[Bug 80] Host key conflict with two servers on one IP
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Jan 26 16:54:02 EST 2002
http://bugzilla.mindrot.org/show_bug.cgi?id=80
------- Additional Comments From dan at doxpara.com 2002-01-26 16:53 -------
The IANA number is nice, but I wouldn't call "anything else a special case".
If it wasn't for the nature of the crypto identity, he'd have a good argument
that we weren't elegantly supporting multiple servers living on the same host.
It's a bit strange coming up with an example, but suppose web browsers didn't
attach the alternate port to relative links. Sure, you could download the HTML
page, but any linked images would either have to be absolutely specified or
would be attempted to be sucked from the server on port 80, the "IANA" port.
It'd be presumptively incorrect behavior, even if the original page was
retrieved via HTTP. Multiple servers on the same host have different content,
and that's OK.
Keep in mind -- port shifting is pretty much the only way to virtual host HTTP
over SSL.
SSH is a much different story, though. "Multiple servers living on the same
host" represent one of two things:
A) An alternate SSHD running locally, possibly for testing purposes. The keys
should match, and as does the desired destination.
B) An alternate SSHD running remotely, probably port forwarded. The keys ought
not match, because someone's trying to go elsewhere.
Content is not identity. Who you are is different than what you say.
Anyway, IANA is a suggestion and a reservation; it excludes other services from
using SSH's port, but shouldn't be construed to restrict SSH to 22.
Flexibility is a good thing.
--Dan
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-unix-dev
mailing list