Les Partages de Memiks
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
linux - Haproxy for SSH name based proxying - Super User https://superuser.com/questions/769040/haproxy-for-ssh-name-based-proxying
Tue Oct 20 16:17:02 2020 archive.org
QRCode
thumbnail

This is impossible. HTTP protocol is different, because there is a "virtual host" concept and HAProxy can differentiate different hosts using "Host:" header. SSH has nothing like this and so the lxc-host is unable to know the container, you are trying to connect.

But you can use another SSH feature called "SSH gateway". Inside ~/.ssh/authorized_keys there is a command= option. Firts setup key-based ssh from your lxc-host to apple and orange. Then put these lines into lxc's authorized_keys file:

command="ssh -q -t user@apple $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAsomeB3N...== user@client
command="ssh -q -t user@orange $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAanotherB3N...== user@client

Now the lxs host can automatically connect to apple and orange, based on the client key.

See more:

https://serverfault.com/questions/329529/virtual-hosts-for-ssh
http://blog.lick-me.org/2012/06/ssh-gateway-shenanigans/
ssh key binding hosts git
4759 links, including 1673 private
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn