On 2/18/22 13:36, Brian Candler wrote:
[snip]
(Idea is to make a direct connection to a host on IPv6 where possible,
but when connecting from an IPv4-only network fallback to SOCKS)
Several people have written about something similar in various blog
posts and microblog posts in recent years[1]. Use of Match Exec in
ssh_config(5) seems to be the way that is approached:
Match host ipv6only.example.org
User fred
Match host ipv6only.example.org !exec "route -n get -inet6 %h"
ProxyJump dualstack.example.org
That would allow you to connect directly to the one system if there is
IPv6 connectivity and hop through a bastion / jump host first if only
IPv4 connectivity is possible. The match blocks can be made more
general with patterns, of course.
Exec could use route(8), ping(8), nc(1), or a custom script.
In order to use a SOCKS5 proxy in place of a jump host, ProxyCommand
could use nc(1) in place of a plain ProxyJump.
/Lars
[1] Since it doesn't seem to be such a rare task, I've put a summary in
a section of this chapter:
https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Conditional_Use_of_Jump_Hosts
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
