port forwarding trouble
Darren Tucker
dtucker at zip.com.au
Fri Aug 5 00:41:37 EST 2005
Sergio Gelato wrote:
> * Frederik Eaton [2005-08-02 17:39:59 +0100]:
>>Also, I don't think that the "host at port" syntax suggested in the bug
>>comments is a good idea.
>
> At the very least it should be port at host. There is precedent for that,
> e.g. in FlexLM LM_LICENSE_FILE environment variables.
Why is that better the host at port? I would bet there's precedent for
that somewhere too.
[...]
> I'm not sure about URLs, but various tools simply require square
> brackets around the IPv6 address, as in
> [0:1:2:3:4:5:6:7]:port
That would be OK for new entries but it's not backward compatible with
existing known_hosts files.
Once you add an optional ":port" I don't see how it's possible to
reliably distinguish between IPv6 addresses created by old versions and
host:port indentifiers created by new versions.
> For example, this (minus the port number) is what you are supposed to
> do in /etc/hosts.allow. Implementations differ as to whether one needs
> [fe80::]/10 or [fe80::/10] for network prefixes, but I think the former
> is winning.
OpenSSH already understands that notation, eg for ListenAddress (minus
the network prefix, I think).
>>A brief search indicated "host.:port" might be used somewhere.
>>But "host:port" is so common that it would be better to use a different
>>notation only when 'host' is IPv6. "@" is especially bad, because it
>>makes it look like the host is a user.
They're host keys, I don't see how the identifiers could be confused
with a user. There's no reference to users at all in known_hosts.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list