Hi, I'm looking for a client-side tool which can be used with ProxyCommand and: - makes a direct connection attempt - if the connection fails, makes a second attempt via a configured SOCKS server - preferably uses ProxyUseFdpass, so that it gets out of the way once it has done its job Does anyone know if such a thing already exists?? If not, I might try knocking something together. (Idea is to make a direct connection to a host on IPv6 where possible, but when connecting from an IPv4-only network fallback to SOCKS)
On 2/18/22 13:36, Brian Candler wrote: [snip]> (Idea is to make a direct connection to a host on IPv6 where possible, > but when connecting from an IPv4-only network fallback to SOCKS)Several people have written about something similar in various blog posts and microblog posts in recent years[1]. Use of Match Exec in ssh_config(5) seems to be the way that is approached: Match host ipv6only.example.org User fred Match host ipv6only.example.org !exec "route -n get -inet6 %h" ProxyJump dualstack.example.org That would allow you to connect directly to the one system if there is IPv6 connectivity and hop through a bastion / jump host first if only IPv4 connectivity is possible. The match blocks can be made more general with patterns, of course. Exec could use route(8), ping(8), nc(1), or a custom script. In order to use a SOCKS5 proxy in place of a jump host, ProxyCommand could use nc(1) in place of a plain ProxyJump. /Lars [1] Since it doesn't seem to be such a rare task, I've put a summary in a section of this chapter: https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts#Conditional_Use_of_Jump_Hosts
On Fri, 18 Feb 2022 at 22:38, Brian Candler <b.candler at pobox.com> wrote:> I'm looking for a client-side tool which can be used with ProxyCommand and: > > - makes a direct connection attempt > - if the connection fails, makes a second attempt via a configured SOCKS > server > - preferably uses ProxyUseFdpass, so that it gets out of the way once it > has done its jobOther than the ProxyUseFdpass part you can do that with a shell one liner in ProxyCommand and netcat: ProxyCommand sh -c 'nc %h %p || nc --proxy lsocksserver:1080 --proxy-type=socks4 %h %p' -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.