Adding SNI support to SSH

Christian Weisgerber naddy at mips.inka.de
Mon Jan 13 07:56:50 AEDT 2020


On 2020-01-12, Dustin Lundquist <dustin at null-ptr.net> wrote:

> I think the intended application is to proxy through a proxy host provided by the service provider. If SSH had a SNI like feature where a host identifier was passed in plain text during the initial connection. This way the user would just need to register their host identifier and IPv6 address (e.g. via AAAA DNS records), and the service provider wouldn’t need to maintain a list of allowed users. The proxy would have no more access to the contents of the SSH connection than any other intervening stateful firewall.

You can do this with a jump host, see ProxyJump in ssh_config(5).

-- 
Christian "naddy" Weisgerber                          naddy at mips.inka.de


More information about the openssh-unix-dev mailing list