{"id":22281541,"url":"https://github.com/cea-hpc/sshproxy","last_synced_at":"2025-04-06T02:10:03.610Z","repository":{"id":57563321,"uuid":"48028584","full_name":"cea-hpc/sshproxy","owner":"cea-hpc","description":"Proxy SSH connections on a gateway","archived":false,"fork":false,"pushed_at":"2025-03-28T15:50:33.000Z","size":9734,"stargazers_count":103,"open_issues_count":5,"forks_count":8,"subscribers_count":20,"default_branch":"master","last_synced_at":"2025-03-28T16:29:10.730Z","etag":null,"topics":["cea","etcd","go","ssh"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cea-hpc.png","metadata":{"files":{"readme":"README.asciidoc","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-12-15T08:06:30.000Z","updated_at":"2025-03-28T15:38:43.000Z","dependencies_parsed_at":"2022-08-31T05:11:48.705Z","dependency_job_id":"763d2528-ebd1-41c3-aa80-00c7363a60c4","html_url":"https://github.com/cea-hpc/sshproxy","commit_stats":null,"previous_names":[],"tags_count":30,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-hpc%2Fsshproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-hpc%2Fsshproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-hpc%2Fsshproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cea-hpc%2Fsshproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cea-hpc","download_url":"https://codeload.github.com/cea-hpc/sshproxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247423515,"owners_count":20936626,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cea","etcd","go","ssh"],"created_at":"2024-12-03T16:19:08.519Z","updated_at":"2025-04-06T02:10:03.590Z","avatar_url":"https://github.com/cea-hpc.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"sshproxy\n========\n\nimage:https://github.com/cea-hpc/sshproxy/actions/workflows/tests.yml/badge.svg[\n\"Build Status\",\nlink=\"https://github.com/cea-hpc/sshproxy/actions/workflows/tests.yml\"]\n\nWhat is sshproxy?\n-----------------\n\nsshproxy is used on a gateway to transparently proxy a user SSH connection on\nthe gateway to an internal host via SSH. scp, sftp, rsync, etc. are supported.\n\nsshproxy defines routes which bind an SSH listening address to a pool of\ndestination hosts. It can then choose the first available destination or\nload-balance the connections with a simple round-robin algorithm.\n\nBecause of its design sshproxy is stateless (it is launched as a\n+ForceCommand+ by sshd). It can be made stateful by using etcd allowing to:\n\n- remember users connections and always connects a user to the same\n  destination while a connection to this destination is alive,\n- periodically check if destination hosts are alive.\n\nStates stored in etcd can be displayed or modified with the +sshproxyctl+\ncommand.\n\nsshproxy can be configured to monitor SSH sessions and either to save them in\nfiles or to send them to the very simple +sshproxy-dumpd+ daemon. Sessions can\nbe replayed with the +sshproxy-replay+ command.\n\nCompilation\n-----------\n\nInstall the Go (version \u003e= 1.22) compiler suite: see\nhttp://golang.org/doc/install for details.\n\nDefine and export the +$GOPATH+ directory where the source code will be\nunpacked (e.g. '$HOME/go'):\n\n\t$ export GOPATH=$HOME/go\n\t$ mkdir -p $GOPATH/src/github.com/cea-hpc\n\t$ cd $GOPATH/src/github.com/cea-hpc\n\t$ tar xvJf sshproxy-X.Y.Z.tar.xz\n\nCompile everything:\n\n\t$ make\n\nInstallation\n------------\n\nInstall binaries and manpages:\n\n\t# make install\n\n+sshproxy+ and +sshproxy-dumpd+ are installed in +/usr/sbin+, +sshproxyctl+\nand +sshproxy-replay+ in +/usr/bin+.\n\nOptional installation\n---------------------\n\nIf you want to use clustershell groups with sshproxy, you have to install\n+libnodeset.so+ from https://github.com/fdiakh/nodeset-rs\n\nIf you don't, you'll still be able to use nodesets, but not clustershell\ngroups.\n\nYou can check if sshproxy uses +libnodeset.so+ with this command:\n\n\t$ sshproxyctl show config\n\t[…]\n\tlibnodeset.so found\n\t[…]\n\nConfiguration\n-------------\n\nThere is a commented configuration file in the +config+ directory.