Hi,
Currently I'm in the process of making some changes on a small infrastructure that is composed of a few old physical machines which I want to virtualise.
One of those machines is an old Windows Server 2003, that has been hosting an SSH Server (WinSSHD, or Bitvise SSH Server, an old version by now).
I've been looking for a WinSSHD alternative that fits what I have now, since the software does not have a linux version, but that's been harder than I thought because of the features that WinSSHD provides and that I'm using.
For instance:
- Users are created in the software, no dependency on OS users, active directory or any other external tool (but ok, could accept a software that has integrated logins);
- For instance, "user-1" is allowed to login with certificate only, no session is allowed, so no access to any console (ok, this would be feasible in other alternatives);
- Then it is allowed to make a port forwarding only to 99.99.99.99:999, which does not exist on the network;
- The SSH server accepts that 99.99.99.99:999 target defined internally as an alias, then connects to the real IP address, for instance 10.10.1.100:3389 (let's say for example it was a RDP connection).
So this way:
1- the client can only connect with it's user and certificate (public key on the server),
2- then it is only allowed to make a port forwarding to a very specific non-existant ip
ort destination, which does not expose any details about the target network infrastructure,
3- then the SSH server internally maps that alias to the correct iport on the network,
4- this even allows me to change target server IP with no impact on the client, I would only need to reconfigure the alias on SSH server.
I would like to not depend on a windows machine for this service, and on the limit, I could even test running the software on wine, as a last resort alternative before getting stuck with windows.
Still having a native linux solution would be way better, bu from what I've read, setting up an SSH server on a linux will not give me this features I currently use, or would it be possible to do it?
Thanks
Currently I'm in the process of making some changes on a small infrastructure that is composed of a few old physical machines which I want to virtualise.
One of those machines is an old Windows Server 2003, that has been hosting an SSH Server (WinSSHD, or Bitvise SSH Server, an old version by now).
I've been looking for a WinSSHD alternative that fits what I have now, since the software does not have a linux version, but that's been harder than I thought because of the features that WinSSHD provides and that I'm using.
For instance:
- Users are created in the software, no dependency on OS users, active directory or any other external tool (but ok, could accept a software that has integrated logins);
- For instance, "user-1" is allowed to login with certificate only, no session is allowed, so no access to any console (ok, this would be feasible in other alternatives);
- Then it is allowed to make a port forwarding only to 99.99.99.99:999, which does not exist on the network;
- The SSH server accepts that 99.99.99.99:999 target defined internally as an alias, then connects to the real IP address, for instance 10.10.1.100:3389 (let's say for example it was a RDP connection).
So this way:
1- the client can only connect with it's user and certificate (public key on the server),
2- then it is only allowed to make a port forwarding to a very specific non-existant ip
ort destination, which does not expose any details about the target network infrastructure,3- then the SSH server internally maps that alias to the correct ip
ort on the network,4- this even allows me to change target server IP with no impact on the client, I would only need to reconfigure the alias on SSH server.
I would like to not depend on a windows machine for this service, and on the limit, I could even test running the software on wine, as a last resort alternative before getting stuck with windows.
Still having a native linux solution would be way better, bu from what I've read, setting up an SSH server on a linux will not give me this features I currently use, or would it be possible to do it?
Thanks