tomaswolf opened a new issue, #729: URL: https://github.com/apache/mina-sshd/issues/729
### Description In Apache MINA sshd 2 it is not easily possible to implement connecting via a SOCKS or HTTP CONNECT proxy before starting the SSH protocol. JGit has done this, but it's mechanism is rather hacky. For Apache MINA 3.0, the SSH transport protocol will be moved into a filter chain. It would then become much easier to hook in a filter at the bottom of this filter chain that would first handle the proxy connection, before the SSH protocol starts. Note that this requires having such a filter chain (already done, see branch `dev_3.0`). Additionally, the `SshClient` must * Not connect to the SSH host but to the proxy. * Tell the SSH session that a proxy is being used (and what kind of proxy, and how to authenticate at the proxy). * Make the actual target SSH server address be known to the SSH session. The `AbstractClientSession` then must insert this `ClientProxyFilter` in the filter chain, and then set it up such that it properly authenticates at the proxy (if needed), and then connects through the proxy to the target SSH server. Only then the SSH protocol can start. Some mechanism must be implemented to supply proxy authentication credentials, or to query the user for them. Ideally the proxy mechanism makes use of the standard Java proxy settings by default, but this should be easily configurable or overrideable. User code might already have some support for proxies, and might want to hook in its own idea of how to determine whether to use a proxy at all, and if so which one with which credentials. ### Motivation Provide users with a simple way to do SSH connections through a SOCKS or HTTP CONNECT proxy. ### Alternatives considered I did consider doing this for Apache MINA 2.X, but refrained from doing so because the way I'd done it in JGit is really ugly, and I just don't want to add more warts into the code base. In Apache MINA 3 with a filter chain, it can be done cleanly. ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
