linux - Haproxy for SSH name based proxying - Super User

linux - Haproxy for SSH name based proxying - Super User https://superuser.com/questions/769040/haproxy-for-ssh-name-based-proxying

Tue Oct 20 16:17:02 2020

This is impossible. HTTP protocol is different, because there is a "virtual host" concept and HAProxy can differentiate different hosts using "Host:" header. SSH has nothing like this and so the lxc-host is unable to know the container, you are trying to connect.

But you can use another SSH feature called "SSH gateway". Inside ~/.ssh/authorized_keys there is a command= option. Firts setup key-based ssh from your lxc-host to apple and orange. Then put these lines into lxc's authorized_keys file:

command="ssh -q -t user@apple $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAsomeB3N...== user@client
command="ssh -q -t user@orange $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAanotherB3N...== user@client

Now the lxs host can automatically connect to apple and orange, based on the client key.

See more:

https://serverfault.com/questions/329529/virtual-hosts-for-ssh
http://blog.lick-me.org/2012/06/ssh-gateway-shenanigans/

Links per page

Filters