Feature request: virtual servers

Damien Miller djm at mindrot.org
Thu Apr 26 09:34:53 EST 2012


On Wed, 25 Apr 2012, Philipp Marek wrote:

> Hello everybody,
> 
> I'd like to get SSH provide some virtual server feature.
> 
> 
> Eg. when connecting to an existing server on a different port I'd like to 
> chroot all users to some directory.
> 
> This can currently be done by starting sshd twice, with different config 
> files (or perhaps command line options); but getting that "right" for all 
> circumstances (init.d, upstart, systemd, ...) is hard.
> 
> So I'd like to ask for the "Match" statements to allow matching the 
> accepting port number and/or IP address.

I think Darren had a pending patch for this. Darren?

> Another example: when connecting to a service-IP-address I want to use some 
> "common" host keys, not the per-server generated ones; but, as the files 
> might only get accessible when the service IP is on this machine, too, that 
> would mean loading the server keys _after_ accepting the connection ... so 
> that might be a bit more work, but would be much appreciated!

It isn't entirely clear what you are trying to achieve here. But, if I'm
understanding you right, couldn't you start a sshd with the right keys
at the time the service IP is assigned to the host?

sshd doesn't support varying the host keys based on local or remote address/
port now and it's probably not something we're interested in supporting in
the future (it would add quite a bit of complexity for something that can
be achieved by running multiple instances).

-d


More information about the openssh-unix-dev mailing list