Re: Name based SSH proxy

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sat, 23 May 2015, Kasper Dupont wrote:

> I am working on a proxy which can be hosted on a single
> IP address and dispatch requests to different backends
> depending on which hostname the client used to connect to
> this IP address.
> 
> Currently such a proxy can be build to support HTTP, HTTPS,
> SMTP, and DNS. However SSH support is impossible due to
> the ssh client not sending the information such a proxy
> would need.
> 
> I am not the first to want such a proxy:
> http://serverfault.com/q/34552/214507
> However my searches only found people talking about it,
> and nobody doing anything about it.
> 
> I have attached a tiny patch for the openssh-client, which
> I believe does everything openssh would need to do in order
> to support this kind of proxies.
> 
> What are your thoughts on the attached patch?

I'm not sure it should be part of the banner exchange, though there is
no other trivial way to do it and maintain backwards compatibility.
I don't much like it because it reveals host identity information
in the clear.

A better way would be to exchange this after the connection has
been keyed, but that would require extensive changes to the key
exchange protocol.

I don't really want to implement a half-measure in OpenSSH...

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux