Addition to the use case Was: Re: "Virtual hosts" for ssh

Ben Lindstrom mouring at
Sun Jun 9 22:52:31 EST 2013

On Jun 8, 2013, at 9:50 PM, Johannes Ernst <johannes.ernst at> wrote:

> On Jun 8, 2013, at 17:02, Carson Gaspar <carson at> wrote:
>> On 6/8/13 3:08 PM, Johannes Ernst wrote:
>>> Assume I set up 3 gits on server1 and 3 gits on server2. To keep the
>>> repositories separate, I create separate users: users git1, git2,
>>> git3 on server1 (with host name aliases host1, host2 and host3, each
>>> of which has a git instance) users git1, git2, git3 on server2 (with
>>> host name aliases host3, host4 and host5, each of which has a git
>>> instance)
>>> Now, for some reason two of the repositories on server1 get really
>>> popular, so I need to move one of it to server2. All of a sudden,
>>> there's a conflict: user git2 from server1 is not and should not be
>>> the same as user git2 on server2. So I'd have to rename one of them,
>>> and all of my users need to change their client-side setup.

They also have to change the host which their git is going to.  Thus still requiring them to make a chance.  So if it is username or servername.  The user is still changing their client-side setup.  Causing it to be a bad design.

>> The setup you describe is just badly designed, so of course it doesn't work well. Set up a CNAME per account (which the VH proposal already requires), and make the account names globally unique. You can now migrate between servers to your heart's content without the users having to change a thing.
> Imagine that all of an ISP's customers that run Wordpress needed to take their admin user names from a common namespace, e.g. you would be admin4567. That would not really be what you'd want as a customer, but that is what you are proposing just for ssh.
> Now imagine that I'm moving my Wordpress install from one ISP to another; all of a sudden I might have to change admin account names, I wouldn't want to do that ... and in case of git, it's a lot harder to do. 

Imagine if all the Wordpress instances were to share the same database so all accounts need to be unique across every instance on the server.   This is more akin to sshd.  Since it doesn't work that way your example is bogus.

- Ben

More information about the openssh-unix-dev mailing list