I am having some trouble setting up custom domains and restricting them to specific SSH keys.
For context this is my setup:
sish domain: t.hrsn.net - this is the domain used in the SSH command to connect to sish and is the default hostname when not using a custom domain (e.g. tunnel123.t.hrsn.net).
Custom domain: t.wdh.gg - this is the domain I'm trying to restrict to a specific SSH key. A CNAME record is configured for t.wdh.gg and *.t.wdh.gg pointing to t.hrsn.net.
Cloudflare proxy is disabled.
I am using Docker compose to host sish.
In my config file I have the following:
bind-any-host: false
bind-hosts: t.wdh.gg
Now, this config works and I can setup subdomains on t.wdh.gg like tunnel123.t.wdh.gg however even though I have a TXT record set at _sish.t.wdh.gg with the content:
Even though that TXT record is in place, anyone regardless if they are using that SSH key are able to use t.wdh.gg subdomains even though it should be restricted to that specific key.
I have tried the following, none of which worked:
Removing the bind-hosts key entirely, however when attempting to use a subdomain of t.wdh.gg like tunnel123.t.wdh.gg it would instead bind to tunnel123.t.wdh.gg.t.hrsn.net.
Removing the SHA256: bit from the TXT record, which did not work.
Using the old DNS configuration by creating the following TXT record at t.wdh.gg (attempted with and without the SHA256: bit):
I am having some trouble setting up custom domains and restricting them to specific SSH keys.
For context this is my setup:
t.hrsn.net
- this is the domain used in the SSH command to connect to sish and is the default hostname when not using a custom domain (e.g.tunnel123.t.hrsn.net
).t.wdh.gg
- this is the domain I'm trying to restrict to a specific SSH key. A CNAME record is configured fort.wdh.gg
and*.t.wdh.gg
pointing tot.hrsn.net
.In my config file I have the following:
Now, this config works and I can setup subdomains on
t.wdh.gg
liketunnel123.t.wdh.gg
however even though I have a TXT record set at_sish.t.wdh.gg
with the content:Even though that TXT record is in place, anyone regardless if they are using that SSH key are able to use
t.wdh.gg
subdomains even though it should be restricted to that specific key.I have tried the following, none of which worked:
bind-hosts
key entirely, however when attempting to use a subdomain oft.wdh.gg
liketunnel123.t.wdh.gg
it would instead bind totunnel123.t.wdh.gg.t.hrsn.net
.SHA256:
bit from the TXT record, which did not work.t.wdh.gg
(attempted with and without theSHA256:
bit):Please let me know how I can setup custom domains and restrict them using TXT records to specific SSH keys. Thanks!