6.3. Usage

Targets that can be reached via a suSSHi Proxy are configured with a reference to the proxy so that they are valid in the namespace of this proxy. Two identical targets (e.g. with the same IP or DNS hostname) referenced to different proxies are thus in different namespaces and can be neatly distinguished.


If you are familiar with the concept of VRFs in networking, you can think of the targets as being contained in a VRF that is referenced by the proxy. The regular targets can than be referred to as being contained in the default VRF.

Each target referenced with a proxy is uniq to this proxy and can be used in the access rules by just selecting the target as with regular targets. The targets configured with a reference to a proxy are displayed in the access rules and all other lists accordingly in the form of <target>@<proxy_realm>. This is exactly how they are addressed by the user connecting to these targets.

So instead of the well-known form of <gateway_user>@<target_user>@<target>, the SSH user will be in the form of <gateway_user>@<target_user>@<target>@<proxy_realm>.


$ ssh johndoe@root@target@abc@susshi.company.net
$ ssh -l johndoe@root@target@abc susshi.company.net