How can we improve the iOS client?

ProxyCommand

ProxyCommand is the least privilege way I am aware of to ssh to machines behind a bastion host. Agent forwarding would work, but continues to allow use of my keys for the duration of my session (vs. just once at initial login), which is more privilege than I wanted to give the bastion. I'd subscribe to Premium if you let me configure ProxyCommands.

180 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Brenda LarcomBrenda Larcom shared this idea  ·   ·  Admin →

    23 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • AnonymousAnonymous commented  · 

        I just purchased a subscription for the pro version, expecting to find support for ProxyCommand for use in a heavily bastion-controlled network. Since it is not here, I am cancelling my subscription. I really miss iSSH!

      • Gonzalo MarcoteGonzalo Marcote commented  · 

        +1 for the ProxyCommand feature. In fact was something that I expected to find in the Pro version...

      • Anonymous commented  · 

        Premium user here. Agree with the sentiment here, let's move past ssh-agent forwarding and support proper ProxyJumping.

      • Anonymous commented  · 

        +1 I'm a premium customer but I won't remain one without this feature as it renders it nearly useless for any bastion secured networks.

      • Anonymous commented  · 

        I need this feature as well. All our servers are behind a bastion server so without ProxyCommand support this SSH client is useless.

      • Anonymous commented  · 

        Please add this feature.

        I specifically bought the subscription for the possibility to import my ssh config file. Without ProxyCommand, it is worthless for me.

        Thanks,
        mws

      • Anonymous commented  · 

        The port forwarding can help but it is complicated to put in place with a lot servers.
        The command:
        Ssh <rebound server> ssh <target server>
        Or
        Proxycommand ssh <rebound server>

        I hope it is possible.

      • Anonymous commented  · 

        Make this possible, please.

      • RikuRiku commented  · 

        Pro subscriber.
        +1 for ProxyCommand support.

      • Jason ProulxJason Proulx commented  · 

        @terminussupport port forwarding isn't a feasible replacement for ProxyCommand, we have dozens of servers behind our bastion host, servers are added and removed on a regular basis and so constantly maintaining a list of port forwarding rules doesn't address the problem.

        I picked up a pro subscription specifically because of the ability to import my ssh config, but in essence Termius simply uses it as a glorified host list.

        ProxyCommand is essential for secure enterprise support, the product is pretty good so far, but without ProxyCommand it's only good enough for hobby purposes.

      • Termius SupportAdminTermius Support (Admin, Crystalnix Limited) commented  · 

        Hello.

        I guess in your case remote port forwarding may do the trick:

        1. Go to Port Forwarding section, create a new rule of Remote type.
        2. Select your bastion host where it says Host
        3. In Port From field specify any port on bastion machine that you would like to use for forwarding.
        4. In the destination type in the IP or hostname of the host that is behind a bastion.
        5. In Port To type in "22" for SSH.
        6. Save.

        If everything is right you should be able to run the PF rule.

        Now to connect to the desired host create new Host item in Hosts section and enter address of your bastion machine and port that you've specified in Port From field of PF rule.

        Please keep in mind that for this method to work the port that you specify in Port From field should be opened for incoming connections.

        Hope that helps.

      • AnonymAnonym commented  · 

        Please add a feature to ssh tunnel through a server to access an internal server. Example:

        1. I want to access a friends server which runs on his internal network under 192.168.1.10:22
        2. He has another server running on 192.168.1.9:22 which is forwarded to the public
        internet.
        3. Now I have to connect to the second server to acces the first server, but with this feature it would be much easier to acces this server through an ssh tunnel without doing extra work
        (WinScP also has this feature implemented)

      • Ashkan KianiAshkan Kiani commented  · 

        I use a proxy command to access a computer behind a firewall through an intermediary. It would be nice not to have to ssh twice. Instead the ssh config proxy command enables you to do this

      • HoracioHoracio commented  · 

        Hello
        I would really like to have this feature implemented, is there any chance to have it in the near future. Every time I try to move from a portable PC to iPhone/iPad I find many little features that block my attempt. Well this is one of them. And given that this app is the best ssh client so far, I wonder if this time I could finally left the PC at home.

        I would really appreciate an honest answer if you (the developers) are considering it.

        Regards
        Horacio

      • EdEd commented  · 

        @william: totally agree with your comment.

      • EdEd commented  · 

        +1: see my comment on the VPN request. I wrote that before I saw this request.

      • Amal Adnan HammadAmal Adnan Hammad commented  · 

        Mrs Amal Adnan Hammad #FIN#1087168920.sole ownership of SFT #EIN#000 000 000 (Tel:-00871552111890)pobox:-300974 use ,dubai

      ← Previous 1

      Feedback and Knowledge Base