- Updated: March 18, 2026
- 7 min read
Exe.dev Introduces SSH Host Header Solution for Shared IPv4 Pools
Exe.dev’s SSH Host Header solution lets developers and IT teams securely access any VM over shared IPv4 addresses by routing SSH connections with a unique {user, IP} tuple and public‑key identification.
How Exe.dev’s SSH Host Header Reinvents Secure Remote Access on Shared IPv4 Pools
Imagine typing ssh myapp.exe.xyz and instantly landing on the right virtual machine, even though dozens of VMs share the same public IPv4 address. No VPN, no complex port‑forwarding, just a clean, predictable domain name that works like HTTPS. That’s the promise of Exe.dev’s new SSH Host Header, a breakthrough that solves a problem that has haunted cloud providers for years.
In this article we’ll unpack the technical challenge, walk through Exe.dev’s IP‑sharing architecture, compare it with traditional approaches, and show why this matters to developers, system administrators, and IT decision‑makers looking for scalable remote access.
Why Traditional SSH Can’t Scale on Shared IPv4 Addresses
SSH was designed for point‑to‑point connections. When you run ssh user@host, the client resolves host to a single IP address, opens a TCP socket, and authenticates with a key or password. The protocol has no built‑in “Host” header like HTTP, so the server can’t tell which domain name the client used to reach it.
- Each VM traditionally needs a dedicated public IPv4 address.
- IPv4 scarcity makes this model expensive for flat‑rate subscriptions.
- IPv6‑only solutions exclude legacy clients and many corporate firewalls.
- Port‑multiplexing (e.g., using different ports per VM) quickly becomes unmanageable.
The result is a trade‑off: either pay for a unique IP per VM or accept a convoluted access pattern that hurts developer productivity.
Exe.dev’s IP‑Sharing Solution: The SSH Host Header
Exe.dev turned the problem on its head by borrowing a concept from the web: using the domain name as a routing key. While HTTP sends the domain in the Host header, SSH lacks such a field. Exe.dev’s answer is to combine three pieces of information that are already present in every SSH session:
- Public IPv4 address from a shared pool.
- SSH public key presented by the client.
- {user, IP} tuple that uniquely identifies a VM for a given account.
When a VM is created, Exe.dev allocates it an IP address that is unique **relative to its owner**. For example, the DNS record for myapp.exe.xyz resolves to a CNAME that points to a shared IP (e.g., 16.145.102.7). The same IP may serve dozens of other users, but only one VM per user can claim it.
dig myapp.exe.xyz
; <> DiG 9.10.6 <> myapp.exe.xyz
;; ANSWER SECTION:
myapp.exe.xyz. 230 IN CNAME s003.exe.xyz.
s003.exe.xyz. 230 IN A 16.145.102.7
When the SSH client connects, the proxy reads the incoming IP (e.g., 16.145.102.7) and the presented public key. By matching the key to a user account and pairing it with the IP, the proxy can unambiguously route the session to the correct VM.
Key Benefits for Developers, Sysadmins, and Enterprises
Predictable Domain‑Based Access
Teams can use familiar DNS names (service.devteam.exe.xyz) for both HTTPS and SSH, reducing context switching and documentation overhead.
Cost‑Effective IPv4 Utilization
By sharing a public IPv4 pool, Exe.dev keeps subscription fees flat while still offering a unique IP per user, eliminating the need for costly per‑VM IP allocations.
Zero‑Config SSH Routing
No custom port rules, no VPN tunnels. The SSH proxy handles routing automatically, making onboarding new developers a one‑line command.
Enhanced Security Posture
Because the proxy authenticates the public key before routing, unauthorized keys never reach the underlying VM, reducing attack surface.
Under the Hood: Technical Details of the SSH Host Header
The solution hinges on three core components:
- Public IPv4 Pool: A rotating set of IPv4 addresses owned by Exe.dev. Each address can be assigned to many users, but only once per user.
