I’m evaluating Royal TS and it looks awesome! However there is one feature missing that would be mandatory for my use-case: using multiple security gateways in series.
In our case, we need to login to a central security gateway. This ‘tunnel’ login is extremely restricted (e.g. cannot allocate a tty). It can only be used to tunnel another connection to a select range of internal security gateways (one for each department). Again, this departement security gateway does not allow allocating a tty and can only be used for tunneling. Once this second tunnel is established, it’s possible to connect to the internal machines.
I’ve seen a few similar requests on the forum, but they are already 2 years old.
Is this a feature that is still somewhere on the roadmap?
we don’t have it on the roadmap right now. I’ve done some research on our forum and noticed that there are quite some requests like that. I will see if we can squeeze it in our V6 roadmap.
It makes it very easy to create tunnels inside tunnels (inside tunnels…).
The authentication we use is purely key based with kageant (part of KiTTY SSH). The security gateways are defined as branch nodes in a tree structure and the individual ssh sessions are the leaves of the tree.
DoffenSSHTunnel uses putty’s plink cmdline tool in the background to setup the required tunnels.
This setup has a few drawbacks regarding maintainability.
Adding new ssh servers often requires modifying the security gateway nodes (e.g. adding an extra tunnel). Ports are assigned statically at creation of the node.
Very difficult to maintain and synchronize ssh server leaf nodes if multiple intermediate paths are possible (basically, each path requires a separate node)
Not possible to customize configuration file path
Not possible to use shared configurations
Some other (irritating) bugs in doffenSSHTunnel itself
Royal TS seems to provide a solution to all of them, except the ‘chaining’ of security gateways
That is exactly my use case (host B and C are very restricted and don’t allow allocating a pseudo-tty in my case).
So basically if a ‘secure gateway’ object would have a property to select another secure gateway (just like the ‘secure gateway’ property of a terminal object), that would be awesome
But I have no idea if something like that is feasible?
Just out of curiosity and because I have no idea about your planning or release schedule:
Do you have any guesses about a time frame for this feature? Couple of weeks, months, year…?
this feature is under investigation and we’re not sure if or how exactly we can implement that. If we implement it, it will be in the next major version and since we are switching to net5 and have some dependencies there, it will probably be at the end of the year (November/December) at a minimum. We are working on beta releases but since we haven’t got the linker for net5 working, the output of the app plus the framework is roughly 440 MB - which is kind of high
it’s still on our list to do a prototype/POC. We are currently working hard finalizing the beta release. There’s a good chance that this feature will not make it into the first beta but we really hope to have it on board before we release V6.
