I want to forward port 22 (ssh) to port 7999 (where bitbucket is running) only for user git, and use the normal sshd for every other user. I looked at HAProxy for the ssh forwarding, but that doesn't let me differentiate per user.
How do I configure this on the server? I don't want each individual client to configure a ProxyCommand in their .ssh/config.
You can try something along this line (untested):
In /etc/ssh/sshd_config (or similar), add something like this:
Match user git
ForceCommand ssh git@localhost -p 7999
Don't forget to reload/restart sshd. This should "tunnel" the connection to Bitbucket on port 7999. Alternatively, a netcat might also work (ForceCommand nc localhost 7999).
As I said, this is untested but it works for me to redirect an ssh connection to another host altogether.
I don't think you can do this because the user is not known when the connection is initially created which is when you would need to to the redirect.
Did you know that anything that that can go in the per-user ~/.ssh/config can be put in the /etc/ssh/ssh_config file and is globally applied ? Perhaps you can use that to configure a ProxyCommand globally.
