[Bug 80] Host key conflict with two servers on one IP

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Jan 26 16:54:02 EST 2002


http://bugzilla.mindrot.org/show_bug.cgi?id=80





------- Additional Comments From dan at doxpara.com  2002-01-26 16:53 -------
The IANA number is nice, but I wouldn't call "anything else a special case".  
If it wasn't for the nature of the crypto identity, he'd have a good argument 
that we weren't elegantly supporting multiple servers living on the same host.

It's a bit strange coming up with an example, but suppose web browsers didn't 
attach the alternate port to relative links.  Sure, you could download the HTML 
page, but any linked images would either have to be absolutely specified or 
would be attempted to be sucked from the server on port 80, the "IANA" port.  
It'd be presumptively incorrect behavior, even if the original page was 
retrieved via HTTP.  Multiple servers on the same host have different content, 
and that's OK.

Keep in mind -- port shifting is pretty much the only way to virtual host HTTP 
over SSL.

SSH is a much different story, though.  "Multiple servers living on the same 
host" represent one of two things:

A) An alternate SSHD running locally, possibly for testing purposes.  The keys 
should match, and as does the desired destination.
B) An alternate SSHD running remotely, probably port forwarded.  The keys ought 
not match, because someone's trying to go elsewhere.

Content is not identity.  Who you are is different than what you say.

Anyway, IANA is a suggestion and a reservation; it excludes other services from 
using SSH's port, but shouldn't be construed to restrict SSH to 22.  
Flexibility is a good thing.

--Dan





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-unix-dev mailing list