On 27/05/15 01.42, Ángel González wrote: > Why do you want the hostname being used to "be visible to the administrator > of the SSH server"? In case the AAAA record used by the proxy to find the server for some reason points to the wrong IP address, I want to ensure that the administrator of the server has the opportunity to see the DNS record causing connections to end up on their server. That's only possible if the hostname is sent to the server somehow. > > I assumed you wanted to send the final hostname to the *proxying SSH > server*. Sorry if I didn't express that clearly enough. I need the hostname to be visible to both proxy and the target server. > In which case, you don't need such thing if using a HTTP CONNECT proxy (the > hostname is now given to the HTTP proxy). And if you use a ssh server > like the ssh > tunneling I proposed, the final hostname is already provided, too. Communicating the hostname to the proxy is probably going to be the easy part. The tricky part is to make it visible to the administrator of the target server. > > If you want instead to give the hostname used to the *final* sshd, > that's a different > requirement for which you provided no rationale (and I suspect you are > not really > interested in). That's definitely what I am interested in. The rationale is that the administrator of the final server is to have access to this information. > > > Much more interesting at the final end than the requested would be to > have the > original client IP (ie. X-Forwarded-For) but that would open a different > can of worms > (and required software changes) about proxies whose forwarded IPs should > be trusted. Actually for my specific ussage, that is a solved problem. Communication from client to proxy is IPv4. Communication from proxy to server is IPv6. The proxy simply embed the client IPv4 as the last 32 bits of the client IPv6 visible to the server. > Something I would prefer not to enter into. You don't have to. At least I am not going to be the one asking you to. -- Kasper Dupont -- Rigtige mænd skriver deres egne backupprogrammer #define _(_)"d.%.4s%."_"2s" /* This is my email address */ char*_="@2kaspner"_()"%03"_("4s%.")"t\n";printf(_+11,_+6,_,12,_+2,_+7,_+6); _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev