From owner-freebsd-current@FreeBSD.ORG Mon Jul 3 21:55:07 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0A09016A403 for ; Mon, 3 Jul 2006 21:55:06 +0000 (UTC) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 848FD43D45 for ; Mon, 3 Jul 2006 21:55:06 +0000 (GMT) (envelope-from brdavis@odin.ac.hmc.edu) Received: from odin.ac.hmc.edu (localhost.localdomain [127.0.0.1]) by odin.ac.hmc.edu (8.13.0/8.13.0) with ESMTP id k63Lt5jW019251; Mon, 3 Jul 2006 14:55:05 -0700 Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.13.0/8.13.0/Submit) id k63Lt4a6019250; Mon, 3 Jul 2006 14:55:04 -0700 Date: Mon, 3 Jul 2006 14:55:04 -0700 From: Brooks Davis To: Stefan Bethke Message-ID: <20060703215504.GC22556@odin.ac.hmc.edu> References: <4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu> <20060630213259.GA20670@odin.ac.hmc.edu> <953595BB-0939-4CCB-85B7-65F99F02275E@lassitu.de> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="jy6Sn24JjFx/iggw" Content-Disposition: inline In-Reply-To: <953595BB-0939-4CCB-85B7-65F99F02275E@lassitu.de> User-Agent: Mutt/1.4.1i X-Virus-Scanned: by amavisd-new Cc: Mike Jakubik , freebsd-current@freebsd.org, Garance A Drosihn , Justin Hibbits Subject: Re: ~/.hosts patch X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jul 2006 21:55:07 -0000 --jy6Sn24JjFx/iggw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 03, 2006 at 11:18:06PM +0200, Stefan Bethke wrote: > Am 30.06.2006 um 23:32 schrieb Brooks Davis: >=20 > >I'm very familiar with .ssh/config and it's not sufficent for at least > >one server I know of. The problem is that the client must think it is > >connecting to server.fully.qualified.domain and do so by name because > >the name is passed to the server which misuses in in interesting ways. >=20 > I'm probably just a bit too thick to really understand this, but why =20 > not teach the ssh client to pass the desired "virtual ssh host name" =20 > to the server, instead of trying to muck around with DNS or /etc/hosts? >=20 > Is this "virtual host" feature part of the standard OpenSSH? It sure =20 > seems like a nice feature to hop from a bastion host directly to an =20 > internal machine... The problem is that the client application using a port forwarded to localhost:port via ssh must connect to that port via the host name of the remote server or it will crash the remote server because it also passes localhost or 127.0.0.1 to the remote server over the TCP session and the server misbehaves in that case. Yes it's a bug in both the remote server and the client/server protocol, but that's really beside the point. Crappy software exists and sometimes we have to deal with it. The simple fact is that I needed a hack like this and there wasn't another solution (with possible exception of a SOCKS proxy, which wasn't an option at the time) a ~/.hosts file would have been a nice way to implement part of it rather than actually adding the entry to /etc/hosts. Please do me the favor of assuming that I have a clue and that I wouldn't have done such a think if there had been an easier solution. :) -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --jy6Sn24JjFx/iggw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEqZI3XY6L6fI4GtQRAkW+AJ96SBcZR0RgxcXHwjYwWqoMMVO3ZACfdfH9 nm3lPjmojCjg70zxZeUxrOo= =PYLx -----END PGP SIGNATURE----- --jy6Sn24JjFx/iggw--