Passing address family to proxy command

Jakub Jelen jjelen at redhat.com
Mon Aug 3 22:02:34 AEST 2020


Hello all,
I would like to hear your opinions on what would be the best way of
passing address family (hints) to proxy commands.

Generally, proxy command is used to connect to proxy servers and the
address family of the target host is up to the decision of the proxy
command itself (regardless it is netcat, another ssh or something
else).

Currently, hints from commandline (-4, -6) are not used at all and not
passed to proxy command similarly as any other hints from configuration
files (unless the proxy command is ssh too and the proxy host has
specific AddressFamily directive).

My suggestion would be to provide a new replacement percent-token to
inform the proxy-command about the preferred address family, but if you
can think about better solution, I would be glad to hear it.

This came up in the following bug [1], which is using
sss_ssh_knownhostsproxy (taking care of known hosts validation if
connecting to the server managed by IPA), but I believe this can be a
real issue in other use cases.

https://bugzilla.redhat.com/show_bug.cgi?id=1857104

Thanks,
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.



More information about the openssh-unix-dev mailing list