"Virtual hosts" for ssh

Alex Bligh alex at alex.org.uk
Sat Jun 8 19:08:44 EST 2013


On 8 Jun 2013, at 09:34, Dan Kaminsky wrote:

> Actually this isn't a bad idea. Seems like it's at the right layer, doesn't require protocol rework, and exists in a namespace OpenSSH can reasonably claim to own.  Only the client needs patching to upgrade the entire server space!  Looks like a useful feature to have on by default, with pretty deep historical evidence that sharing perceived DNS name is operationally valuable.  Not seeing a security impact; some concern about subsystems/sftp, but no need to block on that.


However, for maximum utility I think you are going to want
to upgrade the server too, so whatever the 'virtual host'
name is can be be subject to Match style logic, appear
as %[something] etc. Ideally you would want it to
to select different authorized_keys files, etc. etc.
but that would obviously be too late in the day.

Also unless the server sanitises this (which they won't
if unpatched) server side users of the environment
variable will need to be aware that a malicious
client could set this maliciously, and catch the foolish
who start in scripts without checking, assuming
it's always a hostname or IP. IE it doesn't work
like apache where the vhost has already been

Alex Bligh

More information about the openssh-unix-dev mailing list