Home / server / Questions / 813217
In Process
Amedee Van Gasse
Asked: 2016-11-05 06:02:10 +0800 CST

user-based ssh port forwarding

  • 772

I want to forward port 22 (ssh) to port 7999 (where bitbucket is running) only for user git, and use the normal sshd for every other user. I looked at HAProxy for the ssh forwarding, but that doesn't let me differentiate per user.

How do I configure this on the server? I don't want each individual client to configure a ProxyCommand in their .ssh/config.

ssh git

2 Answers

  1. You can try something along this line (untested):

    In /etc/ssh/sshd_config (or similar), add something like this: 

    Match user git 
    ForceCommand ssh git@localhost -p 7999

    Don't forget to reload/restart sshd. This should "tunnel" the connection to Bitbucket on port 7999. Alternatively, a netcat might also work (ForceCommand nc localhost 7999).

    As I said, this is untested but it works for me to redirect an ssh connection to another host altogether.

    • 1

  2. I don't think you can do this because the user is not known when the connection is initially created which is when you would need to to the redirect.

    Did you know that anything that that can go in the per-user ~/.ssh/config can be put in the /etc/ssh/ssh_config file and is globally applied ? Perhaps you can use that to configure a ProxyCommand globally.

    • 1