Protocol Version Exchange: the comments field and an idea how to use it
Michael Stone
mstone at mathom.us
Thu Nov 14 08:17:42 EST 2013
On Wed, Nov 13, 2013 at 08:30:31PM +0100, you wrote:
>Hannes Hörl wrote:
>>> The imaginary use case was virtual hosts with a www. hostname
>>> example, so the backend machines are presumably reachable at least
>>> on one port already.
>>
>> No. I thought of the case, where the backend machines are not reachable
>> from the outside, but http goes through haproxy or something similar.
>> So from the outside hostnames point to the proxy, but on the internal
>> network they resolve to their internal IPs.
>
>Ie. they are reachable.
The fact that they are reachable via one protocol doesn't change why
someone might want a facility in ssh to reach them via a different
mechanism.
>Why not make the HTTP proxy understand CONNECT (if it doesn't
>already) and use a suitable proxycommand in your ssh config?
There's certainly more than one way to do it. I'd personally suggest
implementing IPv6 and restoring globally unique addressing.
More information about the openssh-unix-dev
mailing list