Hi,

well, our production application servers are not opened to the outside world, at least not SSH.

To connect to application servers via SSH we must first connect to our bastion host.

So, when we do SSH deploy (scp, rsync, it doesn't really matter) our command (scp, rsync) must first connect to bastion and then to application server.

A good read for this is here (not mine) :https://www.davidbegin.com/using-scp-to-transfer-files-to-a-private-ec2-instance-through-a-bastion-host/

@Klemenn  thanks for explaining the case .

I have debugged your case on our new refactored pipe, it works.

I'll notify you about official release.

I left more details (It is unlikely to provide them here) in the ticket in jira you created

https://getsupport.atlassian.com/browse/BBS-150719

Tell here your feedback, please.

Cheers, Galyna

@Klemenn hello! We have released new version scp-deploy:1.0.0, please , if it is still actual for you, try this out with :

- step:
  name: Your step name
  script:
  - PROXY_COMMAND="ProxyCommand=ssh <your_user_here>@<your_ip_or_host_here> nc <final_destination> 22"
  - pipe: atlassian/scp-deploy:1.0.0
    variables:
      LOCAL_PATH: 'your_file'
      REMOTE_PATH: 'your_path'
      SERVER: '<your_final_server>'
      USER: 'your_user'
      EXTRA_ARGS: ['-o', $PROXY_COMMAND]
      DEBUG: 'true'

You can remove debug variable if you're sure everything is all right , so you don't need to report it to us.

Looking forward to seeing your feedback!

Cheers, Galyna 

This is actually working.
Please add this to the official documentation/README

@Klemenn hello!

If you want to run specifically scp-deploy (scp-deploy should be easier),

try

EXTRA_ARGS: '-v -o ProxyCommand=\"ssh ubuntu@bastion.example.com nc 172.31.1.2 22\"'

or

EXTRA_ARGS: '-o ProxyCommand="ssh user@host"'

or if it does not work for you,

you can actually solve your case in more simple way putting this proxy command to ssh config:

echo "Host webserver
        Hostname www42.cyberciti.biz
        ProxyCommand ssh jumphost.nixcraft.com -W %h:%p" >> /root/ssh/config

in pipeline OR put config file in your repo and then copy it in pipeline to the right place.
Your step will be like:

- cp ssh_config ~/.ssh/config
- pipe: atlassian/scp-deploy:0.3.13
  variables:
    USER: deployer
    SERVER: webserver
    REMOTE_PATH: '/var/www/myapp/webdir'
    LOCAL_PATH: 'build/*'

The point is that quotes inside quotes etc. may be not recognized properly by bash itself in pipeline infrastructure inside docker container and introducing multiple quotes escaping solutions would be too hard for a user, so we can propose workarounds for such complex command as  e.g. ProxyCommand.

Also, we may think about ssh config supporting .

Looking forward to hearing your feedback, if my solutions do not work for you, we may think about supporting such ProxyCommand case in config sooner and you will be able to use the pipe.

Look at the examples of ssh config file here https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/

Regards, Galyna

@Klemenn you may have problems to put ssh config, and if you have , I think we may talk about supporting custom ssh config in the pipe.

Hi,

yes, the problem lies in complex escaping of quotes.

As for your first proposal - escaping doesn't work properly.

As for you second proposal (ssh user@host), there is no bastion host used here, so this is not really a solution.

As for the solution of creating the ssh_config file, yes, thats ok - for actions in the pipeline. But where in the 'atlassian/scp-deploy' pipe (container actually) does this file (ssh_config) actually gets copied into the 'atlassian/scp-deploy' container?  The way I see it - it doesnt.

Regards, Klemen