Name based SSH proxy

Ángel González keisial at gmail.com
Wed May 27 10:04:27 AEST 2015


On 27/05/15 01:22, Kasper Dupont wrote:
> On 26/05/15 18.29, Daniel Kahn Gillmor wrote:
>> On Tue 2015-05-26 17:42:40 -0400, Kasper Dupont wrote:
>>> But it does not address all my requirements. I have a
>>> requirement that the hostname being used must be visible
>>> to the administrator of the SSH server. And it must be
>>> visible with minimal effort without requiring any software
>>> changes on the server.
>> The patch you're sending is a software change :)
> My requirements only said no software changes on the server.
> It was clear to me very early on, that some changes were
> needed on the client side.
>
> Whether the client side changes can be done as a
> ProxyCommand remains an open question. But it is certain
> that a modification of the ssh client would cover all my
> needs.
...with a modified server that acts as a proxy.


> I need the proxy to communicate with an unmodified server.
> And I need this communication to include the hostname for
> the administrator of said server to see. Whether the
> administrator would have to look in a logfile or a packet
> capture in order to see the hostname is not important.
An unmodified *final server* or *proxy server*? The final server
would obviously work being unmodified. The proxy server could have
modifications or not (perhaps not being a ssh server at all).
And why do you need the server administrator (the administrator
of the proxy?) to see the hostname? (the proxy logs would contain it,
but placing the burden on getting the administrator see the hostname,
instead of the proxy obtaining it, is strange)

> I believe that once I have an answer to how the proxy can
> communicate the hostname to the server, then everything
> else will follow.
Are you trying to solve a XY Problem ?
http://xyproblem.info/


> I don't yet know a way to acheive my desired result using
> just a ProxyCommand. But with the following change and a
> ProxyCommand, I believe I would be able to achieve what I
> am looking for.
You only need a command that is able to connect to hostname
"foo" over proxy "bar", and a proxy server of type "bar" installed
in the ipv4 bridging machine.

No changes to ssh binaries are needed.




More information about the openssh-unix-dev mailing list