My Question is as follows:
How can I forward all incoming SSH (Port 22) traffic (except one account) to a VM which is running on this server?
The Server is based on Proxmox VE 3.1 The VM is Debian 7 with group-based LDAP-auth
Goal is, to forward members of the LDAP-group "login" to the VM, while special accounts (e.g. administrator) log in on the physical machine (so they don't get forwarded). The User should ideally not "know" about the physical machine, that means without the use of special ports. The server should be able to decide if a user logs in on the physical or the VM.
Is that possible?
Best Regards ;)
UPDATE
To be more specific: The user should not have a /home/ dir on the host machine. A legitimate user should be redirected directly to the Login-VM, without logging in first on the VM-Host.
The proposed solution via ssh's ForceCommand
works, but (if don't want to allow the connection everytime because of no known_hosts
file) needs to have a home dir on the VM-Host. I hope that clears things up.