Date: Mon, 3 Jul 2006 14:55:04 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Stefan Bethke <stb@lassitu.de> Cc: Mike Jakubik <mikej@rogers.com>, freebsd-current@freebsd.org, Garance A Drosihn <drosih@rpi.edu>, Justin Hibbits <jrh29@eecs.cwru.edu> Subject: Re: ~/.hosts patch Message-ID: <20060703215504.GC22556@odin.ac.hmc.edu> In-Reply-To: <953595BB-0939-4CCB-85B7-65F99F02275E@lassitu.de> References: <C41481BC-89F3-457E-9FD0-CB85CE7B93E7@eecs.cwru.edu> <4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu> <p06230963c0bf7fde2e33@[128.113.24.47]> <20060630213259.GA20670@odin.ac.hmc.edu> <953595BB-0939-4CCB-85B7-65F99F02275E@lassitu.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--jy6Sn24JjFx/iggw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 03, 2006 at 11:18:06PM +0200, Stefan Bethke wrote: > Am 30.06.2006 um 23:32 schrieb Brooks Davis: >=20 > >I'm very familiar with .ssh/config and it's not sufficent for at least > >one server I know of. The problem is that the client must think it is > >connecting to server.fully.qualified.domain and do so by name because > >the name is passed to the server which misuses in in interesting ways. >=20 > I'm probably just a bit too thick to really understand this, but why =20 > not teach the ssh client to pass the desired "virtual ssh host name" =20 > to the server, instead of trying to muck around with DNS or /etc/hosts? >=20 > Is this "virtual host" feature part of the standard OpenSSH? It sure =20 > seems like a nice feature to hop from a bastion host directly to an =20 > internal machine... The problem is that the client application using a port forwarded to localhost:port via ssh must connect to that port via the host name of the remote server or it will crash the remote server because it also passes localhost or 127.0.0.1 to the remote server over the TCP session and the server misbehaves in that case. Yes it's a bug in both the remote server and the client/server protocol, but that's really beside the point. Crappy software exists and sometimes we have to deal with it. The simple fact is that I needed a hack like this and there wasn't another solution (with possible exception of a SOCKS proxy, which wasn't an option at the time) a ~/.hosts file would have been a nice way to implement part of it rather than actually adding the entry to /etc/hosts. Please do me the favor of assuming that I have a clue and that I wouldn't have done such a think if there had been an easier solution. :) -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --jy6Sn24JjFx/iggw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEqZI3XY6L6fI4GtQRAkW+AJ96SBcZR0RgxcXHwjYwWqoMMVO3ZACfdfH9 nm3lPjmojCjg70zxZeUxrOo= =PYLx -----END PGP SIGNATURE----- --jy6Sn24JjFx/iggw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060703215504.GC22556>