HOWTO (advanced) ssh transparent proxy jump

Jim Knoble jmknoble at pobox.com
Sun Oct 20 06:59:03 AEDT 2024


[Added openssh-unix-dev@ back to thread].

On Oct 19, 2024, at 12:02, Maât <maat-ml at mageia.biz> wrote:
> 
> Le 19/10/2024 à 19:32, Jim Knoble a écrit :
> 
>>> Why avoid it? What use cases are there for logging into host b, besides as a jump host?
> 
> In  fact this "B" machine has several roles, [which get enumerated...]

Have you considered assigning a different IP (or IPv6) address to the name assigned to the exposed GitLab? Then it's a different listening host:port and requires no additional proxy jumping.

Another option is to forbid SSH access to the GitLab instance altogether and require HTTPS access only, which handles virtual hosts nicely. (This could also reduce the attack surface against GitLab).

--
jim knoble


More information about the openssh-unix-dev mailing list