sshproxy.ini − sshproxy configuration file
The configuration file sshproxy.ini is a simple INI file containing several sections.
This is the main section of the configuration file.
bindip
Bind sshproxy to the given IP address. Default (when empty) is to bind to all adresses (0.0.0.0).
port
Bind to port. Default is 2242.
plugin_dir
Where the plugins are located. Defaults to /usr/lib/sshproxy.
logger_conf
Point to the logger.conf file. Default is
/usr/share/sshproxy/logger.conf.
log_dir
This directory will contain debug logs from paramiko and sshproxy. Defaults to @log.
pkey_id
The id string of the sshproxyd(8) public key, used when a client connects with the option --get-pkey. Defaults to sshproxy@penguin.fr.
auto_add_key
If no, the client’s public key will not be added in the database (equivalent to the authorized_keys file for sshd). If yes, the client’s public key will always be added, no matter how many keys are already in the database. You can give a number to limit the number of keys automatically added. Defaults to no.
client_db
The type of backend to use to handle the clients database. This is the name of the chosen plugin.
acl_db
The type of backend to use to handle the ACL database. This is the name of the chosen plugin.
site_db
The type of backend to use to handle the sites database. This is the name of the chosen plugin.
plugin_list
Space separated list of plugins to load at startup. Plugins are located by default in /usr/share/sshproxy. You MUST give at least one backend plugin (*_db).
cipher_type
The cipher type to use, one of plain, base64 or blowfish (default).
This section configures the blowfish cipher engine.
secret
The secret passphrase for the blowfish cipher engine. It MUST be at least 10 characters long.
These sections configure the three databases of the file_db backend.
file (applies to client_db, acl_db)
The path to the database file. Defaults are resp. @client_db and @acl_db.
db_path (applies to site_db)
The path to the database directory. Defaults to @site_db.
These sections configure the three databases of the mysql_db backend.
host
The IP address or resolvable name of the database host. Defaults to localhost.
port
The database host port. Defaults to 3306.
db
The database name. Defaults to sshproxy.
user
The database user. Defaults to sshproxy.
password
The database user password. Defaults to sshproxypw, but you should change it.
Here is a complete configuration file which tells sshproxyd(8) to use the file_db plugin for the ACL database, and the mysql_db plugin for client and site databases:
[sshproxy]
bindip =
port = 2242
plugin_dir = /usr/lib/sshproxy
logger_conf = /usr/share/sshproxy/logger.conf
log_dir = @log
pkey_id = sshproxy@penguin.fr
auto_add_key = no
client_db = mysql_db
acl_db = file_db
site_db = mysql_db
plugin_list = file_db mysql_db
cipher_type = blowfish
[blowfish]
secret = This should be a valid passphrase
[acl_db.file]
file = @acl.db
[client_db.mysql]
db = sshproxy
host = localhost
user = sshproxy
password = sshproxypw
port = 3306
[site_db.mysql]
db = sshproxy
host = localhost
user = sshproxy
password = sshproxypw
port = 3306
~/.sshproxy/sshproxy.ini
The main configuration file. See sshproxy.ini for further details.
~/.sshproxy/id_dsa
The private hostkey file. This hostkey is automatically generated by sshproxyd(8) at startup if it doesn’t exist.
David Guerizec <david@guerizec.net>
sshproxy-setup(1), sshproxyd(8), pssh(1), pscp(1),
The sshproxy home page: <http://penguin.fr/sshproxy/>
The sshproxy online documentation:
<http://penguin.fr/sshproxy/wiki/SshProxy/DocV0.5>