SSH has no Host header

19 pointsposted 14 days ago
by birdculture
(blog.exe.dev)

17 Comments

cweagans

14 days ago

That's a really neat solution. Does that mean one of the constraints you'd have to impose is that a given customer can only have as many VMs as there are addresses in the block of IPs that you own? If they tried to create another one past that, it seems like you'd have a bit of a problem on your hands - but then again, maybe that number is so high that you're not likely to run into that edge case?

rahimnathwani

14 days ago

Their docs say the enterprise plan comes with a max of 30 VMs.

crawshaw

3 days ago

[exe.dev co-founder here] That's true today but I am rapidly buying IP addresses so we can increase that number.

rahimnathwani

14 days ago

I started reading this thinking 'why not just use different port numbers' but I came away convinced that the problem was worth solving and their solution is neat.

eqvinox

14 days ago

> came away convinced that the problem was worth solving

What convinced you? I don't see it. The user is using SSH, if they can't pass a -p option (or type it in a GUI) to their SSH client they won't be able to do much with the shell they're getting either?

rahimnathwani

14 days ago

I like that you can just use the hostname for web and ssh, without considering that the same IP address isn't exclusively yours.

And, sure, you can add a -p option. But if you have 20 VMs (which is how many come with their basic plan) you'd have to remember all the different port numbers.

(I'm not in the target market for their service.)

eqvinox

14 days ago

hmm. I see the point about using the same hostname… but that's what .ssh/config is for.

You also can't really use the public hostname for this, can you. Unless you do really complex DNS trickery, you can only return one (set of) IP address for a given name. It would thus need to be the same IP address for everyone. Which works only as long as 2 users don't have overlap in the VMs they want to access…

(I guess they can run a solver and try to make it work for as long as possible, including reassigning IPs… but it'll hit a wall at some point?)

rahimnathwani

14 days ago

Sorry, I don't understand your point about the DNS thing. I don't think multiple owners share the same hostnames. Each owner has a set of 20 hostnames that are unique to their account. And there are 20 IP addresses shared across all owners.

eqvinox

14 days ago

> I don't think multiple owners share the same hostnames.

That's exactly what I mean, this approach wouldn't be able to handle unconstrained sharing of systems among multiple users. If you're, say, a freelancer who has access to a bunch of people's systems… and another freelancer has access to half of those, and then a bunch of others… these combinations create exclusions that can make the whole thing unsolvable if they're large enough.

indigodaddy

14 days ago

They're aiming to reduce complexity for the user wherever they can, so their efforts around this make total sense for the platform they've created.

znpy

14 days ago

Neat but fragile. It needs a custom proxy and it’s very dependant on specific network setups (eg: doesn’t work in cloud environments).

exabrial

14 days ago

srv records would be awesome, as always, but we forgo those for some still unknown reason.

znpy

14 days ago

Look at all the duct tape engineering just to avoid going to ipv6…

I know i’ll be downvoted, i accept it.

indigodaddy

14 days ago

How would ipv6 solve this specific problem?

znpy

12 days ago

you have one ipv6 address behind each hostname. no need for proxying.

indigodaddy

11 days ago

Ah because ipv6 is so cheap/plentiful, got it. I'd imagine though they would still need to make it work in IPv4 only cases