(github.com)

532 points tempaccount420 | 1 comments | 27 Sep 25 14:27 UTC | HN request time: 0s | source

Show context

she46BiOmUerPVj ◴[27 Sep 25 15:27 UTC] No.45396551[source]▶

So with HTTP requests you can see the domain name in the header and forward it to the correct host. That was never a thing you could do with SSH, does this allow that to work?

replies(3): >>45396631 #>>45396916 #>>45397431 #

finaard ◴[27 Sep 25 16:00 UTC] No.45396916[source]▶

>>45396551 #

But that wasn't really a thing that was an issue with SSH.

Host *.internal.example.com

  ProxyCommand ssh -q -W %h:%p hop.internal.example.com

in the SSH client config would make everything in that domain hop over that hop server. It's one extra connection - but with everything correctly configured that should be barely noticeable. Auth is also proxied through.

replies(4): >>45397065 #>>45397084 #>>45397359 #>>45397400 #

doubled112 ◴[27 Sep 25 16:13 UTC] No.45397065[source]▶

>>45396916 #

If you don't need to do anything complicated, ProxyJump is easier to remember.

    Host *.internal.example.com
      ProxyJump hop.internal.example.com

replies(1): >>45397175 #

1. chupasaurus ◴[27 Sep 25 16:24 UTC] No.45397175{3}[source]▶

>>45397065 #

ProxyJump was implemented a decade ago to replace that specific string.

↑

SSH3: Faster and rich secure shell using HTTP/3