How can we improve the iOS app?

ProxyCommand

ProxyCommand is the least privilege way I am aware of to ssh to machines behind a bastion host. Agent forwarding would work, but continues to allow use of my keys for the duration of my session (vs. just once at initial login), which is more privilege than I wanted to give the bastion. I'd subscribe to Premium if you let me configure ProxyCommands.

244 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Brenda Larcom shared this idea  ·   ·  Admin →
    started  ·  AdminTermius Support (Admin, Crystalnix Limited) responded  · 

    Hi everyone,

    Could you guys please provide the exact examples of the ProxyCommands that you use in your setups?

    This will help to understand to the variety of cases and what to focus on first.

    Thanks

    39 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Heavoc commented  · 

        ProxyCommand ssh -W %h:%p bastion_host

      • Andrew P commented  · 

        Awesome that you are working on this... I have things in my config like:

        ProxyCommand ssh proxyuser@proxyhost nc %h %p

        ProxyCommand ssh proxyuser@proxyhost /usr/local/bin/ssh-proxy %h

      • Rene Diepstraten commented  · 

        Hi,
        For example `ProxyCommand ssh -W %h:%p user@bastion.example.org”` to tunnel ssh sessions through the bastion host.
        Newer openssh versions can do this by using `ProxyJump` by the way.

      • dirk duellmann commented  · 

        similar here: I'd be using it to implement multi-hop connections via something like:

        ProxyCommand ssh -K -Y jump.host.at /usr/bin/nc %h %p 2> /dev/null

        If you want to make it really nice you could predicate the proxy execution on the current subnet:

        Eg in my real setup I use for each host the sequence:

        Match host nick1 !exec "at-work"
        Hostname long.real.name1.at
        ProxyCommand ssh -K -Y jump.host.at /usr/bin/nc %h %p 2> /dev/null
        Host nick1
        HostName long.real.name1.at

        where "at-work" is a one-line script matching the ip subnet against the set of subnets used by my workplace.

        That way the proxy is only used when necessary.

      • Mark B. commented  · 

        I've been waiting for this so long.... Thanks for starting this!

        ProxyCommand ssh -W %h:%p jumphost

      • Anonymous commented  · 

        My proxy command is "ProxyCommand /usr/bin/ssh examplehost /usr/bin/nc -N %h %p"

      • Anonymous commented  · 

        Thanks for starting this ! :-)

        Here is what I'm using:

        ProxyCommand ssh -k gwUser@gateway.host.domain /usr/bin/nc %h %p 2> /dev/null

        Thanks,
        cheers, andreas

      • Michael commented  · 

        Same, I'd go premium if supported

      • jC commented  · 

        One more vote.. if done I would go premium,

      • Mike W commented  · 

        Please add this feature. I am a paying customer on iOS and need to go through a bastion host on a daily basis. Creating vpn connections or tunnels is just a pain in the bu..

        Thank you very much!

      • Bruno Bronosky commented  · 

        This was requested 3 years ago. Last official comment, giving a VERY single server mom & pop shop answer, was 2 years ago. This should really be an embarrassment to the the company. The bastion server pattern is very common.

      • Mark B. commented  · 

        @termiussupport:
        Could you give us a feedback, if this feature will be available?
        You already implemented the feature for using a ssh config file. Then please let termius parse ‚ProxyCommand‘. Port forwarding is no real replacement.

        My subscription ends at 2017/12/06 and I would like to renew it if I know this tiny feature will come.

      • Anonymous commented  · 

        How can you not have this feature?

      • Anonymous commented  · 

        Without a real socks proxy you can’t connect to a NameVirtualHost. With iOS 11 and iPadPro it’s now possible to keep both terminus and browser open side by side and tunnel’s timeout is not a problem anymore.

      • Anonymous commented  · 

        I just purchased a subscription for the pro version, expecting to find support for ProxyCommand for use in a heavily bastion-controlled network. Since it is not here, I am cancelling my subscription. I really miss iSSH!

      • Gonzalo Marcote commented  · 

        +1 for the ProxyCommand feature. In fact was something that I expected to find in the Pro version...

      • Anonymous commented  · 

        Premium user here. Agree with the sentiment here, let's move past ssh-agent forwarding and support proper ProxyJumping.

      • Anonymous commented  · 

        +1 I'm a premium customer but I won't remain one without this feature as it renders it nearly useless for any bastion secured networks.

      ← Previous 1

      Feedback and Knowledge Base