Skip to content

Fix ProxyJump to support SSH ports and host aliases #705

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
andrewleech wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Fix ProxyJump to support SSH ports and host aliases #705

andrewleech wants to merge 4 commits into from

Conversation

@andrewleech
Copy link

@andrewleech andrewleech commented Oct 20, 2025
edited
Loading

ET currently fails to connect through jump hosts when the jump host uses a non-standard SSH port or when ProxyJump references an SSH config Host alias.

For example, with this SSH config:

Host jumphost
  HostName jump.example.com
  Port 2222

Host destination
  HostName dest.example.com
  ProxyJump jumphost

Running et destination fails with Could not reach the ET server: jumphost:2022

The issue is that the ProxyJump parsing code was stripping SSH ports from the jump host value:

if (colonIndex != string::npos) {
  jumphost = proxyjump.substr(0, colonIndex);  // Strips :2222
}

Additionally, Host aliases like "jumphost" weren't being resolved to actual hostnames, so ET tried to connect to the alias name instead of the configured hostname.

This PR fixes both issues by:

  • Preserving the full ProxyJump value [user@]host[:port] when passing to SSH via -J flag
  • Extracting just the hostname from the ProxyJump value for ET socket connections
  • Looking up Host aliases in SSH config to get the actual hostname

Tested with the config above. Before the fix et destination fails, after it successfully connects via jump.example.com:2222 (SSH) -> destination (ET).

No breaking changes expected - existing ProxyJump configurations should continue to work, though I don't currently have a working jumphost setup to verify backwards compatibility directly.

@jshort
Copy link
Collaborator

jshort commented Dec 10, 2025

@andrewleech now that master has the ci setup fixed, could you rebase so we can make sure the tests all pass. Potentially consider adding a new test case to the connect_with_jumphost but using the ssh path you have fixed.

@pi-anl
Fix ProxyJump to support SSH ports, host aliases, and usernames
054bbea 
- Preserve SSH port from ProxyJump value for ssh -J flag
- Parse [user@]host[:sshport] format correctly (including IPv6)
- Resolve ProxyJump host aliases via SSH config lookup
- Extract jumphost username from SSH config
- Use resolved hostname (not alias) in SSH command
- Add freeOptionsFields helper to ParseConfigFile.hpp
- Add system test for ProxyJump with SSH config alias
@andrewleech andrewleech force-pushed the fix-proxyjump-ssh-ports branch from 44bc863 to 64b2688 Compare December 12, 2025 03:05
@andrewleech
Copy link
Author

andrewleech commented Dec 12, 2025

Thanks for the suggestions @jshort
I've rebased and added additional test coverage along with some other cleanups.
While doing this I found some issues with ipv6 address bracket notation support ([::1]:port) in host parsing, so addressed them in a follow up commit with some tests.

@MisterTea
Copy link
Owner

MisterTea commented Dec 15, 2025

@andrewleech looks like this is breaking CI?

@pi-anl
Extract parseHostString to header with unit tests
6d3be72 
- Move parseHostString to HostParsing.hpp for reuse and testing
- Add unit tests covering IPv4, IPv6, user@host, and port combinations
- Add edge case tests for empty string and malformed IPv6
@andrewleech andrewleech force-pushed the fix-proxyjump-ssh-ports branch from 64b2688 to 6d3be72 Compare December 29, 2025 02:40
@jshort
Copy link
Collaborator

jshort commented Jan 5, 2026
edited
Loading

Thanks for the suggestions @jshort I've rebased and added additional test coverage along with some other cleanups. While doing this I found some issues with ipv6 address bracket notation support ([::1]:port) in host parsing, so addressed them in a follow up commit with some tests.

Oh I see. So in a PR of mine just recently (tunnel/reversetunnel support for bind address and ssh -L/-R notation) I implemented ipv6 bracket parsing of -L/-R arguments. Do you think this logic for the tunnel args and your host parsing for ipv6 addrs in brackets can be shared?

Also maybe an OBOE (note trailing colon):

ssh: Could not resolve hostname localhost:22: Name or service not known

@pi-anl
Fix merge conflict resolution: use jump_ssh_args for SSH call
3d089e1 
The merge from master incorrectly kept the old {jumphost, SSH_SCRIPT_JUMP}
arguments instead of the corrected jump_ssh_args vector that includes
the -p port flag when a port is specified in the jumphost.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@andrewleech @jshort @MisterTea @pi-anl