Le 17/04/2020 à 12:29, Stuart Henderson a écrit : > On 2020/04/17 10:56, Christophe Lohr wrote: >> Dear developers, >> The ProxyJump feature is nowadays implemented on the basis of a TCP port forwarding on the jumping host, isn't it? >> As a result, this is affected by a AllowTcpForwarding=no configuration on the jumping host. >> >> So, may I suggest a variant based on Unix sockets (such as -L or -R does). >> >> Nice idea, isn't it? >> Any volunteer to implement this? > That doesn't make sense, how are you going to connect from the "jump > host" to an end machine using a unix socket? > > (If ssh forwarding is disabled but you are still able to make outgoing > connections, you can use some "ssh jumphost nc" variant in ProxyCommand > instead, like we used to do before ProxyJump). > Hum hum. I see. My mistake. It seems I completely misunderstood what ProxyJump does. In fact, this is an ssh session into an ssh tunnel. Encapsulation, simply. I thought this was a way to chain ssh sessions. As if the jumping-host had some back-to-back ssh agents (the ssh-daemon bound to an ssh-client to the target host). Sorry for the mistake. Sorry for the inconvenience. Best regards. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
