{"id":14563564,"url":"https://github.com/hoffie/sshified","last_synced_at":"2026-01-12T02:50:12.372Z","repository":{"id":57556871,"uuid":"112658623","full_name":"hoffie/sshified","owner":"hoffie","description":"Acts as an HTTP proxy and forwards all received requests over server-specific SSH connections","archived":false,"fork":false,"pushed_at":"2025-06-25T21:40:56.000Z","size":12505,"stargazers_count":59,"open_issues_count":4,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-25T22:34:39.826Z","etag":null,"topics":["forwarder","gateway","http","prometheus","proxy","ssh","tunnel"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hoffie.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-11-30T20:44:40.000Z","updated_at":"2025-06-25T21:41:00.000Z","dependencies_parsed_at":"2023-11-23T22:22:12.444Z","dependency_job_id":"f1eba4cc-aaa6-4fea-9347-f2dbc8df8c01","html_url":"https://github.com/hoffie/sshified","commit_stats":null,"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/hoffie/sshified","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoffie%2Fsshified","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoffie%2Fsshified/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoffie%2Fsshified/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoffie%2Fsshified/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hoffie","download_url":"https://codeload.github.com/hoffie/sshified/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoffie%2Fsshified/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273566382,"owners_count":25128594,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-04T02:00:08.968Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["forwarder","gateway","http","prometheus","proxy","ssh","tunnel"],"created_at":"2024-09-07T02:03:09.242Z","updated_at":"2026-01-12T02:50:12.360Z","avatar_url":"https://github.com/hoffie.png","language":"Go","funding_links":[],"categories":["proxy"],"sub_categories":[],"readme":"# sshified\nsshified acts as an HTTP proxy and forwards all received requests over server-specific SSH connections.\n\n## Features\nThis tool is useful when you need to connect to several different machines using unauthenticated HTTP, but need benefits such as\n\n  * authentication (via pubkey authentication and host key checking)\n  * encryption (via SSH protocol)\n  * limiting to a single connection/port (only SSH, port 22).\n\nYou will need to configure your software to use sshified as an HTTP proxy.\n\nA popular use case is using the monitoring tool [Prometheus](https://prometheus.io).\nBy pointing Prometheus to sshified, all traffic will be tunneled over SSH and can therefore be run over untrusted networks.\n\nRudimentary HTTPS client support exists by using the special `?__sshified_use_https=1` parameter.\nIf certificate validation against the system trust store should be disabled, use `\u0026__sshified_https_insecure_skip_verify=1` as an additional query parameter.\n\n## Status\nThis project is considered feature-complete.\nIt has been used in production with several hundreds connections for many months now.\n\nSynthetic tests can be run in order to prove stability.\nFor more details, see [TESTING](TESTING.md).\n\n## Build\nThis tool is built using Go (tested with 1.20 or newer).\nIt makes use of some popular Go libraries, which have been vendored (using `dep`) to allow for reproducible builds and simplified cloning.\n\n`go get -u github.com/hoffie/sshified`\n\n## Configuration\n### sshified\nsshified is configured using command line options only (see `--help` and examples below).\n\n### Target server configuration\nAll your target servers need to fullfil the following requirements:\n\n* sshd server with the same port across your fleet\n* a user (no shell access required; restricting the user via `ForceCommand` in `sshd_config` is recommended)\n* public key authentication (`authorized_keys`)\n\nThe server running sshified is supposed to provide a `known_hosts` which contains entries for all possible targets.\n\nIt is recommended that this is managed using some configuration management tool such as Puppet.\n\n## Run\n```bash\n$ ./sshified --proxy.listen-addr 127.0.0.1:8888 --ssh.user sshified-test --ssh.key-file conf/id_rsa --ssh.known-hosts-file conf/known_hosts -v\n$ curl --proxy 127.0.0.1:8888 http://example.org:8080/api/example\n```\n\nIn above example, the following will happen:\n\n  * curl connects to the local sshified instance\n  * sshified will establish a SSH connection to example.org\n  * sshified will forward the HTTP request from curl to example.org using the previously created SSH connection.\n  * the HTTP response will be returned in the opposite direction.\n  \nIf another request is sent to example.org (which may even be to a different port), sshified will re-use the already existing SSH connection.\nIn other words: It uses a pooling strategy to minimize connection times and network traffic.\nShould the connection fail, sshified will assume that the SSH tunnel may have been broken in the meantime (e.g. due to timeouts).\nIt will therefore retry connecting once.\n\n## License\nThis software is released under the [Apache 2.0 license](LICENSE).\n\n## Author\nsshified has been created by [Christian Hoffmann](https://hoffmann-christian.info/).\nIf you find this project useful, please star it or drop me a short [mail](mailto:mail@hoffmann-christian.info).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoffie%2Fsshified","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhoffie%2Fsshified","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoffie%2Fsshified/lists"}