[Added openssh-unix-dev@ back to thread]. On Oct 19, 2024, at 12:02, Maât <maat-ml@xxxxxxxxxx> wrote: > > Le 19/10/2024 à 19:32, Jim Knoble a écrit : > >>> Why avoid it? What use cases are there for logging into host b, besides as a jump host? > > In fact this "B" machine has several roles, [which get enumerated...] Have you considered assigning a different IP (or IPv6) address to the name assigned to the exposed GitLab? Then it's a different listening host:port and requires no additional proxy jumping. Another option is to forbid SSH access to the GitLab instance altogether and require HTTPS access only, which handles virtual hosts nicely. (This could also reduce the attack surface against GitLab). -- jim knoble _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev