Hi Christof, Warlich, Christof wrote: > Instead of just trying to resolve one in the list of potential fully > qualified hostnames locally (which cannot work as the host is only known > in some remote subnet accessible through the ProxyJump command), the > command defined in ProxyJump should be used to resolve the fully > qualified hostname in that remote subnet. Please compare the ProxyJump and ProxyCommand options. Note that ProxyJump is shorthand for one particular (common) ProxyCommand pattern, and also note that ProxyCommand has rather limited semantics - nothing that allows explicit name resolution other than the one-shot attempt to connect to a destination, and waiting for success or timeout. My point is that neither ProxyJump nor ProxyCommand describe a command that executes remotely, they both result in an extra command being executed locally, on the initial client. That command (ssh -W) instructs the jumphost sshd to connect to the given destination by way of a "direct-tcpip" channel, and the destination sent in that CHANNEL_OPEN request is either what the user typed in the original client command or a configured HostName. I hope this helps. //Peter _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev