My Question is as follows:
How can I forward all incoming SSH (Port 22) traffic (except one account) to a VM which is running on this server?
The Server is based on Proxmox VE 3.1
The VM is Debian 7 with group-based LDAP-auth
Goal is, to forward members of the LDAP-group “login” to the VM, while special accounts (e.g. administrator) log in on the physical machine (so they don’t get forwarded). The User should ideally not “know” about the physical machine, that means without the use of special ports. The server should be able to decide if a user logs in on the physical or the VM.
Is that possible?
Best Regards 😉
To be more specific: The user should not have a /home/ dir on the host machine. A legitimate user should be redirected directly to the Login-VM, without logging in first on the VM-Host.
The proposed solution via ssh’s
ForceCommandworks, but (if don’t want to allow the connection everytime because of no
known_hostsfile) needs to have a home dir on the VM-Host. I hope that clears things up.
I think that setting
ForceCommand in sshd_config, combined with either
Match User or a proxy script to route connections, is what you want. See the answer at Username based SSH proxy.