I am looking for a solution where I can setup a main "SFTP" forwarding server and send it to the relevant clients SFTP backend details so they get "forwarded" on sucessfully.
It's a little difficult to explain, so I will write it like this:
I connect to sftp.domain.com > This pops me into my own hosted system for all my clients > This recognises that domain and forwards the SFTP details I've put in (username, password, port) to the actual SFTP server it's meant to get to > They login and see the files.
This eliminates IP whitelisting for SFTP on the ports due to CloudFlare free plan, creating a VPN AND stops me from just opening port "2022" for example on a whim, leaving it exposed. (It's Pterodactyl, a standalone SFTP connector inside of the daemon)
I can then do ufw allow from <thatbox>
and it will only auth against those requests coming from it. Simple!
How would I do this, and do I need something custom?
What if the client expands and has two systems? Can we do ports to depict which SFTP server it goes to, like sftp://sftp.domain.com:2022 for server 1 and sftp://sftp.domain.com:2023 for server 2 and the config realises how that works and forwards it on?
Or am I being stupid and need to get a custom solution, or is there an easier way like SFTP passthrough or something?
I am a system administrator for 5 years but I don't know everything, and this is our bottleneck in learning and I want to find out the best method. For now, we use OpenVPN with the client who has a dynamic IP OR using IP whitelisting if they have a static.
Any help would be appreciated.
Unfortunately not attempted anything currently except the two methods we know and works.