On Sat, 23 May 2015, Kasper Dupont wrote: > I am working on a proxy which can be hosted on a single > IP address and dispatch requests to different backends > depending on which hostname the client used to connect to > this IP address. > > Currently such a proxy can be build to support HTTP, HTTPS, > SMTP, and DNS. However SSH support is impossible due to > the ssh client not sending the information such a proxy > would need. > > I am not the first to want such a proxy: > http://serverfault.com/q/34552/214507 > However my searches only found people talking about it, > and nobody doing anything about it. > > I have attached a tiny patch for the openssh-client, which > I believe does everything openssh would need to do in order > to support this kind of proxies. > > What are your thoughts on the attached patch? I'm not sure it should be part of the banner exchange, though there is no other trivial way to do it and maintain backwards compatibility. I don't much like it because it reveals host identity information in the clear. A better way would be to exchange this after the connection has been keyed, but that would require extensive changes to the key exchange protocol. I don't really want to implement a half-measure in OpenSSH... -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev