Feature Request: Ability to specify local bind address for ssh(1) -W

[Jochen Bern]

On 25.03.21 16:30, Aaron Jones wrote:
> I have deployed an SSH bastion host, and would prefer to use the ssh(1)
> -W option to establish a forwarding from that host to the others that it
> can access.
> 
> However, the bastion host has multiple IP addresses, and I need ssh(1)
> to make the connection from a specific source address.

I do not speak for the OpenSSH developers, but I have a hunch that
they'll deny that request. Selecting the source address for an outgoing
connection usually is the job of the OS(*) and an application needs to
carry quite a bit of extra code to override that. OK for an explicit
networking tool like nc, but maybe not for ssh.

However, assuming that there's some *regularity* to your need, you might
be able to tell the kernel itself to adhere to it (e.g., for Linux, use
iptables to explicitly SNAT connections matching a pattern to a specific
source IP). No more extra processes that can linger that way.

(*) Off the top of my head: Look up the outgoing interface in the
default(!!) routing table, then choose the IP added last (Linux) / set
first (SunOS/Solaris) / round robin (*BSD) from those set on that interface.

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210326/ab9cc7db/attachment-0001.p7s>