I've grown quite fond of HTTP reverse proxies in our development environment and found the DNS based virtual host reverse proxy quite useful. Having only one port (and the standard one) open on the firewall makes it much easier for management.
I'd like to find something similar to do SSH connections but haven't had much luck. I'd prefer not to simply use SSH tunneling since that requires opening port ranges other than the standard. Is there anything out there that can do this?
Could HAProxy do this?
Best Answer
I don't believe name-based SSH is something that will be possible given how the protocol works.
Here are some alternatives.
You could do is setup the host that answers for port 22 to act as a gateway. Then you can configure the ssh server to forward requests to the inside based on the key. SSH Gateway example with keys
You could adjust your client to use that host as a proxy. That is, it would ssh to the gateway host, and then make use that host to make a connection to the internal host. SSH proxy with client configuration.
You could also setup a simple http proxy on the edge. Then use that to allow incoming connections. SSH via HTTP proxy.
Obviously with all the above, making sure you properly configure and lock down the gateway is pretty important.