Host key verification (known_hosts) with ProxyJump/ProxyCommand
Darren Tucker
dtucker at dtucker.net
Fri Aug 18 19:00:11 AEST 2023
On Fri, 18 Aug 2023 at 18:38, Jochen Bern <Jochen.Bern at binect.de> wrote:
[...]
> If I understand correctly, you need to *know* the target system's local
> 172-ish IP to be able to log in.
No, the client doesn't need to know the server's address. By default
non-fully-qualified hostnames will be passed to the Jumphost to be
resolved there (subject to the CanonicalDomains and Canonicalized.*
settings) and you also have the option of setting "ProxyCommand ssh -W
..." yourself.
See https://github.com/openssh/openssh-portable/blob/master/ssh.c#L461
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list