sshproxy project

New features

• telnetclient plugin

  This plugin establishes a telnet connection between the proxy and the remote side. Connection between the client and the proxy is still ssh. This is mostly useful for network equipments which doesn’t implements the ssh protocol.

  Enable it by setting the kind tag to telnet in the site record.

• alternate_login plugin

  This plugin has been made to allow for SecureCRT ssh clients to use sshproxy. You can now use the following syntax to log in:

  ssh -tp 2242 user?login=site@sshproxy
  

  but the legacy syntax still remains valid:

  ssh -tp 2242 user@sshproxy login@site
  

• remote_logging plugin

  This plugin opens a hidden channel to run a logger command on the remote host. This allows for easier auditing on hosts, without having to compare the log files of the host and the proxy.

• console set_client_password and set_site_password commands

  These two new commands hide the passwords when you’re updating them. They act like the UNIX passwd command.

• reload_acl_rules command

  This is to avoid having to restart the proxy each time you change an ACL.

• Daemon restart

  With the new architecture, it is now possible to restart the sshproxyd daemon without closing all connections. This acts exactly like sshd.

Changes

• Global architecture change

  This architecture change was needed for improved stability, resource consumption and scalability of the daemon.

• ini_db plugin replaces the file_db plugin

  Old file_db plugins should remain compatible though. This rename was mostly done to be more explicit about the file format.

Note

Local port forwarding hasn’t yet made it into paramiko, but hopefuly will before the next release. If you want to test this feature, you need to patch paramiko, so please bug me and I’ll send you the patch.