View Single Post
  #1  
Old 02-03-2021, 11:52 AM
jimbobmcgee jimbobmcgee is offline
Registered User
 
Join Date: Apr 2005
Posts: 21
Suggestion for VShell: Allow for Subconfigurations based on Listen Address

Hi team;

Currently in VShell, it is possible to define subconfigurations, which allow for different configuration settings to apply to different users, or if connections come in from different client IP addresses.

It is also possible to specify multiple listen addresses, which binds the VShell service to a given network interface, alias and/or TCP port.

As a feature request, I would like to be able to define separate settings depending on which of the configured listeners accepted the connection.

The specific use-case I have at the moment is a desire to be able to differ the KEX/Cipher/MAC settings for clients connecting on one port, to those clients connecting on another (e.g. so I can A/B test deprecating ciphers on a dedicated port). Currently I would need two distinct VShell installations, possible file replication across servers, etc.

(I appreciate that, if I know the incoming IP addresses of the clients, I can currently use those to target a specific subconfiguration, but maintaining this is somewhat cumbersome.)

I could also see benefits to being able to expose different virtual roots for different listeners (e.g. similar to IIS FTP Sites), or allowing Shell access only on a dedicated management interface.

***

As an aside, allowing to edit subconfigurations in the GUI would be a bonus. For example, if I could select the subconfiguration from a drop-down at the top of the screen, and have the GUI apply changes only to that subconfiguration, that would be extremely useful.

Regards,
J.
Reply With Quote