Forwarding incoming ssh connections to virtual machine based on LDAP group

Question 1

My Question is as follows:

How can I forward all incoming SSH (Port 22) traffic (except one account) to a VM which is running on this server?

The Server is based on Proxmox VE 3.1
The VM is Debian 7 with group-based LDAP-auth

Goal is, to forward members of the LDAP-group “login” to the VM, while special accounts (e.g. administrator) log in on the physical machine (so they don’t get forwarded). The User should ideally not “know” about the physical machine, that means without the use of special ports. The server should be able to decide if a user logs in on the physical or the VM.

Is that possible?

Best Regards 😉

UPDATE

To be more specific: The user should not have a /home/ dir on the host machine. A legitimate user should be redirected directly to the Login-VM, without logging in first on the VM-Host.

The proposed solution via ssh’s ForceCommand works, but (if don’t want to allow the connection everytime because of no known_hosts file) needs to have a home dir on the VM-Host. I hope that clears things up.

Question 2

I think that setting ForceCommand in sshd_config, combined with either Match User or a proxy script to route connections, is what you want. See the answer at Username based SSH proxy.

Forwarding incoming ssh connections to virtual machine based on LDAP group

UPDATE

Answer

Related

Leave a Comment Cancel reply

Full Server Backup procedure [closed]

phpmyadmin port change? [closed]

is it possible to have Web server and NAS on the same hardware microsever? [closed]

How to time how long it takes to compile Red Hat from source? [closed]

Is there another database server software for PHP other than MySQL? [closed]