I have system where I run multiple containers. Each container is a linux system with a specific purpose and every container has a ssh server enabled. I want to make an entity that manage new ssh connections to the host machine and transparently route that connection to a specific container (witch have a ssh listening too) based on a criteria. I know that I can transparently route connections to a container using ProxyCommand, for example. My problem is that I want to re-route the connection to another container "on the fly" based on other criteria, for example: If the host machine detected that a connection to container A start to download a binary re-route the ssh connection transparently to container B and start download there. I want to do this in a way that the user of the system does not realize that he is in a container and the connection is routing between different containers while he is using the system.
A full example that may help to understand is: A client connect to ssh. This connection is made to the host machine which have running containers A and B. The host machine have a process that redirects this incoming ssh connection to container A by default (or based in some condition). The host machine keeps analyzing what the client is doing in container A by sniffing the packets and checking the commands passed by the client. If the host machine detect some specific command like "wget" the host machine re-route the ssh connection from container A to container B transparently, in a way that the client don't realize that the container changed and then the download start in container B.
Edit:
I am using Docker and the containers that will swap the connection always have the same environment (Same OS and version).
Edit 2:
I want a way to do this with some kind of re-routing the connection to apply this methodology in other cases like this example: I have host X that have container A. When the client connects to host X the ssh connection is re-routed to host Y that is in the same network with a listening ssh. Like before, based on a condition, host X re-routes the ssh from Host Y to container A transparently to user.
How can I do this with routing, iptables or any other method that redirect the connection?
Edit 3:
Basically I need a way to re-route the ssh from one machine to another without a noticeable re-connection . The simplest case is one machine (A) that handle the connection from client. A client from the internet connects to this machine (A) that redirect the connection to machine (B) with ProxyCommand. Just to be simple lets imagine that we have a timer that after 5 minutes executes a script in machine(A) that do the magic. What I want is a way that I can route this ssh connection from machine (B) to machine(C). The tricky part is that I want that this change from B to C isn't noticed by the user(client). I want that the client don't notice that the connection routed and the machine that he was initially connected have changed while he was using. So for this "illusion" I imagine if there is a way to keep the original connection alive to client but route the connection in machine (A), from B to C and when the client execute the next command instead of machine (B) the machine (C) will execute that command.
