"Virtual hosts" for ssh
Dan Kaminsky
dan at doxpara.com
Sat Jun 8 18:34:34 EST 2013
Actually this isn't a bad idea. Seems like it's at the right layer, doesn't require protocol rework, and exists in a namespace OpenSSH can reasonably claim to own. Only the client needs patching to upgrade the entire server space! Looks like a useful feature to have on by default, with pretty deep historical evidence that sharing perceived DNS name is operationally valuable. Not seeing a security impact; some concern about subsystems/sftp, but no need to block on that.
I like it! I'll write a patch if nobody else will.
Sent from my iPhone
On Jun 7, 2013, at 5:02 PM, Johannes Ernst <johannes.ernst at gmail.com> wrote:
> It'd be very cool if ssh supported something like Apache "virtual hosts". This would make it much more viable to host multiple installs of git on the same server, for example.
>
> More details:
>
> On the remote server, ssh already sets some environment variables:
>
>> printenv | grep SSH
> SSH_CLIENT=192.168.1.18 50945 22
> SSH_TTY=/dev/pts/1
> SSH_CONNECTION=192.168.1.18 50945 192.168.1.1 22
>
> What about adding another, say
> SSH_SERVER_HOST=host1
>
> Assuming that /etc/hosts
> 192.168.1.1 host1 host2
> then
> ssh user at host1
> and
> ssh user at host2
> would lead to a shell on the same host with the same user, but SSH_SERVER_HOST would be different, and that would allow the creation of a script that, for example, could find the correct git repository given the virtual hostname. This is currently not possible because the script only has IP addresses.
>
> Presumably that would not be too hard to do?
>
> Cheers,
>
>
> Johannes.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list