So preventing man in the middle which is more or less what you are describing is one of the things ssh is designed to do. That being said I suppose you could proxy the ssh session to somewhere else. So what you would have to do is have an inbound ssh connection and an outbound ssh connection. Read session on both connections and write whatever you get to the other session. Any of the ssh libraries could do this.
> On Jan 12, 2017, at 8:34 AM, Alexis Pereda <[email protected]> wrote: > > Hello, > > I have not yet tried libssh and I want to know if my goal is reachable with > it before I do. > Is it possible with libssh to implement a SSH server so it listens to > incoming connections and split it, depending on the username, to another > port/another IP address? > Simple example (with almost real information): > I have a standard SSH server listening on port 2222 and another one listening > on IP address 172.17.0.1, port 22 (actually, it is a docker container, > running a standard SSH server). What I want to achieve is a program listening > on port 22 that will act like a direct connection to port 2222 for any user > but foo and will act like a direct connection to 172.17.0.1:22 if the user is > foo, so when someone do ssh [email protected] <mailto:[email protected]> it > actually connects to the inner docker. > > I already searched for something that would do that but until now, I found > nothing. If you know anything I am interested. > > So, to summarize: is it possible or better already done? > > Thank you. > -- > Regards, > Alexis
