Re: Dispatch incoming connections depending on username

[Alexis Pereda <alexis@xxxxxxxxx>]

Hm, it really is a man in the middle, indeed, now that you say it.
Thank you for the fast answer. So, I will try to do it by myself, and if
I need, I will come back here.

Le 12/01/2017 à 14:52, Joseph Southwell a écrit :
> So preventing man in the middle which is more or less what you are
> describing is one of the things ssh is designed to do. That being said
> I suppose you could proxy the ssh session to somewhere else. So what
> you would have to do is have an inbound ssh connection and an outbound
> ssh connection. Read session on both connections and write whatever
> you get to the other session. Any of the ssh libraries could do this.
>
>> On Jan 12, 2017, at 8:34 AM, Alexis Pereda <alexis@xxxxxxxxx
>> <mailto:alexis@xxxxxxxxx>> wrote:
>>
>> Hello,
>>
>> I have not yet tried libssh and I want to know if my goal is
>> reachable with it before I do.
>>
>> Is it possible with libssh to implement a SSH server so it listens to
>> incoming connections and split it, depending on the username, to
>> another port/another IP address?
>>
>> Simple example (with almost real information):
>> I have a standard SSH server listening on port 2222 and another one
>> listening on IP address 172.17.0.1, port 22 (actually, it is a docker
>> container, running a standard SSH server). What I want to achieve is
>> a program listening on port 22 that will act like a direct connection
>> to port 2222 for any user but *foo* and will act like a direct
>> connection to 172.17.0.1:22 if the user is *foo*, so when someone do
>> /ssh foo@xxxxxxxxxx/ it actually connects to the inner docker.
>>
>> I already searched for something that would do that but until now, I
>> found nothing. If you know anything I am interested.
>>
>> So, to summarize: is it possible or better already done?
>>
>> Thank you.
>>
>> -- 
>> Regards,
>> Alexis
>

Attachment: signature.asc
Description: OpenPGP digital signature