the idea is: ssh is running on 22

what if user can connect localport 2222<->22

and user can then connect to localport:2222 and it will be forwarded to localport:22?

and YES IT IS POSSIBLE 🙂

which the massively complex socat: socat.man.txt

su - root; # complete root login
apt update
apt install socat
# connect localport 22 to localport 2222
socat tcp-listen:2222,reuseaddr,fork tcp:localhost:22

… leave this terminal open and now open up another terminal:

# login to localhost using port 2222
ssh -vv -p2222 localhost

# NICE :)
user@localhost's password:
admin