Hello all, I would like to hear your opinions on what would be the best way of passing address family (hints) to proxy commands. Generally, proxy command is used to connect to proxy servers and the address family of the target host is up to the decision of the proxy command itself (regardless it is netcat, another ssh or something else). Currently, hints from commandline (-4, -6) are not used at all and not passed to proxy command similarly as any other hints from configuration files (unless the proxy command is ssh too and the proxy host has specific AddressFamily directive). My suggestion would be to provide a new replacement percent-token to inform the proxy-command about the preferred address family, but if you can think about better solution, I would be glad to hear it. This came up in the following bug [1], which is using sss_ssh_knownhostsproxy (taking care of known hosts validation if connecting to the server managed by IPA), but I believe this can be a real issue in other use cases. https://bugzilla.redhat.com/show_bug.cgi?id=1857104 Thanks, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
