1 Reply Latest reply on Jun 7, 2017 8:45 AM by Nik

    SFTP over Proxy


      Hi Experts,


      I would like to perform sftp to an external world through a proxy server. I'm already using this account to upload explorer and crashdump to oracle support and it works fine.



      root@akl0zp906:~# curl -x -T /nas_mnt/common/upload_data/explorer.863ab3a8.akl1vm971-2017. -o /var/tmp/cURL.log -u "eldho.varghese@airnz.co.nz" "https://transport.oracle.com/upload/issue/3-14838389581/"

      Enter host password for user 'eldho.varghese@airnz.co.nz':

        % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                       Dload  Upload   Total   Spent    Left  Speed

      100 70.6M    0     0  100 70.6M      0   349k  0:03:27  0:03:27 --:--:--  186k



      However the sftp though proxy is not working as expected. Looks like my syntax is wrong or i'm not doing in the correct way. Is there any doucmentation available to cross check the procedure?


      root@akl0zp906:/# sftp -v -o ProxyCommand='/usr/bin/nc -v -x %h %p' iosupport@sftp.support.com

      Connecting to sftp.support.com...

      Sun_SSH_2.2, SSH protocols 1.5/2.0, OpenSSL 0x1000110f

      debug1: Reading configuration data /etc/ssh/ssh_config

      debug1: Rhosts Authentication disabled, originating port will not be trusted.

      debug1: ssh_connect: needpriv 0

      debug1: Executing proxy command: exec /usr/bin/nc -v -x sftp.support.com 22

      debug1: ssh_kmf_check_uri: /root/.ssh/id_rsa

      debug1: Identity file/URI '/root/.ssh/id_rsa' pubkey type UNKNOWN

      debug1: ssh_kmf_check_uri: /root/.ssh/id_dsa

      debug1: ssh_kmf_key_from_blob: blob length is 435.

      debug1: Identity file/URI '/root/.ssh/id_dsa' pubkey type ssh-dss

      debug1: Logging to host: sftp.support.com

      debug1: Local user: root Remote user: iosupport



      Any Help would be much appreciated.



      Eldho VArghese

        • 1. Re: SFTP over Proxy


          Read man nc.



          -x proxy_address[:port]

                  Request  connection  to  hostname  using  a  proxy  at

                  proxy_address  and  port.  If port is not specified, the

                  well-known port for the proxy protocol is used (1080 for

                  SOCKS, 3128 for HTTP).


          So nc can work over proxy: SOCKS or HTTP


            -X proxy_protocol

                  Use the specified protocol when  talking  to  the  proxy

                  server.  Supported protocols are 4 (SOCKS v.4), 5 (SOCKS

                  v.5) and connect (HTTP proxy). If the  protocol  is  not

                  specified, SOCKS v. 5 is used.



          But according first command, it's look like your proxy is http.  (


          So correct command line should be:

          sftp -v -o ProxyCommand='/usr/bin/nc -v -X connect  -x %h %p' iosupport@sftp.support.com


          You also can use this command:


          sftp -o ProxyCommand="/usr/lib/ssh/ssh-http-proxy-connect    -h -p 3128 %h %p" iosupport@sftp.support.com