SSH into multiple servers based on Domain HOST ACL

Question

What I’m trying to achieve here is using 1 Entry point for all of my servers using a private network. 1 server with Public IP access and then pointed multiple domains on it, after that use ACL to decide which backend to use.

Example Configurations:

frontend UK-1
bind *:77
option tcplog
mode tcp

tcp-request inspect-delay 60s
acl is_ssh payload(0,7) -m bin 5353482d322e30 # "SSH-2.0" in hex
tcp-request content accept if is_ssh

# Define hosts
acl l1_dom req.ssl_sni -i uk-ep-1.example.com
use_backend l1_ssh if l1_dom

acl i1_dom req.ssl_sni -i -i uk-ep-1.i1.example.com
use_backend i1_ssh if i1_dom

backend DefaultBackend
mode http
http-request deny deny_status 403

backend i1_ssh
mode tcp
timeout connect 3000
timeout server  7200000
option          httpchk
server          ssh 192.168.0.155:2905

backend l1_ssh
mode tcp
timeout connect 3000
timeout server  7200000
option          httpchk
server          ssh 192.168.0.167:2917

Unfortunately, this isn't working!

score 0 · Answer 1 · answered Nov 23 '19 at 13:52

0

SSH doesn't support SNI, which is why this isn't working. There have been discussions in the past to implement this, see this or this thread for example, but so far, that's not done.

answered Nov 23 '19 at 13:52

gxx

5,591
2
22
42

SSH into multiple servers based on Domain HOST ACL

1 Answers1