Hello.
I have deployed an SSH bastion host, and would prefer to use the ssh(1)
-W option to establish a forwarding from that host to the others that it
can access.
However, the bastion host has multiple IP addresses, and I need ssh(1)
to make the connection from a specific source address.
There is currently no way to accomplish this with the -W option, as it
only takes a destination address. This means that I need to instruct my
SSH client to start a nc(1) command and use its -s option instead, but
those commands sometimes linger (as children of PID 1) for a long time
after the connection has long since died, and I would prefer that the
login not have the ability to run commands at all.
Would it be possible to extend the syntax to take an optional source
address? For example (showing my current configuration commented out,
and how this could be specified using -W instead):
Host foo.example.net
BatchMode Yes
ControlMaster auto
ControlPath ~/.ssh/control-path.d/%r@%h:%p.sock
ControlPersist 3
ProxyCommand none
RequestTTY No
User bar
Host *.example.net
# ProxyCommand ssh foo.example.net 'nc -6 -s 2001:db8::2 %h %p'
ProxyCommand ssh -W [2001:db8::2]:[%h]:%p foo.example.net
Regards,
Aaron Jones
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
