We are looking to configure a 'transparent' SSH gateway that passes authentication on to an upstream SSH server based upon the username in the SSH request. All users will be using public key authentication, no passwords. We'd like for the applicable public keys to be stored on the clients upstream servers only, not the gateway; the gateway simply proxies the connection based upon the username. Can this be done with an SSHD configuration? Or even HaProxy? Can the public key lookup location in the SSHD configuration be configured to check a remote server - e.g. a remote public-key server
A diagram of what we're looking for: