SSHD per-user operation

Setup

from some workstation

cd ~/.ssh/
ssh-keygen -t ed25519 -f lala
ssh-keygen -t ed25519 -f lili
cat ~/.ssh/lala.pub
cat ~/.ssh/lili.pub

on the server as THAT-USER

vi ~/.ssh/authorized_keys

command="/usr/bin/uname -a",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJTvicof1cUayfZ/qJyJ50Cpv1WagT+n+gv8458CMfY elge@bravo
command="/bin/netstat -lntup",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgdHLgD+gS9k3Ia6Avl5zU7Iiko1SOoPJ5aQosElAxe elge@bravo

Acceptance

back to the workstation, eventually kill any previously cached key

pkill ssh-agent
ps auxww | grep ssh-agent

and double-check what identity the client is using to authenticate

ssh -i ~/.ssh/lala SSH-SERVER -l THAT-USER -v
ssh -i ~/.ssh/lili SSH-SERVER -l THAT-USER -v

Resources - talking SSH reverse-proxy and single-auth

discussion on vhosts https://stackoverflow.com/questions/15558601/determine-virtual-host-name-on-ssh-connection-would-be-useful-for-virtual-git-h https://serverfault.com/questions/329529/virtual-hosts-for-ssh https://serverfault.com/questions/34552/is-there-a-name-based-virtual-host-ssh-reverse-proxy

this goes bounce http://benno.id.au/blog/2006/06/08/ssh_proxy_command

through HTTPS http://www.zeitoun.net/articles/ssh-through-http-proxy/start

this is what I wanted: proxy per user or pubkey http://quark.humbug.org.au/publications/ssh/ssh-tricks.html https://github.com/tg123/sshpiper - https://asciinema.org/a/222825

Restrict SSH logins to a single command https://research.kudelskisecurity.com/2013/05/14/restrict-ssh-logins-to-a-single-command/