[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Dispatch incoming connections depending on username


So preventing man in the middle which is more or less what you are describing is one of the things ssh is designed to do. That being said I suppose you could proxy the ssh session to somewhere else. So what you would have to do is have an inbound ssh connection and an outbound ssh connection. Read session on both connections and write whatever you get to the other session. Any of the ssh libraries could do this.

> On Jan 12, 2017, at 8:34 AM, Alexis Pereda <alexis@xxxxxxxxx> wrote:
> 
> Hello,
> 
> I have not yet tried libssh and I want to know if my goal is reachable with it before I do.
> Is it possible with libssh to implement a SSH server so it listens to incoming connections and split it, depending on the username, to another port/another IP address?
> Simple example (with almost real information):
> I have a standard SSH server listening on port 2222 and another one listening on IP address 172.17.0.1, port 22 (actually, it is a docker container, running a standard SSH server). What I want to achieve is a program listening on port 22 that will act like a direct connection to port 2222 for any user but foo and will act like a direct connection to 172.17.0.1:22 if the user is foo, so when someone do ssh foo@xxxxxxxxxx <mailto:foo@xxxxxxxxxx> it actually connects to the inner docker.
> 
> I already searched for something that would do that but until now, I found nothing. If you know anything I am interested.
> 
> So, to summarize: is it possible or better already done?
> 
> Thank you.
> -- 
> Regards,
> Alexis


Follow-Ups:
Re: Dispatch incoming connections depending on usernameAlexis Pereda <alexis@xxxxxxxxx>
References:
Dispatch incoming connections depending on usernameAlexis Pereda <alexis@xxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org