Re: SNI-like routing

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, 22 Sept 2022 at 07:02, Carl Karsten <carl@xxxxxxxxxxxxxxxx> wrote:
> Telling them all to use ProxyJump isn't out of the question, but I'm
> hoping there are other options.

ProxyJump is likely the easiest solution.  It requires an account on
the host, but it can be authenticated by your friends' keys and
restricted to only allow port forwarding.  It does not require any
additional software beyond OpenSSH.

> I don't mind a separate solution for ssh and http.  like for http I
> can run an nginx on the public IP with
>
>  server_name vm1;
>   location / { proxy_pass http://10.0.0.1;

Other possible solutions:

 - configure nginx on port 80 to allow a HTTP CONNECT to the VMs on
port 22 then use a ProxyCommand like netcat that supports HTTP
CONNECT.  (Make sure you *only* allow connections to your VMs, lest
you become an open proxy.)

 - maybe you could cook up a config using a SSH+SSL demultiplexer like
sslh although from a quick glance at the man page it's not obvious if
that would even be possible.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux