SSH proxy server.
Project description
ssh-bastion
SSH proxy server.
Transport ssh connection to other servers.
Based on paramiko👍.
Why
System managers may want to limit access routes to their servers, so this tool can act as a bastion or proxy or whatever-you-call server.
And also if you want the activities of what users did on these servers, the logging function could help.
What can do
- Just works as a normal ssh server.
- Connect to other ssh servers through this tool.
What can not do
- GSSAPI(Kerberos) authentication: Nah...
- Port, X11 or any other forwarding: Not the purpose of this project.
Requirements
- Python: 3.6+
- paramiko
- python-pam
- six (Needed by python-pam😟)
- OS: Linux
- PAM module
- Shell
- OpenSSH-client (for scp)
- OpenSSH-server (for sftp)
Installation
pip install ssh-bastion
Usage
To start the server:
ssh-bastion -s
For more information:
ssh-bastion -h
Login
- As a normal ssh server, you know how to use it.
- As a proxy server:
- Use username like this:
<username of proxy>#<username of target>@<hostname or IP of target>[:<port of target>]
-
You need to use "%" to escape "#", "@", "%" in both usernames.
For example:
A%@very%#strange%%username#%#another%%strange%username@192.168.1.100:2222
This will connect to
192.168.1.100:2222
with user#another%strangeusername
via userA@very#strange%username
on proxy server.
-
- Use password like this:
<password of proxy>#<password of target>
- Same as username, you need to use "%" to escape "#" in both passwords.
- When use private key authentication, put the key in ~/.ssh, and name it like this:
<username of target>@<hostname or IP of target>[:<port of target>]
- Use "%" to escape "@" in username.
- Use username like this:
Still working on😴
- Make command line tool.
Start the server.Set/unset systemd unit file. (Including reload)- Generate default config file.
- Show parsed configuration.
PyPI packaglize.- Private key authentication.
- Logging.
- System log
- DEBUG
- INFO
- WARNING
- ERROR
- CRITICAL
- OFF
- Access log
- DUMP (file)
- INFO
- OFF
- File (transfer) log
- DUMP (file)
- INFO
- OFF
- System log
- Configuration file. (Including accesss control)
Vulnerabilities😴
Not yet, will check after all features are done.
Disclaimer
Use at your own risk.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ssh_bastion-0.1.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 63dc8a8892cd5ca9354432fd9c95f71410bd57afb4ea4e527a4eb430d59f95d5 |
|
MD5 | 0ec5e38a008597fbf26b0772778ee128 |
|
BLAKE2b-256 | 411cda1debf3cbc61bca4e97e786a49dcba54a9986043989a3038d8d6575e203 |