I’ve had an opportunity to work on a very tight security Internet server that was blocking the external SFTP access but only allowed us to access via the SSH Tunnel of the different server. In addition, the authentification required RSA key authorization for the project.
Whereas Windows has WinSCP, the free and easy FTP client. You can directly access the SFTP server via SSH Tunnel as a built-in function using RCA secret key authorization method.
However, none of famous Mac OS X FTP clients offer SSH Tunnel function as WinSCP does.
Recently my main coding application has been Coda 2. It’s fantastic software, but it doesn’t really allow you to access via SSH Tunnel.
You can use Terminal to port forward to your localhost, and access. But it’s troublesome to command each time on the Terminal. I’ve tried Fugu, SSHTunnel, and SSH Tunnel Manager. But they all DID NOT support RSA public key authentification. Meekat is great Free app, but it’s no longer maintained… It may not work in the future.
UPDATE Oct 29, 2014: Meekat which used to be shareware is now free but no longer maintained.
After a few days of the research, I’ve finally able to find the best and simple SSH tunnel app called Coccinellida!
It’s a bit buggy software. It sometimes freezes. It doesn’t shake Docks icon but menu bar and growl on top. But it’s useful enough.
Basic Information
You need the following information. Here is the example
Server A: Final destination behind firewall
IP-A
user-A
Password and/or RSA key: “id_rsa” file
SFTP: Port 22
Server B: Step server for SSH Tunnel
IP-B
user-B
Password and/or RSA key: “id_rsa” file
SSH Tunnel Port: 12345
Your Mac
localhost
Port: 2022 (Or change it to whaever you like)
How to use Set up Coccinellida for creating SSH Tunnel
- Install & Launch Coccinellida
- Go to menu bar and click “Preference”
- Click “Tunnels” tab
- Click “Add”
- In “General” tab, enter the following informaion
- Name: whatever you would like
- Host: IP-B (SSH Tunnel server)
- User: username of IP-B SSH Tunnel Server
- Password or select “id_rsa” file at Identity
- In “Port Forwarding” tab
- Click “Add”
- Type is “Local”
- Enter “2022” onto “Local Port” (or you can change it to other port # as you like)
- In Local Host, keep it as “localhost”
- In Remote Host, enter IP-A
- In Remote Port, enter “22” (change the number is the destination port differs)
- Click Save
- Done
- Run Coccinellida to test if it works
How to set up Coda 2 (other softwares, or services)
Now, Coccinellida forward information of Server A to localhost:2022. So you need to set up Coda (or other FTP client applications) to localhost:2022
The following is how it woud be different from regular set-up without SSH tunnel
- Server Host would be “localhost”
- Server Port would be “2022”
- Username, password or RSA private key would be the same
Now you can enjoy the extra security to your work environment!