It'd be very cool if ssh supported something like Apache "virtual hosts". This would make it much more viable to host multiple installs of git on the same server, for example. More details: On the remote server, ssh already sets some environment variables:> printenv | grep SSHSSH_CLIENT=192.168.1.18 50945 22 SSH_TTY=/dev/pts/1 SSH_CONNECTION=192.168.1.18 50945 192.168.1.1 22 What about adding another, say SSH_SERVER_HOST=host1 Assuming that /etc/hosts 192.168.1.1 host1 host2 then ssh user at host1 and ssh user at host2 would lead to a shell on the same host with the same user, but SSH_SERVER_HOST would be different, and that would allow the creation of a script that, for example, could find the correct git repository given the virtual hostname. This is currently not possible because the script only has IP addresses. Presumably that would not be too hard to do? Cheers, Johannes.
Johannes Ernst wrote:> very cool if ssh supported something like Apache "virtual hosts"That makes not much sense, but you could of course consider jails/containers/etc.> host multiple installs of git on the same serverYou can use real user accounts and POSIX ACLs: # git init --shared "${repodir}" && find "${repodir}" -type d -execdir \ setfacl -m u::rwx,g::rwx,o::r-x,d:u::rwx,d:g::rwx,d:m::rwx,d:o::r-x '{}' + ..or use something like gitolite in order to avoid learning about ACLs. //Peter
Hello. You may be used 'Match' condition block, 'sshd_config(5)'. It allows you to distinguish between a compound of: User, Group, Host, LocalAddress, LocalPort, and Address criteria. May be with 'ChrootDirectory'. Or, if you trust your clients, you may use 'AcceptEnv'. To passed over ssh your environment variable. On Sat, Jun 8, 2013 at 4:02 AM, Johannes Ernst <johannes.ernst at gmail.com> wrote:> It'd be very cool if ssh supported something like Apache "virtual hosts". This would make it much more viable to host multiple installs of git on the same server, for example. > > More details: > > On the remote server, ssh already sets some environment variables: > >> printenv | grep SSH > SSH_CLIENT=192.168.1.18 50945 22 > SSH_TTY=/dev/pts/1 > SSH_CONNECTION=192.168.1.18 50945 192.168.1.1 22 > > What about adding another, say > SSH_SERVER_HOST=host1 > > Assuming that /etc/hosts > 192.168.1.1 host1 host2 > then > ssh user at host1 > and > ssh user at host2 > would lead to a shell on the same host with the same user, but SSH_SERVER_HOST would be different, and that would allow the creation of a script that, for example, could find the correct git repository given the virtual hostname. This is currently not possible because the script only has IP addresses. > > Presumably that would not be too hard to do? > > Cheers, > > > Johannes. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Actually this isn't a bad idea. Seems like it's at the right layer, doesn't require protocol rework, and exists in a namespace OpenSSH can reasonably claim to own. Only the client needs patching to upgrade the entire server space! Looks like a useful feature to have on by default, with pretty deep historical evidence that sharing perceived DNS name is operationally valuable. Not seeing a security impact; some concern about subsystems/sftp, but no need to block on that. I like it! I'll write a patch if nobody else will. Sent from my iPhone On Jun 7, 2013, at 5:02 PM, Johannes Ernst <johannes.ernst at gmail.com> wrote:> It'd be very cool if ssh supported something like Apache "virtual hosts". This would make it much more viable to host multiple installs of git on the same server, for example. > > More details: > > On the remote server, ssh already sets some environment variables: > >> printenv | grep SSH > SSH_CLIENT=192.168.1.18 50945 22 > SSH_TTY=/dev/pts/1 > SSH_CONNECTION=192.168.1.18 50945 192.168.1.1 22 > > What about adding another, say > SSH_SERVER_HOST=host1 > > Assuming that /etc/hosts > 192.168.1.1 host1 host2 > then > ssh user at host1 > and > ssh user at host2 > would lead to a shell on the same host with the same user, but SSH_SERVER_HOST would be different, and that would allow the creation of a script that, for example, could find the correct git repository given the virtual hostname. This is currently not possible because the script only has IP addresses. > > Presumably that would not be too hard to do? > > Cheers, > > > Johannes. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
On Fri, Jun 7, 2013 at 8:02 PM, Johannes Ernst <johannes.ernst at gmail.com> wrote:> It'd be very cool if ssh supported something like Apache "virtual hosts". This would make it much more viable to host multiple installs of git on the same server, for example.You've stepped into one of my fun areas, mixing technologies to attain a desired result, especially SSH and source control. As long as you can gracefully use a different IP address for each environment, it's workable. If you do it hostname based, you can get in deep confusion with all the different valid versions of the same hostname, such as WWW.eXaMplE.CoM versus www.example.com versus www (with a local domain set of example.com), and trying to match them all. That's an old problem with "VirtualHosts" from web servers, as well. Alternatively, don't use the "same user" for different projects on the same server. Use a different git shared username for each project environment. Since your git environments are normally defined by the home directory of the actual shared git username, this may be much faster and easier to set up and require no root managed manipulation of your sshd_config. Nico Kadel-Garcia <nkadel at gmail.com>> More details: > > On the remote server, ssh already sets some environment variables: > >> printenv | grep SSH > SSH_CLIENT=192.168.1.18 50945 22 > SSH_TTY=/dev/pts/1 > SSH_CONNECTION=192.168.1.18 50945 192.168.1.1 22 > > What about adding another, say > SSH_SERVER_HOST=host1 > > Assuming that /etc/hosts > 192.168.1.1 host1 host2 > then > ssh user at host1 > and > ssh user at host2 > would lead to a shell on the same host with the same user, but SSH_SERVER_HOST would be different, and that would allow the creation of a script that, for example, could find the correct git repository given the virtual hostname. This is currently not possible because the script only has IP addresses. > > Presumably that would not be too hard to do? > > Cheers, > > > Johannes. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev