Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage


How can I use proxycommand with atlassian/scp-deploy --> to deploy through bastion host?


ProxyCommand ssh -W %h:%p

2 answers

0 votes

Hello, @Klemenn

I am debugging now our scp-deploy pipe which is refactored to new one and trying to understand your case.


So can you specify in more detail your case, that works for you?

What precisely you want to do?

Do you want to ssh through proxy (ONE host)?

 cannot see why you have two different hosts in proxy command.


Regards, Galyna


well, our production application servers are not opened to the outside world, at least not SSH.

To connect to application servers via SSH we must first connect to our bastion host.

So, when we do SSH deploy (scp, rsync, it doesn't really matter) our command (scp, rsync) must first connect to bastion and then to application server.

A good read for this is here (not mine) :

Like Galyna Zholtkevych likes this

@Klemenn  thanks for explaining the case .


I have debugged your case on our new refactored pipe, it works.

I'll notify you about official release.

I left more details (It is unlikely to provide them here) in the ticket in jira you created

Tell here your feedback, please.

Cheers, Galyna

@Klemenn hello! We have released new version scp-deploy:1.0.0, please , if it is still actual for you, try this out with :

- step:
  name: Your step name
  - PROXY_COMMAND="ProxyCommand=ssh <your_user_here>@<your_ip_or_host_here> nc <final_destination> 22"
  - pipe: atlassian/scp-deploy:1.0.0
      LOCAL_PATH: 'your_file'
      REMOTE_PATH: 'your_path'
      SERVER: '<your_final_server>'
      USER: 'your_user'
      DEBUG: 'true'

You can remove debug variable if you're sure everything is all right , so you don't need to report it to us.


Looking forward to seeing your feedback!

Cheers, Galyna 

Like Alexis Peters likes this

This is actually working.
Please add this to the official documentation/README

Like Galyna Zholtkevych likes this

pipe: atlassian/scp-deploy:0.3.13
USER: deployer
SERVER: webserver
REMOTE_PATH: '/var/www/myapp/webdir'
LOCAL_PATH: 'build/*'
EXTRA_ARGS: '-v -o ProxyCommand="ssh nc 22"'

Should the syntax be different?

@Klemenn hello!

If you want to run specifically scp-deploy (scp-deploy should be easier),


EXTRA_ARGS: '-v -o ProxyCommand=\"ssh nc 22\"'


EXTRA_ARGS: '-o ProxyCommand="ssh user@host"'

or if it does not work for you,

you can actually solve your case in more simple way putting this proxy command to ssh config:

echo "Host webserver
        ProxyCommand ssh -W %h:%p" >> /root/ssh/config

in pipeline OR put config file in your repo and then copy it in pipeline to the right place.
Your step will be like:

- cp ssh_config ~/.ssh/config
- pipe: atlassian/scp-deploy:0.3.13
USER: deployer
SERVER: webserver
REMOTE_PATH: '/var/www/myapp/webdir'
LOCAL_PATH: 'build/*'


The point is that quotes inside quotes etc. may be not recognized properly by bash itself in pipeline infrastructure inside docker container and introducing multiple quotes escaping solutions would be too hard for a user, so we can propose workarounds for such complex command as  e.g. ProxyCommand.

Also, we may think about ssh config supporting .

Looking forward to hearing your feedback, if my solutions do not work for you, we may think about supporting such ProxyCommand case in config sooner and you will be able to use the pipe.

Look at the examples of ssh config file here

Regards, Galyna

@Klemenn you may have problems to put ssh config, and if you have , I think we may talk about supporting custom ssh config in the pipe.


yes, the problem lies in complex escaping of quotes.

As for your first proposal - escaping doesn't work properly.

As for you second proposal (ssh user@host), there is no bastion host used here, so this is not really a solution.

As for the solution of creating the ssh_config file, yes, thats ok - for actions in the pipeline. But where in the 'atlassian/scp-deploy' pipe (container actually) does this file (ssh_config) actually gets copied into the 'atlassian/scp-deploy' container?  The way I see it - it doesnt.

Regards, Klemen

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Jira

Admins, notify your Jira instance of system-wide changes with the new admin announcement banner

Hi All! We’re excited to share the launch of an announcement banner that lets Jira site administrators communicate directly to their users across their  Jira Cloud instance.  ...

494 views 16 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you