Re: CanonicalHostname and ssh connections through a jumphost

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Christof,

Warlich, Christof wrote:
> Instead of just trying to resolve one in the list of potential fully
> qualified hostnames locally (which cannot work as the host is only known
> in some remote subnet accessible through the ProxyJump command), the
> command defined in ProxyJump should be used to resolve the fully
> qualified hostname in that remote subnet.

Please compare the ProxyJump and ProxyCommand options.

Note that ProxyJump is shorthand for one particular (common) ProxyCommand
pattern, and also note that ProxyCommand has rather limited semantics -
nothing that allows explicit name resolution other than the one-shot
attempt to connect to a destination, and waiting for success or timeout.

My point is that neither ProxyJump nor ProxyCommand describe a command
that executes remotely, they both result in an extra command being
executed locally, on the initial client.

That command (ssh -W) instructs the jumphost sshd to connect to the given
destination by way of a "direct-tcpip" channel, and the destination sent
in that CHANNEL_OPEN request is either what the user typed in the original
client command or a configured HostName.


I hope this helps.

//Peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux