xewul (xewul) asked a question.
Is there any documentation on setting up to use the proxycommand in Okta? The documentation I've found just says to set up the "bastion" and then add the output from sft ssh-config to the .ssh/config file. That alone does not seem to be sending traffic via the "bastion".
https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/setup/ssh.htm
One line in the above suggests adding a lines like "Bastion: fqdn.server.net" to the sftd.yaml configuration file on the target server. However, I am unable to locate that file on the server.
I am very familiar with setting up jump hosts and bastion hosts using the common features of openssh such as JumpHost and ControlMaster. However, okta seems to have dropped these out of its implementation of ssh so I have to figure out how to get around the loss.
I just hard coded the --via command:
Host *
AddressFamily inet
ForwardAgent yes
ForwardX11 no
ServerAliveInterval 15
ConnectTimeout 10
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
CanonicalizeHostname always
CanonicalDomains lereta.net leretang.com
Match exec "/usr/bin/sft resolve -q %h"
ProxyCommand "/usr/bin/sft" proxycommand --via bastet.lereta.net %h
UserKnownHostsFile ~/.local/share/ScaleFT/proxycommand_known_hosts
Not very elegant but it works -- mostly.