SFTP support via a jump host

Hello,

We do not have specific Jump Host support, but do allow an SFTP connection to be set up with a Proxy. Would this type of definition allow a connection to your server? Otherwise, is this machine accessible using other FTP clients like Filezilla? BC3 (and BC4) Pro's support is for SFTP, not a direct SSH connection.

I should also note that SFTP support requires a Pro license. If you do not have Pro, you can revert to trial mode for testing:
http://www.scootersoftware.com/suppo...?zz=kb_evalpro

Hi Aaron,

Thanks for your reply. Much appreciated.

I'll give a bit more detail on my environment...

We have 4 Linux servers: DEV (Development), ST (System Testing), SIT (System Integration Testing), and STG (Staging).

DEV and ST are accessed via a Socks4 proxy. SIT and STG are setup like the production servers, i.e. they have the jump host network configuration.

Using BC3, I can synchronize data between DEV and ST fine, using dual SFTP profiles. The network speed is good and it's a godsend to help me synchronize and fix numerous configuration files.

The setup for SIT (and STG) are per my MobaXterm screenshot: an SSH gateway (jump host), port 22, with no proxy configuration. Using this setup, I can open an SSH session to the final destination.

Furthermore, MobaXterm also has automatic SFTP support. So, once I've connected to my Linux server via the jump host, I get an SFTP window as well. I've tested a download from the server and it successfully downloaded the file to my Windows machine, on which BC3 is running. So, assuming this really is SFTP protocol that MobaXterm is using, rather than something else under the covers, then I would hope I could configure BC3 to do the same.

I've attached another screen shot showing the SFTP window when I've launched MobaXterm on the SIT machine via the jump host.

Here is the information from Help -> About Beyond Compare:

My Organization
Max users: 10
Serial #1234-5678 (I can send further license details though official support channels if needed)
Pro Edition for Windows

Thanks for any additional information you can provide.

Thanks for the additional details. This is beyond our current support. You would probably have the best results setting up an SSH Tunnel (to get through the first connection), and then you can use any one-level SFTP client, like BC4, to connect.

I'll add your notes and use case to our Customer Wishlist. It is not likely a project we'd be able to tackle soon, but this looks like useful reference material.

Hi Aaron, et. al.,

I actually got this to work, and wanted to post this reply unless someone finds this thread in the future.

In summary, MobaXterm has an SSH tunnelling feature. This may have been what you meant Aaron, I just didn't connect the dots until now.

One thing to note is I could only get this to work with BeyondCompare 3. The same approach in Beyond Compare 4 failed with a connection error.

I've put all the details in the attached document, including screenshots. Download the file and rename from .bcpkg to .pdf.

Hope this helps someone in the future.

And if you do know why it's not working in BC4 that would be useful information.

Regards,
Scott

Hello,

Thanks for the info and report. Would you be able to email us at [email protected] with a link back to this forum thread, and include a pair of saved logs, connecting from BC3 and from BC4 so we can compare how BC4 errors out?

I'd like to second the request for SSH jumphost support. It seems it could be added pretty easily in the existing Proxy tab. Just need to offer a new type called SSH Jumphost and add the SSH private key file field that you have in the Login tab.

Would be great, and it is about time for me to buy another license to support your fantastic product.


In the interim, here is what I found to be the easiest way to get it working:

1. Create an FTP profile for the destination host as you would if there wasn't a jumphost in the way. Use the hostname that you would use from the context of the jumphost. (i.e. if it has an internal hostname that your desktop machine can't normally resolve, use that internal name)
2. On the Proxy tab, uncheck Use default
3. Check Use proxy
4. Set the Proxy type to "SOCKS 5"
5. Enter "localhost" as the Host
6. Leave the Port set to "1080"
7. Leave the Username and Password blank.
8. Save this FTP profile

9. Before using the FTP profile you just created, open a connection to your jumphost as a SOCKS proxy.
9a. For the command line OpenSSH utility, connect to your jumphost using the argument "-D 1080" (e.g. ssh -D 1080 jumphost.mycompany.com )
9b. For a GUI SSH program, look for an option in the connection configuration called SOCKS proxy.

And this method worked in BC4 or BC3?

If only BC3, would it be possible to install the BC4 trial and send us in the pair of log files (as similarly requested above) along with the link back to this forum thread for our reference on the subject.

I am using BC 4 on the Mac, but I also tried on Windows with Cygwin ssh to make sure.

Thanks for that testing. I'm not sure if this is a project we'll be able to tackle, but your workaround for other users is greatly appreciated, and I've added all this information to our entry on the subject.

the suggestion from DEinspanjer worked very well. I found that I could use plink from the Putty package on Windows to accomplish the OpenSSH functionality portion of the suggestion.

I just needed to do a BC session through a jumphost again and I tried what I described above, but I'm getting an error now. Wondering if it is still working for others?

In BC, when I try to browse the sftp folder from the profile, I get "Connection failed: Connection error (96264)".

If I connect to my jumphost with verbose logging, when BC tries to open the connection, I see the following message:
debug1: Connection to port 1080 forwarding to socks port 0 requested.

That seems a bit weird, I would expect it to say the port number sftp is trying to use, but I'm not 100% sure.

I'm running BC Version 4.2 (build 22302)

Do you believe it was an update to BC 4.2 that has introduced a change in behavior? Email us at [email protected] with a link to this forum thread, and let us know which OS you are running and I can send you an older 4.1.9 build for testing.

This method worked in BC4 or BC3?

Users reported success with both BC3 and BC4, but one user reported issue (maybe) beginning with BC 4.2.

We have downloads for both BC3 and BC4 on our Download page if you would like to alternate testing for each.
http://www.scootersoftware.com/download.php
http://www.scootersoftware.com/download.php?zz=dl3_en