[epaulson]

I know this isn't an actual v3 of the SSH protocol, but if there ever is a version 3 of SSH, it really needs some kind of (encrypted) SNI or at least a standardized metadata block that can be passed to any jumphost without having the know the specifics of the ProxyCommand on that middlebox.

[idorosen]

`ProxyJump` already exists, so you don’t need to know where netcat resides on the jumphost anymore.

SNI-like metadata might have some adverse security implications, but a fancier ProxyJump with session routing would be nice.

[qudat]

SNI is absolutely needed. Over at https://pico.sh we have to request an IP for each ssh server even though from a resource perspective we really only need 1 VM. It increases the complexity of our deployments and overall makes us want to figure out how to merge all of our SSH apps into one.

[mkj]

Maybe if there were a DNS record for a SSH port number it could work? Separate port per server, not terrible.