How to proxy net-sftp?

Question

I'm using net-sftp which relies on the net-ssh gem.

I'm trying to connect to a remote log service via SFTP, and it requires IP whitelisting. All my current servers have dynamic IPs.

I'm trying to set up a static, secure, proxy server in Google Cloud. I don't really understand all the differences between all the types of proxying, but net-ssh appears to support...

• socks4
• socks5
• 'jump' proxy

I looked into setting up a socks5 proxy with Dante but it appears a bit overkill just to relay the SFTP connection through it, not to mention I think it sends passwords in plain text.

How would I go about proxying net-sftp through some server in the easiest way?

Answer 1

The easiest way would be to setup a Jump-host server that can reach the target servers and then connecting to the target server by letting the Jump-host server proxy your connection through.

SSH makes it trivially easy:

ssh -J user@jump-host myuser@target-host

In your .ssh/config you can do the following:

### First jump-host. Directly reachable
Host jump-host
  HostName jum-phost.example.org

### Host to jump to via jump-host.example.org
Host target-host
  HostName target-host.example.org
  ProxyJump  jump-host

This will allow you to use net-ssh as usual. If you dont want to change the config file then you will have to use 'net/ssh/proxy/jump':

require 'net/ssh/proxy/jump'

proxy = Net::SSH::Proxy::Jump.new('user@proxy')
Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
  ...
end 

See this article for more info on Jump Hosts.