[nprescott]

This is a good one. I've used this in the past in order to get onto IPv6-only networks as well. In my case I don't have IPv6 enabled on my home internet (thanks Verizon!) and I had a tiny virtual machine with Vultr, which at their lowest price point aren't offering IPv4 address space any more. Using a jump through another machine with both 4 and 6 address space saved me from having to cough up more money solely for a IPv4 address.

[mmalone]

You can also use the `ProxyJump` directive in your `~/.ssh/config`, which is the same as `-J` on the command line. So, for example:

    Host host_final
        ProxyJump user1@host1

will do the same thing as `-J user1@host`, but will allow you to just type:

    ssh user_final@host_final

If you're using an older SSH you can do this with a `ProxyCommand` (requires netcat on the jump box, but that's pretty standard):

    Host host_final
        ProxyCommand ssh user1@host1 nc %h %p

There are a bunch of variations on this technique, but these are the most common configs. Super easy transparent bastioning.

You can get really fancy with this stuff, particularly with `ProxyCommand`. We use it to trigger auto-login for our "Single sign-on for SSH" product at smallstep. When you have a `ProxyCommand` configured, instead of opening its own socket, OpenSSH just execs your proxy command and expects stdin & stdout to end up connected to a socket to the remote server. It doesn't care how that happens or what else happens before you get there. So we (ab)use this as a hook to check if you have a valid SSH certificate in your `ssh-agent` and, if you don't, trigger a single sign-on flow. It's nifty.

If you've never read the man pages for `ssh_config` and `sshd_config`, I highly recommend it. It's not that long and there's a lot of good stuff in there.

[ryukafalz]

>If you're using an older SSH you can do this with a `ProxyCommand` (requires netcat on the jump box, but that's pretty standard)

Even without ProxyJump, you can do something similar with ProxyCommand without netcat:

    Host final
    HostName host.example.com
    ProxyCommand ssh -W %h:%p user@jumpbox.example.com

(Granted, this is still more recent, but I think ProxyJump was introduced later than this.)

[_wldu]

Use teredo at home.

apt install miredo (on most debian based systems)

https://en.wikipedia.org/wiki/Teredo_tunneling

[segfaultbuserr]

You can also use Tor as IPv6 proxy in a pure IPv4 network (or as IPv4 proxy in a pure IPv6 network), recent versions of Tor can work under pure IPv6, gaining privacy and connectivity simultaneously. The speed is not actually too bad for web browsing, although not ideal for SSH. But still comes handy sometimes, I'm used it before to clone packages from GitHub on IPv6-only servers.

[Polylactic_acid]

How does github not have an AAAA record in 2020?? The faster people move to gitlab the better. ipv6 servers are not at all rare. Useful for individual use since you can save $1/month by dropping a useless for personal use feature.

[segfaultbuserr]

> How does github not have an AAAA record in 2020?

Yeah, it's hopeless, and it goes as if [0] they explicitly decided not to support it, incredibly frustrating!

> The faster people move to gitlab the better.

A lot projects will always host their master repository on GitHub for better or worse...

[0] Not meant to be an accusation, I don't have any evidence.

[mmalone]

Last time I launched a new website it took less than a month for someone to let us know that we'd forgotten to configure a AAAA and our site was inaccessible for them. And that was at new website traffic volume.

So yea, GitHub definitely knows about AAAA records and has intentionally decided not to have one. The question is: why? They must have a reason. Maybe even a good one. I'm curious.

[rob-olmos]

Interesting. Any likely reasons why not having IPv6/AAAA make the site inaccessible to them?

Sounds like most of the internet would be inaccessible to them as well?

[segfaultbuserr]

I do find some rumors on Reddit [0], which says IPv6 is a low priority project that gives its way to other projects.

[0] https://old.reddit.com/r/ipv6/comments/ec8i7y/github_still_d...