[announce] user based ssh2proxy using the openssh libssh.a api

Barnim Dzwillo dzwillo at strato.de
Wed Dec 1 03:23:46 AEDT 2021


A sshproxy for the ssh2 protocol, which allows to select different
ssh backend hosts based on the ssh username, is availabe here:

The proxy implements the client-side and server-side connections
using the api of the libssh.a provided by the openssh project.
This allows the proxy code to stay in sync with openssh updates
and bugfixes.

- the ssh2proxy allows users of multiple sshservers to access
   the ssh service through a single endpoint.

- the proxy supports ssh2 password & pubkey authentication.

- for public key authentication the ssh2proxy has to use a
   different authentication scheme for the backend connection.
   The current implementation allows to switch to hostbased
   authentication for the backend.

- the backend host for each user can be configured in the sshproxy
   config file. For more complex setups it is possible to add a
   special switch module to the implementation.

- to allow transparent operation for a client, the ssh2proxy has
   to use the same hostkeys as the backend ssh servers.
   With different hostkeys a client with existing known_hosts
   entries would notice the proxy as a man-in-the-middle.

The current version is built on top of openssh-8.2p1.

Perhaps this could be useful for some network setups.


Barnim Dzwillo
STRATO AG, Pascalstrasse 10, 10587 Berlin
Shared Hosting Development

More information about the openssh-unix-dev mailing list