Rosa Del Mar

Issue 22 2026-01-22

Rosa Del Mar

Daily Brief

Issue 22 2026-01-22

Ssh Access And Routing Without Host Header

Issue 22 Edition 2026-01-22 4 min read
General
Sources: 1 • Confidence: Medium • Updated: 2026-02-06 16:59

Key takeaways

  • exe.dev identifies the customer account using the presented SSH public key and uses that identity to forward the connection to the correct underlying VM.
  • exe.dev avoids assigning every VM a globally unique IP by ensuring each VM has an IP address that is unique within a given customer account.
  • exe.dev charges $20/month and provides up to 25 VMs that share a pool of 2 CPUs and 8GB RAM.
  • When a user creates multiple VMs on exe.dev, each VM resolves to a different IP address, and those IPs are shared with many other users.
  • Users can SSH into an exe.dev VM using a hostname of the form <vmname>.exe.dev.

Sections

Ssh Access And Routing Without Host Header

The corpus asserts that hostnames are used for SSH access and that routing to the correct VM is achieved despite SSH lacking an HTTP-style Host header. The stated mechanism is that the provider uses the presented SSH public key to identify the customer account and then forwards the connection accordingly, implying routing is coupled to authentication identity.

  • exe.dev identifies the customer account using the presented SSH public key and uses that identity to forward the connection to the correct underlying VM.
  • Users can SSH into an exe.dev VM using a hostname of the form <vmname>.exe.dev.
  • exe.dev can route an SSH connection for <vmname>.exe.dev to the correct VM even though SSH lacks a Host-header equivalent for name-based routing.

Per Account Ip Uniqueness And Shared Ips

The corpus describes an IP allocation approach where VM IP uniqueness is guaranteed within an account rather than globally, and where resolved IPs are shared across many users. This is consistent with a multi-tenant design that reduces the need for globally unique per-VM IP addresses, but the corpus does not specify isolation boundaries, security controls, or failure modes.

  • exe.dev avoids assigning every VM a globally unique IP by ensuring each VM has an IP address that is unique within a given customer account.
  • When a user creates multiple VMs on exe.dev, each VM resolves to a different IP address, and those IPs are shared with many other users.

Bundle Pricing And Resource Pooling

The corpus specifies a single-price bundle that allows many VMs under one subscription while sharing a fixed CPU/RAM pool. This defines an explicit oversubscription/resource-sharing model that is likely to shape performance expectations and cost structure, but the corpus does not quantify performance or enforcement details.

  • exe.dev charges $20/month and provides up to 25 VMs that share a pool of 2 CPUs and 8GB RAM.

Unknowns

  • How strictly are the 2 CPU / 8GB RAM pool limits enforced across the up-to-25 VMs, and what are the observable performance/latency characteristics under contention?
  • At what stage does exe.dev determine the account identity from the SSH public key (pre-auth routing vs post-auth forwarding), and what happens on authentication failure?
  • How does exe.dev handle a public key that is added to multiple customer accounts (conflict), and is such reuse allowed or prevented?
  • How are per-account-unique VM IP addresses assigned and maintained over time (persistence, recycling, reassignment), and what triggers changes?
  • What tenant-isolation and reputation/rate-limit mitigations exist given that many users share the same public IPs?

Investor overlay

Read-throughs

  • Key based SSH routing suggests exe.dev operates an account aware front door that can multiplex many VMs behind shared IPs, potentially reducing per VM network costs versus globally unique IP allocation.
  • Per account unique IPs and shared public IPs imply a multi tenant networking model where tenant isolation, abuse controls, and reputation management could be central to reliability and user trust.
  • Single price bundle with pooled CPU and RAM across up to 25 VMs indicates an oversubscription model where unit economics and customer satisfaction depend on how strictly resource limits are enforced under contention.

What would confirm

  • Clear description of when account identity is determined from the SSH public key and how routing behaves on authentication failure, showing the approach is reliable and predictable.
  • Published or observable behavior of CPU and RAM pooling under multi VM load, including contention latency and throttling, aligning user experience with the stated 2 CPU and 8GB RAM pool.
  • Documented controls for shared IP environments such as rate limits, abuse mitigation, and tenant isolation mechanisms, indicating the platform can scale without reputational spillover.

What would kill

  • Evidence that SSH key conflicts across customer accounts are allowed and create ambiguous routing or account mix ups, undermining the key based identification mechanism.
  • Frequent or unexplained reassignment of per account VM IPs over time that breaks connectivity expectations, suggesting instability in the per account uniqueness scheme.
  • Reports of cross tenant impact from shared IPs such as blocks, throttling, or security incidents without effective mitigations, weakening the viability of shared IP multi tenancy.

Sources

  1. SSH has no Host header
    2026-01-22 simonwillison.net