\n\nConfigure +/etc/sshproxy/sshproxy.yaml+ to suit your needs.\n\nModify the SSH daemon configuration +/etc/ssh/sshd_config+ by adding:\n\n\tForceCommand /usr/sbin/sshproxy\n\nMigrating to sshproxy 2\n-----------------------\n\nVersion 2 brings a lot of changes to sshproxy:\n\n1. configuration file:\n  - **all** configuration options can now be set outside of overrides (those are\n    the default values) or inside an override\n  - `users`, `groups` and `routes` options have been replaced by the overrides\n    system:\n    * old style:\n\n          routes:\n            default:\n              some_default_options…\n            service1:\n              source: [an.ip.sshd.listens.to]\n              some_sources_options…\n          users:\n            - alice,bob:\n                some_users_options…\n          groups:\n            - foo,bar:\n                some_groups_options…\n\n    * new style:\n\n          some_default_options…\n          overrides:\n            - match:\n                - sources: [an.ip.sshd.listens.to]\n              some_sources_options…\n            - match:\n                - users: [alice,bob]\n              some_users_options…\n          overrides:\n            - match:\n                - groups: [foo,bar]\n              some_groups_options…\n\n  - the `match` conditions of the overrides system can be combined. Here is an\n    example meaning \"match if (the user is in the group foo **and** in the\n    group bar) **or** ((the user is alice **or** bob) **and** the user is\n    connected to an.ip.sshd.listens.to)\":\n\n        overrides:\n          - match:\n              - groups: [foo]\n                groups: [bar]\n              - users: [alice,bob]\n                sources: [an.ip.sshd.listens.to]\n\n  - nodesets can now be used for the `dest` key\n  - if `libnodeset.so` (from https://github.com/fdiakh/nodeset-rs) is found, it\n    allows the use of clustershell groups where nodesets are allowed\n  - new option: `blocking_command` runs a command before starting the ssh\n    connection to the destination. If the command does not return 0, the\n    connection is aborted\n2. command line interface:\n  - in all the tables, `Host` and `Port` columns are now merged into a single\n    `Host:Port`\n  - `sshproxyctl get_config` has been removed and replaced by\n    `sshproxyctl show config`\n  - `sshproxyctl show hosts` and `sshproxyctl show users -all` now display\n    persist info\n  - `sshproxyctl enable HOST [PORT]` has been removed and replaced by\n    `sshproxyctl enable -all|-host HOST [-port PORT]`\n  - `sshproxyctl disable HOST [PORT]` has been removed and replaced by\n     `sshproxyctl disable -all|-host HOST [-port PORT]`\n  - `sshproxyctl forget HOST [PORT]` has been removed and replaced by\n     `sshproxyctl forget host -all|-host HOST [-port PORT]`\n  - `sshproxyctl error_banner` (without any parameter) has been removed and\n    replaced by `sshproxyctl forget error_banner`\n\nCopying\n-------\n\nCopyright (C) 2015-2025 CEA/DAM/DIF\n\nsshproxy is distributed under the CeCILL-B, a French transposition of the BSD\nlicense. See the included files +Licence_CeCILL-B_V1-en.txt+ (English version)\nand +Licence_CeCILL-B_V1-fr.txt+ (French version) or visit\nhttp://www.cecill.info for details.\n\nAuthors\n-------\n\nCurrent maintainer:\n\n- Cyril Servant https://github.com/cyrilst \u003ccyril.servant@cea.fr\u003e\n\nOriginal author:\n\n- Arnaud Guignard https://github.com/arno\n\nContributors:\n\n- Olivier Delhomme https://github.com/od-cea\n- François Diakhaté https://github.com/fdiakh\n- Romain Fihue https://github.com/fihuer\n- Dominique Martinet https://github.com/martinetd\n\nDocumentation\n-------------\n\nSee files in the +doc+ directory.\n\n// vim:tw=78:ft=asciidoc:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcea-hpc%2Fsshproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcea-hpc%2Fsshproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcea-hpc%2Fsshproxy/lists"}