On Fri, Feb 18, 2022 at 02:13:15PM +0200, Lars Noodén wrote:
> On 2/18/22 13:36, Brian Candler wrote:
> [snip]
> > (Idea is to make a direct connection to a host on IPv6 where possible,
> > but when connecting from an IPv4-only network fallback to SOCKS)
>
> Several people have written about something similar in various blog
> posts and microblog posts in recent years[1]. Use of Match Exec in
> ssh_config(5) seems to be the way that is approached:
>
> Match host ipv6only.example.org
> User fred
>
> Match host ipv6only.example.org !exec "route -n get -inet6 %h"
> ProxyJump dualstack.example.org
>
> That would allow you to connect directly to the one system if there is
> IPv6 connectivity and hop through a bastion / jump host first if only
> IPv4 connectivity is possible. The match blocks can be made more
> general with patterns, of course.
>
> Exec could use route(8), ping(8), nc(1), or a custom script.
>
I have something similar that detects whether I am on the same LAN as
the destination system, and uses ProxyJump if not:-
#
#
# esprimo may be remote or local (particularly from t470), if it's remote
# connect via cheddar.halon.
#
Match host esprimo exec "! ping -w 1 -c 1 esprimo >/dev/null 2>&1"
Hostname zbmc.eu
ProxyJump cheddar.halon.org.uk
--
Chris Green
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
