Hey everyone,

Just wondering if it's possible to specify a different username/password for bastion host and another set of username /password for endHost?

It appears this library is not performing verification of the remote ssh host key (~/.ssh/known_hosts) and blindly accepts any connection, potentially compromising the login & all subsequent traffic if a MITM attack is in place.

This comes from the underlying ssh2 lib, where it is only an optional option:

hostVerifier - (...) Default: (auto-accept if hostVerifier is not set)
https://github.com/mscdex/ssh2/blob/70f90f52ff2e8535a0b96834d8655db16bc6d6fd/README.md?plain=1#L927

I think there should at least be a way to opt-in to that (easiest: statically pass the hostkey) and a clear warning to make users aware of the risk.

It should be possible to disable the piping of the stream to process.stdout (https://github.com/Stocard/node-ssh-forward/blob/master/src/Connection.ts#L91). You don't need that when running e.g. tests (soon to come)

var SSHConnection=require('node-ssh-forward').SSHConnection;
 
const sshConnection = new SSHConnection({
  endHost: 'ubuntu@publicIP,
  privateKey: 'keyPath'
})
await sshConnection.forward({
  fromPort: 5000,
  toPort: 5000,
  toHost: 'localhost'
})

I got this following error message

await sshConnection.forward({
^^^^^

SyntaxError: await is only valid in async function
    at createScript (vm.js:80:10)
    at Object.runInThisContext (vm.js:139:10)
    at Module._compile (module.js:616:28)
    at Object.Module._extensions..js (module.js:663:10)
    at Module.load (module.js:565:32)
    at tryModuleLoad (module.js:505:12)
    at Function.Module._load (module.js:497:3)
    at Function.Module.runMain (module.js:693:10)
    at startup (bootstrap_node.js:188:16)
    at bootstrap_node.js:609:3

Does this library support Host definitions from client ssh config?

I really don't know why, buy I always receive:

Error: connect ECONNREFUSED 127.0.0.1:9000
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1141:16) {
  errno: 'ECONNREFUSED',
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '127.0.0.1',
  port: 9000
}

Even though I set the fromPort and toHost in forward function

This is more like a "how-to" question. A bit of unusual scenario, I am trying to connect to remote mongo, which is behind a bastion. I wanted to use port forwarding, so my local port 27017 would be connected to 127.0.0.1:27017 on the end host (that runs mongo).
When I run this command in terminal (removed sensitive data):

ssh -L 27017:localhost:27017 -J [email protected] [email protected]

I then can connect to mongodb on localhost:27017. I use private key to authenticate, which is in default .ssh folder.
I seem to use same settings for node-ssh-forward, but connection gets stuck. Code in index.js:

const { SSHConnection } = require('node-ssh-forward')

;(async () => {
  const sshConnection = new SSHConnection({
    username: 'user',
    endHost: 'mongo.private',
    bastionHost: 'bastion.com'
  })
  await sshConnection.forward({
    fromPort: 27017,
    toPort: 27017
  })

  console.log(12345) // This never gets logged
})()

What am I missing? Is this even possible in theory that after await sshConnection.forward I should be able to connect to mongo on localhost:27017?

I may be missing how this is accomplished, but it seems like you should be able to return the stdout result from the executeCommand.

Example:
...
let result=await ssh.executeCommand('uptime')
console.log(result)

16:04:14 up 1079 days, 18:31, 1 user, load average: 0.00, 0.00, 0.00

Can we add support for passing timeout parameter to ssh2?
I can submit PR

Whenever a debug flag is set, we should debug logging.

I always get this error even if I pass the passphrase:
UnhandledPromiseRejectionWarning: Error: Cannot parse privateKey: Encrypted private OpenSSH key detected, but no passphrase given

Hi There,

Would you be open to a PR to allow interactive keyboard prompts coming back from the SSH server?

I've got a use case where I'd like to be able to create a tunnel and use a private key as well as multi-factor authentication, in order to create the tunnel and use it. See this article for how MFA can be setup with Amazon Linux:
https://www.middlewareinventory.com/blog/aws-mfa-ssh-ec2-setup/
This can be done with other Linux variants as well.

This is easy to accomplish with "ssh2" which you're already using. If you look at the docs for "ssh2" you'll see that there is a "tryKeyboard" option that you can set which will allow keyboard interactivity. If you set it to try, you need to provide an implementation for the "keyboard-interactive" event.

My plan is to add a single option to the SSHConnection option in "node-ssh-forward" called "tryKeyboard". I'll also provide an implementation for "keyboard-interactive" that'll simply display the interactive prompts from the server if thee are any, and allow the user to submit their response to those prompts.

This will require no additional libraries and will create no bloat. Would you be game?

Hi i am fairly new with this but i am facing the following problems while running this app. Any insights as to what is happening

?

Everytime a tag is pushed, the CI should build and publish the package.

I tried to use it but there was problem that we didn't connect our server by using default port.
I think ssh2 can set custom port to connect server.
So, it's gonna work well with my request if you change a little thing.

E.g. tsconfig.json or tslint.json are not necessary

Hoping someone can upload it?

If username is not set, either take the whoami user or the value of an environment variable (SSH_USERNAME?)

Hello node-ssh-forward team.

There seems to be a critical vulnerability with one of the packages you are using being
"ssh2": "^0.8.9"

More details at
GHSA-652h-xwhf-q4h6

Would someone be able to update the used package to 1.4.0? Thanks!

I see that dependabot has made a pr #38 to bump it but it failed :(

At the moment, the passphrase is displayed, so it is available in the bash history.

If not set, it takes the private key from the default location: ~/.ssh/id_rsa

Currently, there is no way to provde/input the passphrase for encrypted private keys.

I try to catch the error of connection to automatically try to reconnect if something happen on the network.

Once connected and if I disconnect from the network, an error is thrown like this after a few seconds:

node_modules\ssh2\lib\client.js:999
    throw new Error('Not connected');
    ^

Error: Not connected
    at Client.forwardOut (node_modules\ssh2\lib\client.js:999:11)
    at Server.<anonymous> (node_modules\node-ssh-forward\dist\Connection.js:185:28)
    at Server.emit (events.js:315:20)
    at TCP.onconnection (net.js:1555:8)

However it is not detected by the try,catch block around the connection.

export async function main() {
    try {
        let sshConnection = new SSHConnection(options);
        let res = await sshConnection.forward({
          fromPort: fp,
          toPort: tp,
        });
        console.log('connected',res);
    } catch(err){
        console.log('got an error, trying to restart connection',err);
        main();
    }
}

How could I detect this properly without stopping the process?