# JetBrains SFTP JetBrain's IDEs, like PyCharm, GoLand, and IntelliJ, allow browsing, copying, and editing files on a remote server using the SFTP protocol. You can integrate Teleport with your IDE so you can copy files to and from a remote machine without using a third-party client. This guide explains how to use Teleport and a JetBrains IDE to access files with SFTP. ## How it works JetBrains IDEs can use the local SSH client to access a remote server. You can use Teleport to generate a configuration for your local SSH client that instructs the client to connect to a Teleport-protected Linux server using a Teleport-issued OpenSSH certificate. ## Prerequisites - A running Teleport cluster. If you want to get started with Teleport, [sign up](https://goteleport.com/signup) for a free trial or [set up a demo environment](https://goteleport.com/docs/ver/17.x/get-started/deploy-community.md). - The `tsh` client. Installing `tsh` client 1. Determine the version of your Teleport cluster. The `tsh` client must be at most one major version behind your Teleport cluster version. Send a GET request to the Proxy Service at `/v1/webapi/find` and use a JSON query tool to obtain your cluster version. Replace teleport.example.com:443 with the web address of your Teleport Proxy Service: ``` $ TELEPORT_DOMAIN=teleport.example.com:443 $ TELEPORT_VERSION="$(curl -s https://$TELEPORT_DOMAIN/v1/webapi/find | jq -r '.server_version')" ``` 2. Follow the instructions for your platform to install `tsh` client: **Mac** Download the signed macOS .pkg installer for Teleport, which includes the `tsh` client: ``` $ curl -O https://cdn.teleport.dev/teleport-${TELEPORT_VERSION?}.pkg ``` In Finder double-click the `pkg` file to begin installation. --- DANGER Using Homebrew to install Teleport is not supported. The Teleport package in Homebrew is not maintained by Teleport and we can't guarantee its reliability or security. --- **Windows - Powershell** ``` $ curl.exe -O https://cdn.teleport.dev/teleport-v${TELEPORT_VERSION?}-windows-amd64-bin.zip Unzip the archive and move the `tsh` client to your %PATH% NOTE: Do not place the `tsh` client in the System32 directory, as this can cause issues when using WinSCP. Use %SystemRoot% (C:\Windows) or %USERPROFILE% (C:\Users\) instead. ``` **Linux** All of the Teleport binaries in Linux installations include the `tsh` client. For more options (including RPM/DEB packages and downloads for i386/ARM/ARM64) see our [installation page](https://goteleport.com/docs/ver/17.x/installation.md). ``` $ curl -O https://cdn.teleport.dev/teleport-v${TELEPORT_VERSION?}-linux-amd64-bin.tar.gz $ tar -xzf teleport-v${TELEPORT_VERSION?}-linux-amd64-bin.tar.gz $ cd teleport $ sudo ./install Teleport binaries have been copied to /usr/local/bin ``` * JetBrains IDE like PyCharm, IntelliJ, GoLand etc. See [Products](https://www.jetbrains.com/products/#type=ide) for a full list of JetBrains IDEs. * One or more Teleport SSH Service instances. If you have not yet done this, read the [getting started guide](https://goteleport.com/docs/ver/17.x/enroll-resources/server-access/getting-started.md) to learn how. ## Step 1/3. First-time setup Configure your local SSH client to access servers, assigning the `--proxy` flag to the address of your Teleport Proxy Service (e.g., `mytenant.teleport.sh` for Teleport Cloud users). ``` log in to your proxy: $ tsh login --proxy proxy.foo.example.com --user alice generate the OpenSSH config for the proxy: $ tsh config --proxy proxy.foo.example.com ``` Append the resulting configuration snippet into your SSH config file located in the path below: **Linux/macOS** `$HOME/.ssh/config` **Windows** `%UserProfile%\.ssh\config` --- WARNING If using PowerShell on Windows to write your SSH config, note that normal shell redirection may write the file with the incorrect encoding. To ensure it's written properly, try the following: ``` $ tsh.exe config | out-file .ssh\config -encoding utf8 -append ``` --- You should be able to connect to the desired server using the following command, replacing `user` with the username you would like to assume on the server: ``` $ ssh user@[server name].[cluster name] ``` Details Teleport Cloud The SSH config you generated earlier instructs your SSH client to run `tsh proxy ssh` to access a server in your Teleport cluster. However, running an `ssh` command against the Teleport Proxy Service at `yourtenant.teleport.sh` will result in an error. --- NOTE Include the port number for OpenSSH servers, by default `22`, or you can experience an error. See the [OpenSSH guide](https://goteleport.com/docs/ver/17.x/enroll-resources/server-access/openssh.md) for more information. Example connecting to a OpenSSH server: ``` $ ssh -p 22 user@[server name].[cluster name] ``` --- ## Step 2/3. Configure your JetBrains IDE After opening your IDE go to `Tools` -> `Deployment` -> `Browse Remote Host`. ![Deployment](/docs/assets/images/deployment-main-a1883f15562e35bfc2d558b1d8249824.png) Then click the plus sign in the top-left corner to add a new server. ![Add server](/docs/assets/images/add-server-ef9e7ca5dd3e43a9f76627cf0ac44af5.png) Enter a name for your new server. ![New Deployment](/docs/assets/images/deployment-added-d9cd6bf2e3b45980ac6ccb121fc79a74.png) Click the three dots next to `SSH configuration` as in the picture above. ![SSH Configuration](/docs/assets/images/ssh-configurations-985b9996f8a927bf10664ba0949138fc.png) Create a new configuration by clicking the plus sign on the top left and providing: - `Host` - name of the Teleport server. - `Port` - the Teleport server's SSH port (`3022` by default or `22` for OpenSSH servers). - `Username` - the system username. As an `Authentication type` pick `OpenSSH config and authentication agent`. Next, you can click `Test Connection`. ![Successfully Connected](/docs/assets/images/successfully-connected-b4b7f6aa5c23cd1e2187da7dea8b0e78.png) ## Step 3/3. Browse a remote host After closing the SSH configuration window, you should see `Remote Host` menu in your IDE. ![Browse window](/docs/assets/images/browse-window-2d208ac15b8925f3b93e2f7cf70e1233.png) --- NOTE Teleport's certificates expire fairly quickly, after which SSH attempts will fail with an error like the following: ``` alice@proxy.foo.example.com: Permission denied (publickey). ERROR: exit status 255 kex_exchange_identification: Connection closed by remote host ``` When you see this error, re-run `tsh login` to refresh your local certificate. --- ## Next steps ### Using OpenSSH clients This guide makes use of `tsh config`; refer to the [dedicated guide](https://goteleport.com/docs/ver/17.x/enroll-resources/server-access/openssh.md) for additional information. ## Further reading - [JetBrains - Create a remote server configuration](https://www.jetbrains.com/help/idea/creating-a-remote-server-configuration.html#overload)