"Virtual hosts" for ssh

Dan Kaminsky dan at doxpara.com
Sun Jun 9 01:14:27 EST 2013 


Sent from my iPhone

On Jun 8, 2013, at 7:58 AM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:

> On Fri, Jun 7, 2013 at 8:02 PM, Johannes Ernst <johannes.ernst at gmail.com> wrote:
>> It'd be very cool if ssh supported something like Apache "virtual hosts". This would make it much more viable to host multiple installs of git on the same server, for example.
> 
> You've stepped into one of my fun areas, mixing technologies to attain
> a desired result, especially SSH and source control.
> 
> As long as you can gracefully use a different IP address for each
> environment, it's workable.

Because nothing says graceful or workable like large scale IP management.

> If you do it hostname based, you can get
> in deep confusion with all the different valid versions of the same
> hostname, such as WWW.eXaMplE.CoM versus www.example.com versus www
> (with a local domain set of example.com), and trying to match them
> all. That's an old problem with "VirtualHosts" from web servers, as
> well.

Yes, it's an old, pretty much entirely solved problem. It's also not *our* problem; with this environment trick, it's the consuming shell's thing to deal with.

Arguably we could canonicalize the DNS name. 

> 
> Alternatively, don't use the "same user" for different projects on the
> same server. Use a different git shared username for each project
> environment. Since your git environments are normally defined by the
> home directory of the actual shared git username, this may be much
> faster and easier to set up and require no root managed manipulation
> of your sshd_config.

That's one way to do it, but overloading username instead of host has its own pile of issues.

> 
>         Nico Kadel-Garcia <nkadel at gmail.com>
> 
>> More details:
>> 
>> On the remote server, ssh already sets some environment variables:
>> 
>>> printenv | grep SSH
>> SSH_CLIENT=192.168.1.18 50945 22
>> SSH_TTY=/dev/pts/1
>> SSH_CONNECTION=192.168.1.18 50945 192.168.1.1 22
>> 
>> What about adding another, say
>> SSH_SERVER_HOST=host1
>> 
>> Assuming that /etc/hosts
>> 192.168.1.1 host1 host2
>> then
>> ssh user at host1
>> and
>> ssh user at host2
>> would lead to a shell on the same host with the same user, but SSH_SERVER_HOST would be different, and that would allow the creation of a script that, for example, could find the correct git repository given the virtual hostname. This is currently not possible because the script only has IP addresses.
>> 
>> Presumably that would not be too hard to do?
>> 
>> Cheers,
>> 
>> 
>> Johannes.
>> 
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list