Feature request: virtual servers
djm at mindrot.org
Thu Apr 26 09:34:53 EST 2012
On Wed, 25 Apr 2012, Philipp Marek wrote:
> Hello everybody,
> I'd like to get SSH provide some virtual server feature.
> Eg. when connecting to an existing server on a different port I'd like to
> chroot all users to some directory.
> This can currently be done by starting sshd twice, with different config
> files (or perhaps command line options); but getting that "right" for all
> circumstances (init.d, upstart, systemd, ...) is hard.
> So I'd like to ask for the "Match" statements to allow matching the
> accepting port number and/or IP address.
I think Darren had a pending patch for this. Darren?
> Another example: when connecting to a service-IP-address I want to use some
> "common" host keys, not the per-server generated ones; but, as the files
> might only get accessible when the service IP is on this machine, too, that
> would mean loading the server keys _after_ accepting the connection ... so
> that might be a bit more work, but would be much appreciated!
It isn't entirely clear what you are trying to achieve here. But, if I'm
understanding you right, couldn't you start a sshd with the right keys
at the time the service IP is assigned to the host?
sshd doesn't support varying the host keys based on local or remote address/
port now and it's probably not something we're interested in supporting in
the future (it would add quite a bit of complexity for something that can
be achieved by running multiple instances).
More information about the openssh-unix-dev