When working with secure systems, you may need to access an SFTP server that sits behind a bastion host. If you’re using the popular SFTP client Transmit, you might find that it doesn’t natively support SSH ProxyJump configurations. Fortunately, there’s a simple workaround to get SFTP working seamlessly through a bastion.
In this guide, we’ll walk you through setting up a local SSH tunnel and configuring Transmit to connect via that tunnel. We’ll also provide code examples for a typical ssh_config
setup and terminal commands.
Why Use a Bastion Host?
A bastion host acts as a secure gateway between your local machine and a private network, allowing controlled access to your target servers. This setup enhances security by minimizing direct exposure of sensitive systems.
Steps to Configure Transmit for SFTP Through a Bastion Host
Step 1: Configure Your SSH Config File
Create or update your SSH configuration file (usually located at ~/.ssh/config
) with a setup similar to the following:
Host sftp-server
Hostname example.internal.net
User username
Port 22
ProxyJump [email protected]:22
ForwardAgent yes
Host example-bastion.com
Hostname example-bastion.com
User bastion-user
Port 22
This configuration tells your system how to connect to sftp-server
by using the bastion host as a jump server.
Step 2: Set Up an SSH Tunnel
Since Transmit doesn’t support ProxyJump directly, you’ll need to create a local SSH tunnel that forwards traffic through the bastion. Open a terminal and run:
ssh -N -L 2222:example.internal.net:22 [email protected]
Here’s what each flag does:
-N
: Don’t execute any commands, just set up the tunnel.-L 2222:example.internal.net:22
: Forward local port2222
to the SFTP server through the bastion.
Keep this terminal window open while using Transmit.
Step 3: Configure Transmit
In Transmit, set up a new SFTP connection:
- Server:
127.0.0.1
- Port:
2222
- Username: Use the username for the SFTP server.
- Authentication: Use your private key or password, as required.
Now, Transmit will connect through the local SSH tunnel to the SFTP server.
Example Code Snippets
SSH Config Example for Transmit
Host my-sftp-server
Hostname example.internal.net
User sftp-user
Port 22
ProxyJump [email protected]:22
Command to Set Up a Local SSH Tunnel
ssh -N -L 2222:example.internal.net:22 [email protected]
Alternate Tunnel Command (With Specific Keys)
ssh -i ~/.ssh/my-key.pem -N -L 2222:example.internal.net:22 [email protected]
Automating the Process
To simplify your workflow, consider using a script:
#!/bin/bash
ssh -N -L 2222:example.internal.net:22 [email protected]
Save this as start-sftp-tunnel.sh
, make it executable (chmod +x start-sftp-tunnel.sh
), and run it whenever you need the tunnel.
Conclusion
Using Transmit with an SFTP server behind a bastion is straightforward once you set up a local SSH tunnel. By configuring your SSH settings and forwarding traffic through the bastion, you can maintain a secure and efficient workflow.
With the steps and examples provided, you’ll be able to integrate Transmit into your setup seamlessly. Happy file transferring!
Leave a Reply