SSH has no Host header

Posted by birdculture 16 hours ago

Comments

Comment by indigodaddy 1 hour ago

If anyone wants to see how exe.dev works, a Marimo dev put together a really nice video:

https://www.youtube.com/watch?v=bV60dwhL2x4

Comment by cweagans 15 hours ago

That's a really neat solution. Does that mean one of the constraints you'd have to impose is that a given customer can only have as many VMs as there are addresses in the block of IPs that you own? If they tried to create another one past that, it seems like you'd have a bit of a problem on your hands - but then again, maybe that number is so high that you're not likely to run into that edge case?

Comment by rahimnathwani 14 hours ago

Their docs say the enterprise plan comes with a max of 30 VMs.

Comment by rahimnathwani 14 hours ago

I started reading this thinking 'why not just use different port numbers' but I came away convinced that the problem was worth solving and their solution is neat.

Comment by eqvinox 14 hours ago

> came away convinced that the problem was worth solving

What convinced you? I don't see it. The user is using SSH, if they can't pass a -p option (or type it in a GUI) to their SSH client they won't be able to do much with the shell they're getting either?

Comment by indigodaddy 1 hour ago

They're aiming to reduce complexity for the user wherever they can, so their efforts around this make total sense for the platform they've created.

Comment by rahimnathwani 14 hours ago

I like that you can just use the hostname for web and ssh, without considering that the same IP address isn't exclusively yours.

And, sure, you can add a -p option. But if you have 20 VMs (which is how many come with their basic plan) you'd have to remember all the different port numbers.

(I'm not in the target market for their service.)

Comment by eqvinox 14 hours ago

hmm. I see the point about using the same hostname… but that's what .ssh/config is for.

You also can't really use the public hostname for this, can you. Unless you do really complex DNS trickery, you can only return one (set of) IP address for a given name. It would thus need to be the same IP address for everyone. Which works only as long as 2 users don't have overlap in the VMs they want to access…

(I guess they can run a solver and try to make it work for as long as possible, including reassigning IPs… but it'll hit a wall at some point?)

Comment by rahimnathwani 14 hours ago

Sorry, I don't understand your point about the DNS thing. I don't think multiple owners share the same hostnames. Each owner has a set of 20 hostnames that are unique to their account. And there are 20 IP addresses shared across all owners.

Comment by eqvinox 5 hours ago

> I don't think multiple owners share the same hostnames.

That's exactly what I mean, this approach wouldn't be able to handle unconstrained sharing of systems among multiple users. If you're, say, a freelancer who has access to a bunch of people's systems… and another freelancer has access to half of those, and then a bunch of others… these combinations create exclusions that can make the whole thing unsolvable if they're large enough.

Comment by znpy 6 hours ago

Neat but fragile. It needs a custom proxy and it’s very dependant on specific network setups (eg: doesn’t work in cloud environments).

Comment by exabrial 13 hours ago

srv records would be awesome, as always, but we forgo those for some still unknown reason.