{"id":13510627,"url":"https://github.com/root-gg/tg","last_synced_at":"2025-03-30T16:34:18.842Z","repository":{"id":94144699,"uuid":"55322391","full_name":"root-gg/tg","owner":"root-gg","description":"[INACTIVE] TG an SSH bridge, also known as SSH bastion or SSH gateway, it acts as proxy to handle your SSH connections. This project is now inactive, use https://github.com/ovh/the-bastion instead","archived":true,"fork":false,"pushed_at":"2021-02-16T12:59:28.000Z","size":34,"stargazers_count":38,"open_issues_count":0,"forks_count":6,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-08-02T02:16:55.358Z","etag":null,"topics":["bastion","bastion-host","bastion-server","ssh","ssh-bastion","ssh-bridge","ssh-gateway","ssh-key"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/root-gg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-04-03T00:23:33.000Z","updated_at":"2023-01-27T23:28:53.000Z","dependencies_parsed_at":"2023-03-09T07:00:20.548Z","dependency_job_id":null,"html_url":"https://github.com/root-gg/tg","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root-gg%2Ftg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root-gg%2Ftg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root-gg%2Ftg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/root-gg%2Ftg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/root-gg","download_url":"https://codeload.github.com/root-gg/tg/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222566739,"owners_count":17004237,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bastion","bastion-host","bastion-server","ssh","ssh-bastion","ssh-bridge","ssh-gateway","ssh-key"],"created_at":"2024-08-01T02:01:47.616Z","updated_at":"2024-11-01T11:30:47.265Z","avatar_url":"https://github.com/root-gg.png","language":"Perl","funding_links":[],"categories":["Perl","others"],"sub_categories":[],"readme":"# IMPORTANT\n\u003e This project has not been updated since a long time. While it should still work and may be updated someday, you should consider using the well-maintained project \"The Bastion\" available here : https://github.com/ovh/the-bastion\n\nTG\n=========\n\nTG is the greatest ssh bridge ever !\nAn SSH bridge, also known as SSH bastion or SSH gateway acts as proxy to handle your SSH connections.\n\nScreenshots\n--------------\n\ntg -ls view:\n![tg -ls view](http://pix.toile-libre.org/upload/original/1459643733.png)\n\n\nInstallation (Server side)\n--------------\n\nFirst of all, you must have an SSH key on your current machine.\n\nIf you don't, create one from your current machine (make sure you provide a password when it asks for one):\n\n```sh\nssh-keygen -t rsa -b 4096\n```\n\n\nConnect to your future bastion server as root (important) :\n\nInstall dependencies:\n\nDebian:\n\n```sh\napt-get install openssh-server git libjson-perl libemail-mime-perl libdatetime-perl libemail-sender-perl  libemail-mime-creator-perl libjson-xs-perl libwww-perl screen libconvert-base32-perl libauthen-oath-perl\n```\n\nClone repo in a directory (ex: _/opt/tg_)\n\n```sh\ngit clone https://github.com/root-gg/tg.git /opt/tg\n```\n\nCreate a new user without password and with the tg _cache_ program as shell :\n\n```sh\nadduser --system --shell /opt/tg/cache --group --disabled-password --home /home/YOURUSER YOURUSER\n```\nReplace YOURUSER by the username of your choice.\n\nNow, you must create an SSH key to YOURUSER (this one will be without passphrase) :\n\n```sh\nsudo -u YOURUSER ssh-keygen -t rsa -b 4096 -N ''\n```\n\nAdd your SSH key in _/home/YOURUSER/.ssh/authorized_keys_\nIf this file does not exist, create it:\n```sh\ntouch /home/YOURUSER/.ssh/authorized_keys\n```\nAnd change his owner to YOURUSER\n```sh\nchown YOURUSER: /home/YOURUSER/.ssh/authorized_keys\n```\n\nTry to connect to your bastion host with your key :\n\n```sh\nssh YOURUSER@yourbastionhost.com\n```\n\nInstallation (Client side)\n--------------\n\nThis part requires your bastion server to be installed and it must be done on each client you are using.