Hi ,
I have the following requirement .
other than following users, any other user sshd connection should be
redirected to 2024 instead of port 22.
root, ftp, guest
So
ssh root at ip // should be sent to sshd running at port 22
ssh otheruser at ip // should be sent to sshd running at port 2024
I know that we can do something like this:
ssh -o ProxyCommand='ssh -W localhost:2024 cliuser at ip' otheruser@
<secadmin at 10.220.167.184>ip
will take to otheruser login to port 2024 after sshd_config settings
Match user cliuser
MaxSessions 0
PermitOpen localhost:2024
This requires long command at the client side . Can this be made simple like
ssh otheruser at ip automatically goes to port 2024 after i make some
redirection at sshd_config
Thanks and Regards,
Sudarshan
On Sun, Jul 9, 2017 at 2:41 AM, Sudarshan Soma <sudarshan12s at gmail.com> wrote:> Hi , > I have the following requirement . > other than following users, any other user sshd connection should be > redirected to 2024 instead of port 22. >I can't think of a way to "transparently" redirect to another port, but if you have one sshd listening on both you can use "Match LocalPort 2024" to configure different behaviour on that port. What are you trying to achieve with this redirection? -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Tue, Jul 18, 2017 at 6:43 PM, Darren Tucker <dtucker at zip.com.au> wrote:> On Sun, Jul 9, 2017 at 2:41 AM, Sudarshan Soma <sudarshan12s at gmail.com> > wrote: > >> Hi , >> I have the following requirement . >> other than following users, any other user sshd connection should be >> redirected to 2024 instead of port 22. >> > > I can't think of a way to "transparently" redirect to another port, but if > you have one sshd listening on both you can use "Match LocalPort 2024" to > configure different behaviour on that port. > > What are you trying to achieve with this redirection? >Depending on what you're trying to achieve, maybe Match someuser ForceCommand ssh -A -p 2024 localhost although it won't be transparent for non-pubkey authentications. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
> Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s at gmail.com>: > > Hi , > I have the following requirement . > other than following users, any other user sshd connection should be > redirected to 2024 instead of port 22. > root, ftp, guest > > So > ssh root at ip // should be sent to sshd running at port 22 > ssh otheruser at ip // should be sent to sshd running at port 2024 > > > I know that we can do something like this: > > ssh -o ProxyCommand='ssh -W localhost:2024 cliuser at ip' otheruser@ > <secadmin at 10.220.167.184>ip > > will take to otheruser login to port 2024 after sshd_config settings > > Match user cliuser > > MaxSessions 0 > > PermitOpen localhost:2024 > > > > This requires long command at the client side . Can this be made simple like > > > ssh otheruser at ip automatically goes to port 2024 after i make some > redirection at sshd_configIt could be implemented on the client side: - one global ssh_config wich defined to use port 2024 (always) - three custom ssh_config files for the three users in question to use port 22 -- Reuti
Thanks somuch. I am checking it. Best Regards, On Tue, Jul 18, 2017 at 9:08 PM, Reuti <reuti at staff.uni-marburg.de> wrote:> > > Am 08.07.2017 um 18:41 schrieb Sudarshan Soma <sudarshan12s at gmail.com>: > > > > Hi , > > I have the following requirement . > > other than following users, any other user sshd connection should be > > redirected to 2024 instead of port 22. > > root, ftp, guest > > > > So > > ssh root at ip // should be sent to sshd running at port 22 > > ssh otheruser at ip // should be sent to sshd running at port 2024 > > > > > > I know that we can do something like this: > > > > ssh -o ProxyCommand='ssh -W localhost:2024 cliuser at ip' otheruser@ > > <secadmin at 10.220.167.184>ip > > > > will take to otheruser login to port 2024 after sshd_config settings > > > > Match user cliuser > > > > MaxSessions 0 > > > > PermitOpen localhost:2024 > > > > > > > > This requires long command at the client side . Can this be made simple > like > > > > > > ssh otheruser at ip automatically goes to port 2024 after i make some > > redirection at sshd_config > > It could be implemented on the client side: > > - one global ssh_config wich defined to use port 2024 (always) > - three custom ssh_config files for the three users in question to use > port 22 > > -- Reuti