SSH proxy from Traefik to LXC

Is it possible to have SSH reverse proxying? My use case being i have multiple LXC containers, 1+ per user, and i want them to be able to SSH in using regisgered in traefik subdomains

Hi!

The answer is yes, but only in version 2+ :slight_smile:

But since SSH has no notion of HOST, the only option is to dedicate a port to SSH, and no additional routing will be available (so it’s not possible to have Traefik route requests based on the subdomains for SSH).

EDIT: You’d use the rule HostSNI(*) to “catch all” from the entrypoint

Is there any other way that routing could be done?

I'm also interested in this. I am using Pterodactyl Daemon on domain like node.game.mydomain.eu and it's using HTTP on port 8080 for setting things and SFTP on port 2022 for transferring files. HTTP is working perfectly, but then I'd like to have that SFTP only available on that domain too. Is it possible somehow?

Alas it's because SSH (and SFTP) protocols does not allow it for security reasons.
You can find a pretty good explanation here: https://serverfault.com/a/610971 .
The author of this post submitted a patch to OpenSSH's project to allows "virtual host", but it was rejected for security reasons.

You might be interested by https://github.com/tg123/sshpiper , but be careful as it's basically performing MITM to catch the hostname.

Alternatively, you might be interested in "Web Terminals", using WebSockets , like https://github.com/tsl0922/ttyd . These project could help you as it's using HTTP/HTTPS.

Hope it helps?

1 Like