2007-12-13
About sshproxy
About sshproxy
sshproxy is a pure python implementation of an ssh proxy.
It allows users to connect to remote sites without having to remember the password or key of the remote sites.
Fig 1: sshproxy possible architecture (scenario 1)
Why would I need it ?
There are two possible scenarios which could possibly interest you.
If you have other scenarios, please send them to me (david@guerizec.net) or to the list (sshproxy@penguin.fr).
Scenario 1: Team mode
If you’re in charge of a lot of remote sites, and your company has several administrators to do some remote administration tasks, then no user will ever need to know the password or key of the servers he administrates.
When an employee quits your company, you just have to delete his entry in the proxy database, and he will never be able to connect to the remote site.
Scenario 2: Forwarding mode
You want to allow some people to connect through your firewall to a range of server inside your DMZ or LAN, but you don’t want to open one port for each server.
What you can do is open the sshproxy port (default 2242), and setup the password database to proxy each external user to it’s own desktop, or create groups of users allowed to connect to your DMZ servers.
How does it work ?
sshproxy is a daemon sitting on one of your server in your LAN or DMZ.
The user connect to it with an ssh client, and the proxy will authenticate her and check if she’s allowed to connect to the remote site.
If she’s allowed, the proxy will do the connection to the remote site, using the password or key stored in its database, and will then connect the client side channels to the server side channels.
The user is then connected to the remote side, and can do shell commands and/or scp tranfers almost transparently.
What else do I need to make it work?
Basically, sshproxy needs python and paramiko, but you’ll want to have a powerfull backend and then need mysql too.
See the documentation page for exact package names and versions.
How do I install it ?
See the documentation page or the file INSTALL at the root directory of the sshproxy package.
How do I use it ?
Here is an overview of a normal ssh session:
me@myhost $ ssh -tp 2242 me@proxy remote-site root@remote-site # ... doing some administration commands ... root@remote-site # exit me@myhost $
Here is the same with the pssh shell wrapper:
me@myhost $ pssh remote-site root@remote-site # ... doing some administration commands ... root@remote-site # exit me@myhost $
You can also execute remote commands:
me@myhost $ pssh remote-site uname -a nova.wallix.com me@myhost $
Here is an example of an scp transfert:
me@myhost $ scp /etc/issue me@proxy:root@remote-site:/etc/issue.new me@myhost $
And the same with the pscp shell wrapper:
me@myhost $ pscp /etc/issue remote-site:/etc/issue.new me@myhost $
License
sshproxy is a free software licenced under the GPL v2.