- {user, IP} Tuple: When a VM is provisioned, the system records the tuple
(user_id, ip_address). This mapping lives in a fast key‑value store accessed by the SSH proxy. - SSH Key Lookup: The client’s public key is sent during the SSH handshake. The proxy queries its user‑key database, resolves the user ID, and then combines it with the incoming IP to locate the target VM.
The proxy itself runs on bare‑metal servers within Exe.dev’s data center, giving it direct visibility of the source IP before NAT translation. In cloud environments where public IPs are NATed to private VPC addresses, the proxy uses a lightweight agent on each host to report the original IP, ensuring accurate routing.
Workflow Summary:
- Developer creates a VM via Exe.dev’s dashboard.
- System allocates an IP from the shared pool, records
(user, IP). - DNS entry points the chosen subdomain to the shared IP.
- When
ssh subdomain.exe.xyzis executed, the client presents its public key. - Proxy matches key → user, then
(user, IP)→ VM, and forwards the session.
How It Stacks Up Against Traditional Methods
| Approach | IP Usage | Setup Complexity | Security | Scalability |
|---|---|---|---|---|
| Dedicated IPv4 per VM | 1:1 | Low | High | Limited by IPv4 pool |
| Port‑Multiplexing (e.g., 2222, 2223) | 1:Many | Medium (firewall rules) | Medium (shared port) | Moderate |
| VPN‑Based Access | 1:Many (via tunnel) | High (VPN infra) | High (encrypted tunnel) | High (depends on VPN) |
| Exe.dev SSH Host Header | Many:Many (shared pool, per‑user uniqueness) | Low (DNS + key lookup) | High (key‑based routing) | Very High (dynamic pool) |
The table shows that Exe.dev’s approach delivers the security of dedicated IPs while preserving the cost efficiency of shared pools—something traditional methods struggle to achieve simultaneously.
Real‑World Use Cases Powered by UBOS
Organizations that already use the UBOS platform overview can instantly extend the SSH Host Header to their internal tooling. Below are a few UBOS templates that pair naturally with Exe.dev’s remote‑access model:
- AI SEO Analyzer – developers can SSH into the analysis engine for custom rule tweaking.
- AI Article Copywriter – secure SSH access to the generation backend for fine‑tuning language models.
- GPT-Powered Telegram Bot – combine with Telegram integration on UBOS for instant alerts on SSH login events.
- ChatGPT and Telegram integration – route SSH‑based diagnostics through a chat interface.
- OpenAI ChatGPT integration – use the same key‑based identity to authenticate API calls.
By leveraging UBOS’s Web app editor on UBOS and the Workflow automation studio, teams can automate provisioning of new VMs, assign them the appropriate SSH Host Header mapping, and instantly spin up the above templates—all without manual network configuration.
Why Your Organization Should Adopt Exe.dev’s SSH Host Header Today
The modern cloud landscape demands agility without sacrificing security or cost. Exe.dev’s solution delivers exactly that:
- Reduce infrastructure spend by sharing IPv4 addresses.
- Accelerate developer onboarding with simple, domain‑based SSH commands.
- Maintain a strong security posture through key‑driven routing.
- Future‑proof your stack by integrating with AI‑driven platforms like AI marketing agents and the Enterprise AI platform by UBOS.
Ready to try it? Visit the UBOS homepage for a free trial, explore the UBOS pricing plans, and check out the UBOS portfolio examples for inspiration.
For the original announcement and deeper technical notes, see Exe.dev’s blog post: SSH Host Header – Exe.dev.
“By turning the SSH handshake into a secure routing key, Exe.dev has unlocked the same convenience that HTTP users enjoy, all while keeping IPv4 costs under control.” – Cloud Infrastructure Analyst
Whether you’re a startup scaling rapidly, an SMB looking to cut cloud spend, or an enterprise seeking a unified remote‑access strategy, the SSH Host Header offers a pragmatic, future‑ready solution. Dive in, experiment, and let your teams focus on building, not on networking gymnastics.
© 2026 UBOS Technologies. All rights reserved.