I want to make available a pool of dev machines to a pool of developers, where each developer should only access its own dev machine. Dev machines are on a private network, behind a NAT, whereas developers are on the DMZ.
I'd want to implement a solution in which:
- users connect via ssh (X forwarding included) to the NAT public interface, which in turn forwards the request to an Access Control machine (basically a proxy);
- the AC machine forwards the connection to the right dev machine, depending on a configurable policy.
Clearly, users should neither know about target machine name or IP nor guess the network structure. They should only initiate an SSH connection without any client-side special configuration (this prevents the use of ProxyCommand).
How can I implement such a solution?
