Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SFTP connection problem due to ProxyJump entry for unrelated host in .ssh/config #16464

Open
kaukrise opened this issue Oct 30, 2024 · 2 comments
Open

SFTP connection problem due to ProxyJump entry for unrelated host in .ssh/config #16464

kaukrise opened this issue Oct 30, 2024 · 2 comments
Assignees
@dkocher
Labels
sftp SFTP Protocol Implementation

Comments

@kaukrise
Copy link

Thank you for providing this awesome tool! I encountered an issue trying to connect via SFTP using Mountain Duck from a machine that had a jump host configuration in ~/.ssh/config for an unrelated host. Thank you in advance for your support in this matter!

Describe the bug
Connecting to a local SFTP server (192.168.178.*) in Mountain Duck fails with an error popup

Gate1. DNS is the network service that translates a server name to its Internet address. This error is most often caused by having no connection to the Internet or a misconfigured network. It can also be caused by an unresponsive DNS server or a firewall preventing access to the network.

Logs reveal that Mountain Duck is trying to configure a jump host parsed from ~/.ssh/config (named gate1):

2024-10-30 07:36:45,793 [reachability-scheduler-1] DEBUG ch.cyberduck.core.Resolver - Waiting for resolving of gate1
2024-10-30 07:36:45,802 [resolver-1] WARN  ch.cyberduck.core.Resolver - Failed resolving gate1
2024-10-30 07:36:45,802 [resolver-1] DEBUG ch.cyberduck.core.threading.NamedThreadFactory - Finished execution of runnable ch.cyberduck.core.Resolver$1@5c2aa903
2024-10-30 07:36:45,802 [reachability-scheduler-1] INFO  ch.iterate.mountainduck.service.FilesystemOperationsReachability - Schedule for reachability check in 30 seconds
2024-10-30 07:37:15,802 [reachability-scheduler-1] DEBUG ch.cyberduck.core.sftp.openssh.config.transport.OpenSshConfig - Found host match in SSH config:Host{patternsApplied=false, hostName='null', proxyJump='gate1', port=0, identityFile=Local{path='/Users/user/.ssh/id_rsa'}, identityAgent=null, user='user', preferredAuthentications='null', identitiesOnly=null, batchMode=null}
2024-10-30 07:37:15,802 [reachability-scheduler-1] INFO  ch.cyberduck.core.sftp.openssh.OpenSSHJumpHostConfigurator - Found jump host configuration gate1 from OpenSshConfig{configuration=Local{path='/Users/user/.ssh/config'}}
...
2024-10-30 07:37:15,805 [reachability-scheduler-1] WARN  ch.cyberduck.core.ProtocolFactory - Missing registered protocol for identifier gate1
2024-10-30 07:37:15,805 [reachability-scheduler-1] DEBUG ch.cyberduck.core.HostParser - Parsed gate1 as Host{protocol=sftp, region='null', port=22, hostname='gate1', credentials=Credentials{user='', password='', tokens='TemporaryAccessTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=null}, uuid='null', nickname='null', defaultpath='null', workdir=null, custom=null, labels=null}
2024-10-30 07:37:15,805 [reachability-scheduler-1] DEBUG ch.cyberduck.core.sftp.openssh.config.transport.OpenSshConfig - Found host match in SSH config:Host{patternsApplied=false, hostName='null', proxyJump='gate1', port=0, identityFile=Local{path='/Users/user/.ssh/id_rsa'}, identityAgent=null, user='user', preferredAuthentications='null', identitiesOnly=null, batchMode=null}
2024-10-30 07:37:15,805 [reachability-scheduler-1] INFO  ch.cyberduck.core.sftp.openssh.OpenSSHCredentialsConfigurator - Using username Host{patternsApplied=true, hostName='null', proxyJump='gate1', port=-1, identityFile=Local{path='/Users/user/.ssh/id_rsa'}, identityAgent=null, user='user', preferredAuthentications='null', identitiesOnly=null, batchMode=null} from OpenSshConfig{configuration=Local{path='/Users/user/.ssh/config'}}
...
2024-10-30 07:37:15,805 [reachability-scheduler-1] WARN  ch.cyberduck.core.diagnostics.ReachabilityFactory - Run reachablity check for jump host Host{protocol=sftp, region='null', port=22, hostname='gate1', credentials=Credentials{user='user', password='', tokens='TemporaryAccessTokens{accessKeyId='', secretAccessKey='', sessionToken='', expiryInMilliseconds=9223372036854775807}', oauth='OAuthTokens{accessToken='', refreshToken='', idToken='', expiryInMilliseconds=9223372036854775807}', identity=Local{path='/Users/user/.ssh/id_rsa'}}, uuid='null', nickname='null', defaultpath='null', workdir=null, custom=null, labels=null}
...
2024-10-30 07:37:15,806 [reachability-scheduler-1] DEBUG ch.cyberduck.core.diagnostics.SystemConfigurationReachability - Determined reachability flags 2 for sftp://gate1:22
...
2024-10-30 07:37:15,806 [reachability-scheduler-1] DEBUG ch.cyberduck.core.threading.NamedThreadFactory - Create thread for runnable ch.cyberduck.core.Resolver$1@4eb9c23f
2024-10-30 07:37:15,806 [reachability-scheduler-1] DEBUG ch.cyberduck.core.Resolver - Waiting for resolving of gate1
2024-10-30 07:37:15,809 [resolver-1] WARN  ch.cyberduck.core.Resolver - Failed resolving gate1

Relevant section of ~/.ssh/config:

Match canonical host gate*
    User user
    Compression yes
    ServerAliveInterval 120
    ControlMaster auto
    ControlPersist 14h
    ControlPath ~/.ssh/master-%C

Match canonical host custom_server1*,custom_server2*
    User user
    Compression yes
    ControlMaster auto
    ControlPersist 14h
    ControlPath ~/.ssh/master-%C
    # OpenSSH >=7.3
    ProxyJump gate1  ### <--- This is the line causing the issue

Commenting the line ProxyJump gate1 in .ssh/config allows SFTP connection as normal.

To Reproduce
Steps to reproduce the behavior:

  1. Add ProxyJump configuration to ~/.ssh/config
  2. Try to connect to any SFTP server

Expected behavior
SFTP connection should ignore ProxyJump directive, unless connection is made to the specific servers it is configured for (in this case custom_server1*,custom_server2*).

Desktop (please complete the following information):

  • OS: macOS 15.1
  • Mountain Duck Version 4.16.3 (22374)

Log Files
mountainduck.log
@dkocher
Copy link
Contributor

dkocher commented Oct 30, 2024

I suspect this to be an issue with the wildcard. What is the hostname you set in Server of your bookmark configuration?

@dkocher dkocher self-assigned this Oct 30, 2024
@dkocher dkocher added the sftp SFTP Protocol Implementation label Oct 30, 2024
@kaukrise
Copy link
Author

Thank you for your swift response. It fails with multiple hostnames and also IPv4 addresses.

I've tried a few different machines in my local network, such as 192.168.178.171, the locally resolved raspberrypi.local, and an external server node-head5.molbio.int (behind VPN, so you won't be able to test it).

All of these connect without issues using ForkLift, so this does not seem to be a general issue.

Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dkocher dkocher

Labels
sftp SFTP Protocol Implementation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dkocher @kaukrise