Christian Weisgerber <naddy@xxxxxxxxxxxx> writes: > On 2020-01-12, Dustin Lundquist <dustin@xxxxxxxxxxxx> wrote: > >> I think the intended application is to proxy through a proxy host provided by the service provider. If SSH had a SNI like feature where a host identifier was passed in plain text during the initial connection. This way the user would just need to register their host identifier and IPv6 address (e.g. via AAAA DNS records), and the service provider wouldn’t need to maintain a list of allowed users. The proxy would have no more access to the contents of the SSH connection than any other intervening stateful firewall. > > You can do this with a jump host, see ProxyJump in ssh_config(5). That is correct, but requires client configuration. This only works if you can communicate with each and every user. The problem I am trying to solve is: there are thousands of users on IPv4 only networks who I cannot all communicate with. And they need to access resources on IPv6 only systems. The typical jump host / proxy command approach surely works, but only for a small percentage of the users. The big part actually reaches out to the support and has severe problems if they cannot just use "plain ssh" (i.e. need to configure ssh or don't land on the target host immediately). I hope the motivation and scenario is understandable and it would be very much appreciated if there was any way to dispatch to multiple end hosts with ssh directly. Whether that's via SNI or another mechanism, I don't have a strong opinion on. Best regards, Nico -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
