This release is backward compatible to suSSHi Gateways from version 19.12 or newer. To use the new suSSHi Proxy Bastion feature, suSSHi Gateway and suSSHi Proxy must be updated to version 20.05 or later.
suSSHi Proxy Bastions
With the suSSHi Proxy Bastions feature, a suSSHi Proxy can act as a SSH endpoint for users having the need for port-forwarding only, but no interactive session is required. This can be used when a proxy is deployed in a remote environment like a cloud tenant and the users don’t need SSH access to a target host within the remote environment, but want to establish a port forwarding to applications like RDP, for example.
To start a suSSHi Proxy Bastion session, the user just uses
gateway-user@proxy-realmsyntax as the gateway user:
ssh -L 8443:webserver:443 -l myuser@proxy15 <gateway> ssh -D 1080 -l myuser@proxy15 <gateway>
In addition to the already existing support for IPv6 between suSSHi Gateway and suSSHi Proxy, the suSSHi Proxy now also support IPv6 to connect to a target. The container has to be run in a container environment supporting IPv6 and the listening ports have to be configured for an IPv6 listener accordingly.
Starting with version 20.05, all processes of the suSSHi Proxy container will be changed to an unprivileged user named “susshi” after startup.