You cannot have multiple destinations proxied through a single ip+port connection, as SSH clients do not indicate which server they wish to speak to. What you suggest is certainly achievable (by assigning new addresses for each name) with significant administrative overhead.
But is is not probably not desirable. If everyone is supposed to connect to the forwarded machines through that server (called bastion) anyway, you got more options than just plain ports.
E.g., you can place the connections to the forwarded machines in a folder on the server:
ssh -R /minion/user1.example:localhost:22 user1.example@bastion.example
ssh -R /minion/user2.example:localhost:22 user2.example@bastion.example
# or even
ssh -R /minion/$(hostname -f):localhost:22 $(hostname -f)@bastion.example
As every socket is named after the server it is connected to, one config works for all:
Host *.example
ProxyCommand ssh bastion.example netcat -U /chroot/minion/%h
And the command to use it looks clean & simple:
ssh user@user1.example
ssh user@user2.example
See man 5 ssh_config
for an explanation on %h
and %n
, one of which you likely want to use. Also mind the StreamLocalBindUnlink
option, as you do not want the setup to fail if sockets already exist.