~/.hosts patch
Brooks Davis
brooks at one-eyed-alien.net
Mon Jul 3 21:55:07 UTC 2006
On Mon, Jul 03, 2006 at 11:18:06PM +0200, Stefan Bethke wrote:
> Am 30.06.2006 um 23:32 schrieb Brooks Davis:
>
> >I'm very familiar with .ssh/config and it's not sufficent for at least
> >one server I know of. The problem is that the client must think it is
> >connecting to server.fully.qualified.domain and do so by name because
> >the name is passed to the server which misuses in in interesting ways.
>
> I'm probably just a bit too thick to really understand this, but why
> not teach the ssh client to pass the desired "virtual ssh host name"
> to the server, instead of trying to muck around with DNS or /etc/hosts?
>
> Is this "virtual host" feature part of the standard OpenSSH? It sure
> seems like a nice feature to hop from a bastion host directly to an
> internal machine...
The problem is that the client application using a port forwarded to
localhost:port via ssh must connect to that port via the host name of
the remote server or it will crash the remote server because it also
passes localhost or 127.0.0.1 to the remote server over the TCP session
and the server misbehaves in that case. Yes it's a bug in both the
remote server and the client/server protocol, but that's really beside
the point. Crappy software exists and sometimes we have to deal with
it.
The simple fact is that I needed a hack like this and there wasn't
another solution (with possible exception of a SOCKS proxy, which wasn't
an option at the time) a ~/.hosts file would have been a nice way to
implement part of it rather than actually adding the entry to /etc/hosts.
Please do me the favor of assuming that I have a clue and that I
wouldn't have done such a think if there had been an easier solution. :)
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20060703/16e5110a/attachment.pgp
More information about the freebsd-current
mailing list