{"id":50469669,"url":"https://github.com/stefanpejcic/kangaroo","last_synced_at":"2026-06-01T09:32:41.164Z","repository":{"id":260177705,"uuid":"880540057","full_name":"stefanpejcic/kangaroo","owner":"stefanpejcic","description":"🦘 Terminal-based SSH JumpServer","archived":false,"fork":false,"pushed_at":"2026-05-21T15:14:27.000Z","size":400,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-21T23:40:43.367Z","etag":null,"topics":["bastion","bastion-host","cli","jumphost","jumpserver","ssh","ssh-server"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stefanpejcic.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-29T22:48:14.000Z","updated_at":"2026-05-21T15:23:58.000Z","dependencies_parsed_at":"2025-05-22T11:05:11.200Z","dependency_job_id":null,"html_url":"https://github.com/stefanpejcic/kangaroo","commit_stats":null,"previous_names":["stefanpejcic/openjumpserver","stefanpejcic/kangaroo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/stefanpejcic/kangaroo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanpejcic%2Fkangaroo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanpejcic%2Fkangaroo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanpejcic%2Fkangaroo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanpejcic%2Fkangaroo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stefanpejcic","download_url":"https://codeload.github.com/stefanpejcic/kangaroo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stefanpejcic%2Fkangaroo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33769491,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bastion","bastion-host","cli","jumphost","jumpserver","ssh","ssh-server"],"created_at":"2026-06-01T09:32:39.629Z","updated_at":"2026-06-01T09:32:41.144Z","avatar_url":"https://github.com/stefanpejcic.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kangaroo SSH JumpServer 🦘\n\nA lightweight, open-source SSH Jumpserver for internal management.\n\n\u003cdetails\u003e\n  \u003csummary\u003e\u003cb\u003eTL;DR\u003c/b\u003e\u003c/summary\u003e\n  \u003cp\u003eRestricts shells on both the Master and the Slave nodes to ensure non-root users can only perform \"jump\" actions from Master to Slaves.\u003c/p\u003e\n\u003c/details\u003e\n\nHow it works:\n\n1. **Install on Master:** Run the installation script to restrict all non-root users to the [server/client.sh](https://github.com/stefanpejcic/kangaroo/blob/main/server/client.sh) menu interface.\n2. **Add Users:** [Create standard Linux system users](https://www.google.com/search?q=linux+create+user) on the Master node.\n3. **Link Slaves:** Use `kangaroo add-server` to register remote servers. This automatically creates a new account on the Slave and configures it to forward syslog to the master.\n\nthat's it! Users now simply SSH into the **Master**, where they are greeted by the fzf menu where they can view authorized servers and \"jump\" to them instantly.\n\n---\n\n## Install\n\nTested on Ubuntu 24.04\n\n```bash\ncd /home \u0026\u0026 \\\n  git clone https://github.com/stefanpejcic/kangaroo/ \u0026\u0026 \\\n  cd kangaroo \u0026\u0026 bash install.sh\n```\n\n\u003e Optional: create a `server/ips` file before running the installation script. Add the allowed IP addresses to this file, one per line. During installation, the script will restrict SSH access to these IPs and also apply corresponding iptables rules to limit network access accordingly.\n\n---\n\n## Usage\n\n```\n# kangaroo \nUsage: kangaroo [OPTIONS] COMMAND [ARGS]...\n\n  Kangaroo SSH JumpServer 🦘\n\nOptions:\n  --help  Show this message and exit.\n\nCommands:\n  add-server         Add a new server and assign it to users.\n  delete-server      Delete SERVER from USERNAME's SSH config file.\n  delete-server-all  Delete SERVER from all users' SSH config files.\n  login-logs         Show ssh login logs.\n  server             Show SSH config for SERVER from all users.\n  servers            List all hosts and number of users who have access.\n  user               Show SSH servers and configs for a specific USERNAME.\n  users              List all SSH Users.\n```\n\n\n### Manage Users\n\n- List all users:\n  ```bash\n  kangaroo users\n  ```\n\n- View specific user:\n  ```bash\n  kangaroo user [USERNAME]\n  ```\n\n### Manage Servers\n\n- List all unique servers:\n  ```bash\n  kangaroo servers\n  ```\n\n- View server information:\n  ```bash\n  kangaroo server [SERVER_NAME]\n  ```\n\n- Add a server:\n  ```bash\n  kangaroo add-server --name \"web-prod\" --ip \"192.168.1.10\" --user \"admin\" --users \"bob,alice\"\n  ```\n  | Argument | Example Value | Role in SSH Config | Description |\n  | --- | --- | --- | --- |\n  | **`--name`** | `web-prod` | `Host web-prod` | The shorthand alias you type to connect (e.g., `ssh web-prod`). |\n  | **`--ip`** | `192.168.1.10` | `HostName 192.168.1.10` | The actual IP address or domain of the remote server. |\n  | **`--user`** | `admin` | `User admin` | The remote username used to log in to the destination (mostly `root`). |\n  | **`--users`** | `bob,alice` | *File Path Target* | The specific system users on this machine whose SSH configs will be modified. |\n  | **`--port`** | `22` | `Port 22` | (Optional) The port the remote SSH service is listening on. |\n  | **`--description`** | `Prod Server` | `# Description` | (Optional) Adds a comment line above the config block for organization. |\n  | **`--password`** | `********` | *N/A* | (Optional) Used by the setup script for initial automation (not stored in config). |\n\n- Remove server from a specific user:\n  ```bash\n  kangaroo delete-server [USERNAME] [SERVER_NAME]\n  ```\n\n- Remove server from **ALL** users:\n  ```bash\n  kangaroo delete-server-all [SERVER_NAME]\n  ```\n\n### Logs\n\nView SSH login logs:\n\n- Default (last 10 lines): `kangaroo login-logs`\n- Search logs: `kangaroo login-logs --search IP/username/action`\n- Follow logs in real-time: `kangaroo login-logs --follow`\n- View first 20 lines: `kangaroo login-logs --head --lines 20`\n\n\n### Screen Recordings\n- List all recordings: `journalctl -t tlog-rec-session`\n- List for today only: `journalctl -t tlog-rec-session --since today`\n- List recordings for user 'stefan': `journalctl _UID=$(id -u stefan) -t tlog-rec-session`\n- View a recording ID: '814b22f52288410f9e1801d123f75aac-cc1-7c18': `tlog-play --reader=journal -M \"TLOG_REC=814b22f52288410f9e1801d123f75aac-cc1-7c18\"`\n\n----\n\n### Custom Logo\n\n1. Generate ASCII Art, for example from: https://patorjk.com/software/taag/#p=display\u0026f=Star+Wars\u0026t=Kangaroo\u0026x=none\u0026v=4\u0026h=4\u0026w=80\u0026we=false\n2. Save it in file named `logo` in **server** directory\n\n---\n\n### Restrict IP access\n\nTo enhance security, limit access to both the SSH service and the `client.sh` script so that only authorized IP addresses can connect.\n\n* **SSH**:\n  Edit `/etc/ssh/sshd_config`. Locate the line:\n  ```\n  Match Group jump-users\n  ```\n  and append the allowed IPs, example full line:\n  ```\n  Match Group jump-users Address 192.168.1.10,203.0.113.5\n  ```\n\n* **Client Script**:\n  Create a file at `server/ips` and list each permitted IP on a separate line:\n  ```\n  192.168.1.10\n  203.0.113.5\n  ```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstefanpejcic%2Fkangaroo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstefanpejcic%2Fkangaroo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstefanpejcic%2Fkangaroo/lists"}