A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
SSH reverse proxy
Is there any reverse proxy for ssh or any way to reverse proxy ssh through Nginx?
I've been trying for a few weeks and have had no luck at getting anything to work.
I'm looking for something that works this way:
-
expose port 22 so no having to use -p xxxx and have different ports for each containers ssh
-
be able to ssh to containers as subdomains such as how Nginx reverse proxy does
-
keep the current port 80 and 443, I don't want to run ssh through 443
If nothing like this exists any ideas on how to achieve this?
-- Edit 1
The current reverse proxy I'm using is https://docs.linuxserver.io/images/docker-swag
-- Edit 2
Thanks for all the information, took me a while to try all the options.
In the end, I was not able to achieve the proxy app.domain.com:22 for several containers for reasons pointed out by w0keson.
I ended up just doing separate ports per container that need ssh.
A SSH Jump Host?
I'm not sure ssh will work like this.
The way that nginx is able to reverse proxy for multiple domain names is that part of the HTTP protocol involves your browser telling nginx what domain name it's requesting, via a header that looks like: "Host: reddit.com" -- nginx is one program running on port 80 and it waits for the browser to tell it what domain it's looking for so nginx can proxy it accordingly.
SSH, to my knowledge, has no care about domain names and this is not part of the protocol. Like nginx, only one ssh program can be listening on port 22 at a time per server. If you want multiple machines (docker containers, etc.) all listening on SSH your options are:
Use the one SSH server (port 22) as a bastion host: you ssh into it, and then, from its command shell, you ssh to port 22 on whatever IP address for the docker container or whatever. Or use the bastion host to set up port forwarding but either way this is the clunky and non-ideal solution.
Or, each ssh host listens on a distinct port number and you need the `ssh -p` command.
Now, to make #2 easier you can edit your .ssh/config file and give each SSH host a friendly name. So you can "ssh nextcloud" and "ssh gitea" and whatever, and your .ssh/config will specify that those services live on w/e IP address at w/e SSH port and you can avoid needing to remember or use that "ssh -p" option all the time.
This seems to agree with what I had found so far. I guess there is no way to do exactly this and option 2 can work, thanks for the information.
I'm not sure I understand what you're trying to do exactly, maybe you could provide some more details? That said, as long as each subdomain resolves to an IP address that's listening for connections on port 22 using SSH, I don't see why this wouldn't be possible...
Well in that case the host must be accessible via internet, with an “ssh proxy” all your server can stay behind it. But a proxy can’t work for ssh, what you need in a ssh bastion server or something like Apache guacamole
Check out sshportal, it's a tool to multiplex access to lots of other little SSH servers (which could be running in containers on your machine): https://github.com/moul/sshportal This is commonly called a 'bastion host' if you're googling around for more related stuff. There's a lot of other interesting SSH-related stuff in this list too: https://github.com/moul/awesome-ssh
Comment deleted by user
Comment deleted by user