Re: Adding SNI support to SSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2020/01/13 11:10, Nico Schottelius wrote:
> 
> That is correct, but requires client configuration. This only works if
> you can communicate with each and every user.
> 
> The problem I am trying to solve is: there are thousands of users on
> IPv4 only networks who I cannot all communicate with. And they need to
> access resources on IPv6 only systems.
> 
> The typical jump host / proxy command approach surely works, but only
> for a small percentage of the users. The big part actually reaches out
> to the support and has severe problems if they cannot just use "plain
> ssh" (i.e. need to configure ssh or don't land on the target host
> immediately).

Even if such a mechanism were added, you would be waiting a long time
before new enough OpenSSH versions filter through to the usual client
OS, and for other clients to gain support. It wouldn't be an easy way
out for your problem.

> I hope the motivation and scenario is understandable and it would be
> very much appreciated if there was any way to dispatch to multiple end
> hosts with ssh directly. Whether that's via SNI or another mechanism, I
> don't have a strong opinion on.
> 
> Best regards,
> 
> Nico
> 
> --
> Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

If you have users that are wanting to access a v6-only system but
are themselves unable to setup their own v6 access, the easiest way is
probably web-based ssh (via a dual-stack host). If they want more it's
not so hard to setup v6 via a tunnel/VPN.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux