search for: datacenterlight

...rio is understandable and it would be very much appreciated if there was any way to dispatch to multiple end hosts with ssh directly. Whether that's via SNI or another mechanism, I don't have a strong opinion on. Best regards, Nico -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

...ide. I am looking forward to hearing your opinion. If this is something that would be accepted upstream, I could come up with a patch it. Best regards, Nico [0] https://ungleich.ch/de/cms/ungleich-blog/2018/09/20/how-to-break-ipv4-https/ -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

...we work with. So I am fine with taking some time to find a good solution that can be agreed on and waiting for all the ripple effects, because I literally see the potential of making life easier for thousands of people. Best regards, Nico -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

Dear Mailing List We are using a ControlMaster with a short ControlPersist to access the bastion host which then gives access to customer hosts. Our Information Security Manager would like to disallow the ControlMaster. His attack scenario is an admin workstation with a compromised root account. An attacker can then use the ControlMaster to trivially get shell access on the bastion host

...accept if { req_ssl_hello_type 1 } default_backend httpsipv4 backend httpsipv4 mode tcp use-server webmail.ungleich.ch if { req_ssl_sni -i webmail.ungleich.ch } server webmail.ungleich.ch ipv6 at webmail.ungleich.ch ... -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

> Have you ever considered using ssh's proxy-command for this? > I have a similar setup, works great for me. I think the intended application is to proxy through a proxy host provided by the service provider. If SSH had a SNI like feature where a host identifier was passed in plain text during the initial connection. This way the user would just need to register their host identifier

...to IPv6 only machines with still being accessible from the legacy Internet. Besides ssh. Let me rephrase my original question, I don't actually want SNI: Is there any way to create a multiplexing proxy for SSH? Best regards, Nico -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch

Hi, On Mon, Jan 13, 2020 at 03:16:00PM +0000, Jochen Bern wrote: > Out of interest: > 1. If an extended mechanism were to be implemented, which server pubkey > do you expect to be seen/stored/verified by the client? The proxy's > / v4 middlebox's, or the v6 backend's? Or would you require that all > server-side machines use the *same* host keypairs? I'd do