Adding SNI support to SSH
Stuart Henderson
stu at spacehopper.org
Mon Jan 13 23:44:51 AEDT 2020
On 2020/01/13 11:10, Nico Schottelius wrote:
>
> That is correct, but requires client configuration. This only works if
> you can communicate with each and every user.
>
> The problem I am trying to solve is: there are thousands of users on
> IPv4 only networks who I cannot all communicate with. And they need to
> access resources on IPv6 only systems.
>
> The typical jump host / proxy command approach surely works, but only
> for a small percentage of the users. The big part actually reaches out
> to the support and has severe problems if they cannot just use "plain
> ssh" (i.e. need to configure ssh or don't land on the target host
> immediately).
Even if such a mechanism were added, you would be waiting a long time
before new enough OpenSSH versions filter through to the usual client
OS, and for other clients to gain support. It wouldn't be an easy way
out for your problem.
> I hope the motivation and scenario is understandable and it would be
> very much appreciated if there was any way to dispatch to multiple end
> hosts with ssh directly. Whether that's via SNI or another mechanism, I
> don't have a strong opinion on.
>
> Best regards,
>
> Nico
>
> --
> Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
If you have users that are wanting to access a v6-only system but
are themselves unable to setup their own v6 access, the easiest way is
probably web-based ssh (via a dual-stack host). If they want more it's
not so hard to setup v6 via a tunnel/VPN.
More information about the openssh-unix-dev
mailing list