Can proxy ssh? If can proxy ssh, how do configure it? - Githubissues

dlundquist / sniproxy

Proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session.

BSD 2-Clause "Simplified" License

2.57k stars 398 forks source link

Can proxy ssh? If can proxy ssh, how do configure it? #311

Closed richfang closed 6 years ago

richfang commented 6 years ago

Can proxy ssh? If can proxy ssh, how do configure it?

dlundquist commented 6 years ago

Unfortunately SSH doesn’t include the host name in plain text form anywhere in the initial handshake, so the approach used by SNIproxy doesn’t apply. I would suggest either multiple destination NATs mapping each backend server to a distinct TCP port or a bounce/bastion host which users can’t SSH into and then from there connect to the selected backend server either using SSH agent forwarding or netcat in conjunction with the OpenSSH proxy command.