Allowing accessing server via an ssh proxy user

[nea89o]

Is your feature request related to a problem? Please describe.
Currently hosting soft serve requires to host it in another port, different from your regular ssh traffic. I want users to be able to just use [email protected]/my-repo.git like most git servers allow.

Describe the solution you'd like
By using a custom shell or by specifying a command via .ssh/authorized_keys or AuthorizedKeysCommand one can execute a command when a certain user is trying to log in with a specific key (or even without a specific key when using the shell as a fallback). This can be used to launch any TTY program when logged in. The code required to do this is fairly easy to write and so far i have managed to write a script for this which works just invoking the command ssh localhost -p 23231 ${SSH_ORIGINAL_COMMAND[@]}. This is a bit annoying however, since i need to add an extra ssh key to the user i want to authenticate as. Adding a command like soft browse --as-user nea ${SSH_ORIGINAL_COMMAND[@]} would make this a lot easier and less intrusive.

Current workflow:

• user connects to my-server:22
• ssh daemon accepts that connection
• ssh daemon invokes AuthorizedKeysCommand, which is set to key-provider-script
• key-provider-script calls ssh localhost -p23231 user list using an admin key
• key-provider-script calls ssh localhost -p23231 user info <user> for each user using an admin key
• for each found ssh key (ignoring the scripts generated ones, see later), the key-provider-script emits a directive
  • this directive contains the original ssh key
  • this directive forces a command to be executed and prohibits all other activity (like port forwarding, x11 forwarding)
• ssh daemon finds all of those generated authorized key directives and tries to authenticate with one of them. if it cannot then it invokes the normal shell (which falls back to just a normal keyless ssh localhost -p23231).
• otherwise ssh daemon uses that key to find the proper command to be executed and provides that command with the variable SSH_ORIGINAL_COMMAND which shows the original ssh command
• the command is aware which original user it belongs to
• it tries to find a server side ssh key for that user
  • alternatively it generates a new ssh key on the server, saves the private key and uses ssh localhost -p23231 user add-pubkey to add that public key to the user
• once it has a key it calls ssh localhost -p23231 -i the_private_key_file $SSH_ORIGINAL_COMMAND in order to connect the user to soft serve

This workflow could be massively improved with changes in soft serve. While implementing all of this to the proper satisfaction of whatever standards this project might have might be a bit much, implementing just the last step of impersonating a user on the current tty using a soft browse --as-user <user> (or soft impersonate <user>) command would be pretty big step in making this easier to implement on my side, while also being a step that soft serve would eventually need to do itself anyway, if it wants to support a workflow like this.

Describe alternatives you've considered
I can also host soft serve on port 22 and my other stuff on a non standard port. I would consider that a downgrade since git isnt the only public facing ssh feature i might have and most other git servers dont need me to do this.

I can also specify a Host in my client sided ssh config. I would consider this a downgrade since no other git server requires editing the ssh config in every client.

Additional context

• man sshd_config(5): AuthorizedKeysCommand
• man sshd(8): AUTHORIZED_KEYS FILE FORMAT
• Another git server implementing something similar to this (writing to the .ssh/authorized_keys file instead of using AuthorizedKeysCommand): https://github.com/gogs/gogs/blob/5bdf91e73c7733d92e80f6ea9e3fbba60490c9cf/internal/database/ssh_key.go#L32