starred/the-bastion

Fork 0

mirror of https://github.com/ovh/the-bastion.git synced 2026-05-09 08:25:27 +02:00

[GH-ISSUE #154] SFTP/SCP through Bastion #33

New issue

Closed

opened 2026-05-07 00:17:51 +02:00 by BreizhHardware · 6 comments

BreizhHardware commented

2026-05-07 00:17:51 +02:00

Owner

Originally created by @roybj on GitHub (Mar 6, 2021).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/154

The Bastion works fine for managing SSH connections. But is there way to manage SFTP/SCP through the bastion ?

Originally created by @roybj on GitHub (Mar 6, 2021). Original GitHub issue: https://github.com/ovh/the-bastion/issues/154 The Bastion works fine for managing SSH connections. But is there way to manage SFTP/SCP through the bastion ?

BreizhHardware

2026-05-07 00:17:51 +02:00

closed this issue
added the
question

kept-open-for-info
labels

BreizhHardware commented

2026-05-07 00:17:52 +02:00

Author

Owner

@speed47 commented on GitHub (Mar 8, 2021):

Yes there is, for SCP.

Even if all the needed information is in the above documentation of the scp plugin, this should probably get a specific howto documentation page with examples. The key takeaways are:

One should have SSH access through the bastion (via personal or group access) to some host to be able to scp from/to it
One should also have the explicit scp access to this host, via the same way that its SSH access to it (personal or group), those kind of accesses can be added/removed with --scpup and --scpdown (instead of --user) in the groupAddServer and accountAddPersonalAccess commands
One must get its personalized scp script by running the --osh scp plugin
Then use scp with the script, scp -S ~/scriptpath <usual scp commands>

@speed47 commented on GitHub (Mar 8, 2021): Yes there is, for [SCP](https://ovh.github.io/the-bastion/plugins/open/scp.html). Even if all the needed information is in the above documentation of the scp plugin, this should probably get a specific *howto* documentation page with examples. The key takeaways are: - One should have SSH access through the bastion (via personal or group access) to some host to be able to scp from/to it - One should **also** have the explicit scp access to this host, via the same way that its SSH access to it (personal or group), those kind of accesses can be added/removed with `--scpup` and `--scpdown` (instead of `--user`) in the `groupAddServer` and `accountAddPersonalAccess` commands - One must get its personalized scp script by running the `--osh scp` plugin - Then use scp with the script, `scp -S ~/scriptpath <usual scp commands>`

BreizhHardware commented

2026-05-07 00:17:53 +02:00

Author

Owner

@dwydler commented on GitHub (Mar 8, 2021):

@speed47
As i read/understand it correct the solutions is primary for linux workstations.
Do you have a workaround/suggestion for windows workstations?

@dwydler commented on GitHub (Mar 8, 2021): @speed47 As i read/understand it correct the solutions is primary for linux workstations. Do you have a workaround/suggestion for windows workstations?

BreizhHardware commented

2026-05-07 00:17:53 +02:00

Author

Owner

@roybj commented on GitHub (Mar 8, 2021):

Yes there is, for SCP.

Even if all the needed information is in the above documentation of the scp plugin, this should probably get a specific howto documentation page with examples. The key takeaways are:

One should have SSH access through the bastion (via personal or group access) to some host to be able to scp from/to it

One should also have the explicit scp access to this host, via the same way that its SSH access to it (personal or group), those kind of accesses can be added/removed with --scpup and --scpdown (instead of --user) in the groupAddServer and accountAddPersonalAccess commands

One must get its personalized scp script by running the --osh scp plugin

Then use scp with the script, scp -S ~/scriptpath <usual scp commands>

You're right , I already have checked and SCP works fine from the command line.

@roybj commented on GitHub (Mar 8, 2021): > Yes there is, for [SCP](https://ovh.github.io/the-bastion/plugins/open/scp.html). > > Even if all the needed information is in the above documentation of the scp plugin, this should probably get a specific _howto_ documentation page with examples. The key takeaways are: > > * One should have SSH access through the bastion (via personal or group access) to some host to be able to scp from/to it > * One should **also** have the explicit scp access to this host, via the same way that its SSH access to it (personal or group), those kind of accesses can be added/removed with `--scpup` and `--scpdown` (instead of `--user`) in the `groupAddServer` and `accountAddPersonalAccess` commands > * One must get its personalized scp script by running the `--osh scp` plugin > * Then use scp with the script, `scp -S ~/scriptpath <usual scp commands>` You're right , I already have checked and SCP works fine from the command line.

BreizhHardware commented

2026-05-07 00:17:54 +02:00

Author

Owner

@roybj commented on GitHub (Mar 8, 2021):

@speed47
As i read/understand it correct the solutions is primary for linux workstations.
Do you have a workaround/suggestion for windows workstations?

Exactly, I would also like to know if Windows, specially clients like WinSCP are supported or not.

@roybj commented on GitHub (Mar 8, 2021): > @speed47 > As i read/understand it correct the solutions is primary for linux workstations. > Do you have a workaround/suggestion for windows workstations? Exactly, I would also like to know if Windows, specially clients like WinSCP are supported or not.

BreizhHardware commented

2026-05-07 00:17:54 +02:00

Author

Owner

@speed47 commented on GitHub (Mar 9, 2021):

Correct, I was explaining this with the command line in mind.
From Windows, it should also work out of the box from WSL (through Ubuntu or any other Linux OS installable under WSL).

Unfortunately I'm not expecting this to work with WinSCP or other similar software, as I see no way of "hooking" into its SSH negociation to handle the bastion stuff under the hood. This is what the -S command-line option of scp is for, and AFAIK it's not implemented in any Windows GUI apps.

@speed47 commented on GitHub (Mar 9, 2021): Correct, I was explaining this with the command line in mind. From Windows, it should also work out of the box from WSL (through Ubuntu or any other Linux OS installable under WSL). Unfortunately I'm not expecting this to work with WinSCP or other similar software, as I see no way of "hooking" into its SSH negociation to handle the bastion stuff under the hood. This is what the `-S` command-line option of `scp` is for, and AFAIK it's not implemented in any Windows GUI apps.

BreizhHardware commented

2026-05-07 00:17:54 +02:00

Author

Owner

@speed47 commented on GitHub (Jun 30, 2021):

This is now part of the documentation.

@speed47 commented on GitHub (Jun 30, 2021): This is now [part of the documentation](https://ovh.github.io/the-bastion/using/scp.html).

BreizhHardware referenced this issue

2026-05-07 00:20:06 +02:00

[PR #143] [MERGED] feat: transmit PIV enforcement status to remote realms #271