Remote SSH Support with CyberArk PAM SSH Proxy

Feature request for product/service

Cursor IDE

Describe the request

Hello Cursor team,

First of all, thank you for providing such a powerful developer experience with Cursor.

Currently, I am able to use direct SSH connections in Cursor without any issue. However, when I try to connect through a CyberArk PAM SSH Proxy, the connection breaks.

In VSCode, I solved this problem by configuring both the SSH config and user settings as follows:

SSH Config Example:
nano ~/.ssh/config

Host server01
HostName cyberark.psmpproxy.local
User +serdarkurt@root@server01+fp+55555+fp+55556+fp+55557+fp+55558+fp+55559+fp+55560+fp+55561+fp+55562+fp+55563+fp+55564

VSCode User Settings (JSON):
“remote.restoreForwardedPorts”: false,
“remote.SSH.defaultForwardedPorts”: ,
“remote.SSH.showLoginTerminal”: true,
“remote.SSH.useLocalServer”: true,
“remote.SSH.serverPickPortsFromRange”: {
“server01”: “55555-55564”
},
“remote.SSH.remotePlatform”: {
“server01”: “linux”
},
“remote.defaultExtensionsIfInstalledLocally”: ,
“remote.SSH.enableAgentForwarding”: false,
“remote.SSH.enableDynamicForwarding”: false,
“remote.SSH.enableX11Forwarding”: false

With this configuration, VSCode can properly handle port range tunneling and proxy-based forwarding, allowing me to develop directly on the target server via CyberArk PAM SSH Proxy.

The Problem in Cursor

Even though Cursor supports direct SSH development, the same setup does not work with CyberArk PAM SSH Proxy.
My assumption is that the issue lies in Cursor’s Remote SSH tunneling/forwarding implementation, which differs from VSCode.

Why This Feature Matters

Many enterprises (including mine) enforce access to remote servers only via CyberArk PAM SSH Proxy.

Without proper tunneling and port forwarding support, Cursor cannot be used in such environments.

VSCode’s implementation already covers this use case, so bringing equivalent functionality into Cursor would unlock adoption for enterprise users.

Request

Please add full compatibility for CyberArk PAM SSH Proxy connections in Cursor’s Remote SSH implementation — particularly handling:

Custom SSH usernames and formats

Port range tunneling (e.g., 55555–55564)

Stable forwarding without breaking the session

This will enable enterprise developers (like myself) to use Cursor in environments where direct SSH is not allowed and all access goes through PAM SSH Proxy.

Thank you for considering this request!

Hi @serdarkurt, we do not support port ranges, though this is something that we’re working on adding. We’ll let you know when the updated extension is released.

We do not support remote.SSH.useLocalServer – our extension starts a new connection for each window or connection attempt. However, I don’t think this should interfere with your setup.

Otherwise, your other settings should be fine.

Hi @serdarkurt, we have released version 1.0.31 of the Remote SSH extension, which supports the remote.SSH.serverPickPortsFromRange setting. Could you please upgrade and share whether this works for you?