Feature Request: Ability to specify local bind address for ssh(1) -W
Aaron Jones
me at aaronmdjones.net
Fri Mar 26 02:30:05 AEDT 2021
Hello.
I have deployed an SSH bastion host, and would prefer to use the ssh(1)
-W option to establish a forwarding from that host to the others that it
can access.
However, the bastion host has multiple IP addresses, and I need ssh(1)
to make the connection from a specific source address.
There is currently no way to accomplish this with the -W option, as it
only takes a destination address. This means that I need to instruct my
SSH client to start a nc(1) command and use its -s option instead, but
those commands sometimes linger (as children of PID 1) for a long time
after the connection has long since died, and I would prefer that the
login not have the ability to run commands at all.
Would it be possible to extend the syntax to take an optional source
address? For example (showing my current configuration commented out,
and how this could be specified using -W instead):
Host foo.example.net
BatchMode Yes
ControlMaster auto
ControlPath ~/.ssh/control-path.d/%r@%h:%p.sock
ControlPersist 3
ProxyCommand none
RequestTTY No
User bar
Host *.example.net
# ProxyCommand ssh foo.example.net 'nc -6 -s 2001:db8::2 %h %p'
ProxyCommand ssh -W [2001:db8::2]:[%h]:%p foo.example.net
Regards,
Aaron Jones
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210325/3bee1de1/attachment.asc>
More information about the openssh-unix-dev
mailing list