On 25.03.21 16:30, Aaron Jones wrote: > I have deployed an SSH bastion host, and would prefer to use the ssh(1) > -W option to establish a forwarding from that host to the others that it > can access. > > However, the bastion host has multiple IP addresses, and I need ssh(1) > to make the connection from a specific source address. I do not speak for the OpenSSH developers, but I have a hunch that they'll deny that request. Selecting the source address for an outgoing connection usually is the job of the OS(*) and an application needs to carry quite a bit of extra code to override that. OK for an explicit networking tool like nc, but maybe not for ssh. However, assuming that there's some *regularity* to your need, you might be able to tell the kernel itself to adhere to it (e.g., for Linux, use iptables to explicitly SNAT connections matching a pattern to a specific source IP). No more extra processes that can linger that way. (*) Off the top of my head: Look up the outgoing interface in the default(!!) routing table, then choose the IP added last (Linux) / set first (SunOS/Solaris) / round robin (*BSD) from those set on that interface. Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
