TCP connect timeout with proxy
Peter Stuge
peter at stuge.se
Sat Mar 28 12:26:11 AEDT 2020
Hi Anand,
Anand Buddhdev wrote:
> am unable to extend openssh in any way. If I could, I would.
That last part made me think about this some more. I understand that
to mean that you do in fact have control over at least all clients?
From your original mail I understood that you do not have control over
all proxy hosts. Correct?
> For now, I think my best option is to keep using netcat (nc) on the proxy
Where nc is available that's all right.
For when nc is not available, and assuming that you have control over
all clients and would use a patched OpenSSH client please answer if it
would be acceptable for the client (as opposed to the proxy, which is
what currently happens) to resolve your destination host name?
If yes, that would allow a (neat?) hack where the client would resolve
the name and could then open "direct-tcpip" channels for all address,
with some interval or why not all at once, and whatever comes back
successfully connected first will get used.
The drawback is that losing channels need to be closed if they come
back successful, but I think that may be manageable.
//Peter
More information about the openssh-unix-dev
mailing list