) with a setup similar to the following:

Host sftp-server
  Hostname example.internal.net
  User username
  Port 22
  ProxyJump [email protected]:22
  ForwardAgent yes

Host example-bastion.com
  Hostname example-bastion.com
  User bastion-user
  Port 22

This configuration tells your system how to connect to sftp-server by using the bastion host as a jump server.

Step 2: Set Up an SSH Tunnel

Since Transmit doesn’t support ProxyJump directly, you’ll need to create a local SSH tunnel that forwards traffic through the bastion. Open a terminal and run:

ssh -N -L 2222:example.internal.net:22 [email protected]

Here’s what each flag does:

  • -N: Don’t execute any commands, just set up the tunnel.
  • -L 2222:example.internal.net:22: Forward local port 2222 to the SFTP server through the bastion.

Keep this terminal window open while using Transmit.

Step 3: Configure Transmit

In Transmit, set up a new SFTP connection:

  1. Server: 127.0.0.1
  2. Port: 2222
  3. Username: Use the username for the SFTP server.
  4. Authentication: Use your private key or password, as required.

Now, Transmit will connect through the local SSH tunnel to the SFTP server.

Example Code Snippets

SSH Config Example for Transmit

Host my-sftp-server
  Hostname example.internal.net
  User sftp-user
  Port 22
  ProxyJump [email protected]:22

Command to Set Up a Local SSH Tunnel

ssh -N -L 2222:example.internal.net:22 [email protected]

Alternate Tunnel Command (With Specific Keys)

ssh -i ~/.ssh/my-key.pem -N -L 2222:example.internal.net:22 [email protected]

Automating the Process

To simplify your workflow, consider using a script:

#!/bin/bash
ssh -N -L 2222:example.internal.net:22 [email protected]

Save this as start-sftp-tunnel.sh, make it executable (chmod +x start-sftp-tunnel.sh), and run it whenever you need the tunnel.

Conclusion

Using Transmit with an SFTP server behind a bastion is straightforward once you set up a local SSH tunnel. By configuring your SSH settings and forwarding traffic through the bastion, you can maintain a secure and efficient workflow.

With the steps and examples provided, you’ll be able to integrate Transmit into your setup seamlessly. Happy file transferring!


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Involved & Explore More

an abstract painting with blue and yellow colors

Catch up on what I’ve been writing lately.

Show your gratitude.

Join Dare To Code Email List

Get emails from me on full-stack PHP development by subscribing to the Dare To Code mailing list.