0

What could be best way to forward SSH connections for 1000+ users to be able to ssh from one server to inside private servers?

I have a hosting environment, where users will connect to internal servers through an SSH proxy server, i can do port forwarding for each user, but problem is that i want to dynamically generate a new port forwarding rule for each user to be able to ssh into their own server. This one is not working on my pfsense gateway, as it does not support adding rules through api or command line.

can i use a normal ubuntu/centos server using iptables to forward port to inside hosts?

the servers are hosted in a VPC, having one PFSENSE gateway , and has 1000+ servers behind it, to which i want to ssh, to preserve security.

In short, i want one ssh proxy server which will forward ssh connections for port 10000-11000 to internal servers port 22 to each 1000 servers

Farhan
  • 4,269
  • 11
  • 49
  • 80
  • Does http://serverfault.com/q/34552/170538 help to answer your question? Out do you specifically want to distinguish users at the iptables level? (by IP?) – Julien Langlois Oct 28 '16 at 15:24
  • Sorry, it does not. this answer does not provide a working solution for multiple users – Farhan Oct 28 '16 at 15:35
  • 1
    Why are you trying to do this? Don't you have enough IPv4 addresses? Haven't you got IPv6? – Michael Hampton Oct 28 '16 at 15:41
  • its AWS, and managing thousands of IP addresses for each client is headache. and aws does not support direct IPv6 EIP – Farhan Oct 28 '16 at 15:42

0 Answers0