[GH-ISSUE #591] Allow proxy jump for egress connections #151

New issue

Open

opened 2026-05-07 00:19:26 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:19:26 +02:00

Owner

Originally created by @jon4hz on GitHub (Sep 23, 2025).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/591

Hi,

What do you think about the idea of adding support for a ProxyJump for egress connections?

There might be situations, where you want to connect to a server that is behind another proxy host, which is owned by another entity, and therefore you are forced to use a ProxyJump. In that case, It would be nice if you could configure this when adding access to new servers.

To keep this a simple as possible, I'd suggest to support only one proxy jump.

The groupAddServer, accountAddPersonalAccess and selfAddPersonalAccess would get two new flags: --proxy-host and --proxy-port.
The values from those flags can be stored in the allowed.XXX file.
osh also needs to be adjusted to parse the ssh -J option and validate it against the value stored in the allowed file.

Originally created by @jon4hz on GitHub (Sep 23, 2025). Original GitHub issue: https://github.com/ovh/the-bastion/issues/591 Hi, What do you think about the idea of adding support for a `ProxyJump` for egress connections? There might be situations, where you want to connect to a server that is behind another proxy host, which is owned by another entity, and therefore you are forced to use a `ProxyJump`. In that case, It would be nice if you could configure this when adding access to new servers. To keep this a simple as possible, I'd suggest to support only one proxy jump. The `groupAddServer`, `accountAddPersonalAccess` and `selfAddPersonalAccess` would get two new flags: `--proxy-host` and `--proxy-port`. The values from those flags can be stored in the `allowed.XXX` file. `osh` also needs to be adjusted to parse the `ssh -J` option and validate it against the value stored in the `allowed` file.