hostname routing

[Damien Miller]

On Tue, 16 Jun 2026, snek wrote:

> Hi,
>
> I'm trying to figure out if there's a good way to expose my git
> server's ssh to the world without having to give it a dedicated IP
> (I do like the idea of using dedicated IPv6 addresses for different
> services, but I do still need to access my stuff on legacy IPv4
> networks...)
>
> In the HTTP world we use features like the Host header and TLS SNI/ECH
> to figure out how to route a request instead of relying on dedicated
> IPs. I searched through RFCs, docs, and mailing list archives a
> bit for similar topics and didn't really find anything about such
> functionality in the SSH protocol.

There's no TLS SNI-like solution for SSH. I'd like one but it's fairly
subtle crypto work that needs to be carefully designed and reviewed.

We could probably steal a lot of the design from TLS, but it's not
something that will happen without a fair bit of effort. Maybe it's a
good thing to bring to the IETF SSHM working group? The charter for
the WG is mostly to standardise existing deployed stuff, but it is
a good place to start discussions of interesting protocol features
(like this) with a number of SSH protocol implementation authors.

-d