How to provide additional security for ssh connection when using ngx_stream_proxy

E

Evdokim2019-10-04 22:27:39

Nginx

Evdokim, 2019-10-04 22:27:39

How to provide additional security for ssh connection when using ngx_stream_proxy_module?

There is a certain Nginx “front” server that acts as a reverse proxy for ports 80 and 443.
There was a need to use the ngx_stream_proxy_module to redirect ssh from the "front" server to another server where the 22nd port is open. For example, a request comes in at 1.2.3.4:2022, and Nginx sends it to server 3.4.5.6:22.
Is it possible on server 1.2.3.4 to provide additional security in order to connect via ssh ? For example, the presence of a special certificate from the client side? That is, if there is a certificate, then an ssh connection is established, a person enters a login password in the Putty terminal and it works.
The certificate or key must be verified by Nginx, and if the certificate is valid, then Nginx starts forwarding ssh traffic to 2.3.4.5:22

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Mikhail Vasilyev, 2019-10-04
@vasilyevmn

Why does nginx in this scheme not suit the usual port forwarding?
Alya:

iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 --dport 2022 -j DNAT --to-destination 3.4.5.6:22
iptables -t nat -A POSTROUTING -p tcp -d 3.4.5.6 --dport 22 -j SNAT --to-source 1.2.3.4:2022

X

xmoonlight, 2019-10-05
@xmoonlight

Look here