\n\nChoose one of these two methods for each client to fit your needs\n\nFirst of all, try to connect to your bastion host with your key :\n\n```sh\nssh YOURUSER@yourbastionhost.com\n```\n\n### Method 1: Client with tg official client\n\nClone tg in a folder (ex: ~/bin/tg) :\n\n```sh\nmkdir ~/bin\ngit clone https://github.com/root-gg/tg.git ~/bin/tg\n```\n\nChange your PATH to add ~/bin/tg :\n\n```sh\necho 'export PATH=\"~/bin/tg::$PATH\"' \u003e\u003e ~/.bashrc\n```\n\nRestart your shell !\n\nInitialize TG client :\n\n```sh\ntg --init\n```\nAnswer each question according to your bastion server.\n\n\n### Method 2: Client with ssh bash alias\n\nReplace YOURUSER by your bastion username and YOURBASTIONHOST by your bastion hostname.\n\nAdd tg alias to your bashrc :\n\n```sh\necho 'alias tg=\"ssh -t -t YOURUSER@YOURBASTIONHOST --\"' \u003e\u003e ~/.bashrc\n```\n\nRestart your shell !\n\n### For both methods\n\nTry the bastion is working :\n\n```sh\ntg -ls\n```\n\nIf it displays beautiful lines with colors and such, you're good to go !\n\nOptional : Change the default bastion user to root (to connect as root to your servers, by default) :\n\n```sh\ntg -su root\n```\n\nUsage\n--------------\n\nMain help (quite ugly and incomplete at this time):\n\n```sh\ntg -h\n```\n\n\n### List your hosts, aliases and sessions\n\n```sh\ntg -ls\n```\n\n### Add a new host to the list\n\nReplace myserver.mydomain.com by the hostname of the server you want to add\n\nAdd host : \n```sh\ntg -a myserver.mydomain.com\n```\n\nAutomagically push bastion SSH key to your host (you must provide host password for this) :\n```sh\ntg -ak myserver.mydomain.com\n```\n\nNow you can connect to your host :\n```sh\ntg myserver.mydomain.com\n```\n\n### Add an host alias\n\nReplace myserver.mydomain.com by your hostname and myalias by the alias you want\n\n_tg myserver.mydomain.com_ is a bit long to type, let's make an alias for this one\n\nAdd your host alias : \n```sh\ntg -aa myhostalias myserver.mydomain.com\n```\n\nNow you can connect to your host this way :\n```sh\ntg myalias\n```\n\n### Add a command alias\n\nWhen you are pretty soon using a specific command on a host, _tg myalias_ and then _mycommand -foo bar_ is a bit long to type, let's make an alias for this one\n\nAdd your command alias : \n```sh\ntg -aca mycommandalias myhostalias -- mycommand -foo bar\n```\n\nNow you can connect run your command on the host this way :\n```sh\ntg mycommandalias\n```\n\n### Enable TOR proxy feature (Optional)\n\nThis is used if you want to SSH to your hosts through TOR (if you are a privacy extremist or something...).\n\nOn your bastion server, install this dependancy : \n```sh\napt-get install netcat-openbsd\n```\n\nDebian:\nOn your bastion server, install tor client by following this procedure : https://www.torproject.org/docs/debian.html.en\nOr, use this quick-win command: \n```sh\napt-get install tor\n```\n\nReplace myserver.mydomain.com by your hostname\n\nNow you can connect to your hosts through tor this way :\n```sh\ntg -tor myserver.mydomain.com\n```\n\n### Enabling two factor authentication by mail (Optional)\n\nReplace myemail@mydomain.com by your mail adress\n\nEnable two factor authentication by mail :\n```sh\ntg -se myemail@mydomain.com\n```\n\nNow, when you use tg for the first time from a new ip adress, you will need a two-factor authentication code. This code will be sent to you by mail to verify your identity. If two factor authentication with Google Authenticator is also enabled, you can enter one of the two codes.\n\n### Enabling two factor authentication with Google Authenticator (OTP) (Optional)\n\nFollow the instructions to enable two factor authentication with Google Authenticator :\n```sh\ntg -sa\n```\n\nNow, when you use tg for the first time from a new ip adress, you will need a two-factor authentication code. This code will be sent to you by mail to verify your identity. If two factor authentication by mail is also enabled, you can enter one of the two codes.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Froot-gg%2Ftg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Froot-gg%2Ftg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Froot-gg%2Ftg/lists"}