alt Hacker NewsHow do you proxy the SSH connections? I thought you could not do hostname-based proxying with the SSH protocol
Replies
crawshaw • today at 10:07 AM
[exe.dev co-founder here] You are right, you cannot! It was quite a bit of work. We have a blog post in the works that should come out in a couple of weeks with all the details.
➕ show 1 reply
chiragjn • today at 10:58 AM
Would be interested in this too, I did some work in the past to make it work via Envoy proxy using HTTP CONNECT but that requires plugging in proxytunnel[0] or nc on client side.
> $ nslookup abc.exe.xyz
> abc.exe.xyz canonical name = s001.exe.xyz.
> $ telnet s001.exe.xyz 22
> Trying 100.20.12.135...
> Connected to s001.exe.xyz.
> Escape character is '^]'.
> SSH-2.0-SSHPiper
Looks like it's a combination of SSH server IP address + public key.
Each VM you create (up to 25 of them) gets a different CNAME record of the form s0NN.exe.xyz where NN ranges from 01 to 25. Each of these names, from s001.exe.xyz to s025.exe.xyz, resolves to a different IP address.
Therefore the individual VM can be distinguished this way, and the account they are associated with can be identified using the SSH public key that is used to authenticate.