-1

My Question is as follows:

How can I forward all incoming SSH (Port 22) traffic (except one account) to a VM which is running on this server?

The Server is based on Proxmox VE 3.1 The VM is Debian 7 with group-based LDAP-auth

Goal is, to forward members of the LDAP-group "login" to the VM, while special accounts (e.g. administrator) log in on the physical machine (so they don't get forwarded). The User should ideally not "know" about the physical machine, that means without the use of special ports. The server should be able to decide if a user logs in on the physical or the VM.

Is that possible?

Best Regards ;)

UPDATE

To be more specific: The user should not have a /home/ dir on the host machine. A legitimate user should be redirected directly to the Login-VM, without logging in first on the VM-Host.

The proposed solution via ssh's ForceCommand works, but (if don't want to allow the connection everytime because of no known_hosts file) needs to have a home dir on the VM-Host. I hope that clears things up.

Mat Fluor
  • 11
  • 4

1 Answers1

0

I think that setting ForceCommand in sshd_config, combined with either Match User or a proxy script to route connections, is what you want. See the answer at Username based SSH proxy.

Community
  • 1
Andrew Schulman
  • 8,561
  • 21
  • 31
  • 47
  • That's about the right idea, but I don't want to have a /home/ for the users on the VM-Host, so that a legitimate user 1. only logs in once and 2. don't has a /home/ on the host. I updatesd the Question for this matter – Mat Fluor Feb 03 '14 at 06:14
  • I think you have too many requirements. You're trying to mix the application layer (user names) with the network layer (forwarding). – Andrew Schulman Feb 03 '14 at 08:00