openssh bugs - Jun 2011 - [Bug 1916] New: Wish: support multiple alternative hostnames for a given host alias (useful with NAT)

https://bugzilla.mindrot.org/show_bug.cgi?id=1916

             Bug #: 1916
           Summary: Wish: support multiple alternative hostnames for a
                    given host alias (useful with NAT)
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: openssh at richardneill.org


Many servers have different IP addresses, and different canonical DNS
entries, depending on which side of the (NAT) firewall you are
connecting from. It would be nice to have a single Host entry in the
ssh/config file that would cope with multiple hostname alternatives,
and try first one, then the other.

eg:

  Host example1
     Hostname  example1
     Hostname  example1.no-ip.org
     Port 2222


What this should do is allow me to type "ssh example1" and then:

* If I am at home, inside my NAT firewall, it should try to connect to
the machine named "example1" (according to the DNS entry in my
broadband router). 

* If I am away at work, it should connect to the FQDN at no-ip.org, on
the port 2222.


The reason this is useful is when setting up connections for less
technical users. For example, having done this, it's then possible to
enable, say, SFTP within Nautilus, and have it work whether the laptop
is inside or outside the home network. Otherwise, one must have
multiple different entries that are context-dependent.


Thanks for your consideration.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1916

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> 2011-06-28 07:50:31
EST ---
you can do this by butting multiple addresses for the host in question
in /etc/hosts or in the DNS

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1916

--- Comment #2 from Richard Neill <openssh at richardneill.org> 2011-06-28
08:38:44 EST ---
> you can do this by butting multiple addresses for the host in question
> in /etc/hosts or in the DNS
Sadly this only works if one has sufficient control. After all, if one
can control DNS satisfactorily, the issue doesn't arise. But from the
SSH user's perspective, he cannot necessarily alter the DNS.

However, in the worst case, all we have are two (or more) host-names,
maybe or not fully-qualified, and where, depending on where the laptop
is (and what DHCP/DNS server is answering), either, both or neither of
these is the right machine. 

I can achieve what I want from a bash alias quite easily, but this
isn't helpful when stacking things like nautilus bookmarks on top of
ssh. Eg:

alias ssh_mydesktop='{ fping -q internal_hostname && ssh
internal_hostname;} || { fping -q external_hosgtname && ssh
external_hostname ;} || { echo Sory, unreachable either way ;} '

(this approach is also brittle, if I am outside my own firewall, and
"internal_hostname" coincides with an entry that happens to be valid
in
the external DNS server.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1916

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2011-08-12
10:25:57 EST ---
I've used a ProxyCommand to do this kind of thing, eg:

Host example1
  ProxyCommand ~/bin/multiconnect %h %p

then have whatever logic you like in the shell script and use netcat or
similar to actually make the connection:

#!/bin/sh
if ifconfig eth0 | grep -q '192\.168\.0\.'
then
  exec nc 192.168.0.1 %p
else
  exec nc example1.no-ip.org %p
fi

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1916

--- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2011-09-23
10:50:22 EST ---
In fact you can implement the exact semantics you're after with a
proxycommand (and different ports too):

Host example1
  ProxyCommand sh -x"(nc example1 22 || nc example1.no-ip.org 2222)
2>/dev/null"

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.