[announce] user based ssh2proxy using the openssh libssh.a api
Barnim Dzwillo
dzwillo at strato.de
Wed Dec 1 03:23:46 AEDT 2021
Hello,
A sshproxy for the ssh2 protocol, which allows to select different
ssh backend hosts based on the ssh username, is availabe here:
https://github.com/bdzwillo/ssh2proxy
The proxy implements the client-side and server-side connections
using the api of the libssh.a provided by the openssh project.
This allows the proxy code to stay in sync with openssh updates
and bugfixes.
Features:
- the ssh2proxy allows users of multiple sshservers to access
the ssh service through a single endpoint.
- the proxy supports ssh2 password & pubkey authentication.
- for public key authentication the ssh2proxy has to use a
different authentication scheme for the backend connection.
The current implementation allows to switch to hostbased
authentication for the backend.
- the backend host for each user can be configured in the sshproxy
config file. For more complex setups it is possible to add a
special switch module to the implementation.
- to allow transparent operation for a client, the ssh2proxy has
to use the same hostkeys as the backend ssh servers.
With different hostkeys a client with existing known_hosts
entries would notice the proxy as a man-in-the-middle.
The current version is built on top of openssh-8.2p1.
Perhaps this could be useful for some network setups.
Thanks,
Barnim
--
Barnim Dzwillo
STRATO AG, Pascalstrasse 10, 10587 Berlin
Shared Hosting Development
More information about the openssh-unix-dev
mailing list