SSH has no Host header

17 pointsposted 14 hours ago
by birdculture
(blog.exe.dev)

11 Comments

cweagans

12 hours ago

That's a really neat solution. Does that mean one of the constraints you'd have to impose is that a given customer can only have as many VMs as there are addresses in the block of IPs that you own? If they tried to create another one past that, it seems like you'd have a bit of a problem on your hands - but then again, maybe that number is so high that you're not likely to run into that edge case?

rahimnathwani

12 hours ago

Their docs say the enterprise plan comes with a max of 30 VMs.

rahimnathwani

12 hours ago

I started reading this thinking 'why not just use different port numbers' but I came away convinced that the problem was worth solving and their solution is neat.

eqvinox

12 hours ago

> came away convinced that the problem was worth solving

What convinced you? I don't see it. The user is using SSH, if they can't pass a -p option (or type it in a GUI) to their SSH client they won't be able to do much with the shell they're getting either?

rahimnathwani

12 hours ago

I like that you can just use the hostname for web and ssh, without considering that the same IP address isn't exclusively yours.

And, sure, you can add a -p option. But if you have 20 VMs (which is how many come with their basic plan) you'd have to remember all the different port numbers.

(I'm not in the target market for their service.)

eqvinox

12 hours ago

hmm. I see the point about using the same hostname… but that's what .ssh/config is for.

You also can't really use the public hostname for this, can you. Unless you do really complex DNS trickery, you can only return one (set of) IP address for a given name. It would thus need to be the same IP address for everyone. Which works only as long as 2 users don't have overlap in the VMs they want to access…

(I guess they can run a solver and try to make it work for as long as possible, including reassigning IPs… but it'll hit a wall at some point?)

rahimnathwani

11 hours ago

Sorry, I don't understand your point about the DNS thing. I don't think multiple owners share the same hostnames. Each owner has a set of 20 hostnames that are unique to their account. And there are 20 IP addresses shared across all owners.

eqvinox

3 hours ago

> I don't think multiple owners share the same hostnames.

That's exactly what I mean, this approach wouldn't be able to handle unconstrained sharing of systems among multiple users. If you're, say, a freelancer who has access to a bunch of people's systems… and another freelancer has access to half of those, and then a bunch of others… these combinations create exclusions that can make the whole thing unsolvable if they're large enough.

znpy

3 hours ago

Neat but fragile. It needs a custom proxy and it’s very dependant on specific network setups (eg: doesn’t work in cloud environments).

exabrial

10 hours ago

srv records would be awesome, as always, but we forgo those for some still unknown reason.

znpy

3 hours ago

Look at all the duct tape engineering just to avoid going to ipv6…

I know i’ll be downvoted, i accept it.