backend ssh-all
   mode tcp
   tcp-request content set-dst var(sess.dst)
   acl authorized_users ssl_c_s_dn(CN),concat(:,sess.dst) -i -f /etc/haproxy/user_authorization.acl
   tcp-request content reject if !authorized_users 
   server ssh 0.0.0.0:22