SSHproxy is a pure python implementation of an ssh proxy.
It allows users to connect to remote sites without having to remember the password or key of the remote sites.
If you have a lot of remote servers to administrate, this will relieve you from doing the boring task of opening your password database, copy-paste the IP address, copy-paste the password to connect to a remote site. You only have to know one password (to connect to the proxy) and SSHproxy will do the rest for you.
Another, more interresting, example: if you're in charge of a lot of remote sites, and your company has several administrators to do some remote administration tasks, then no user will ever need to know the password or key of the servers he administrates. When an employee quit your company, you just have to delete his entry in the proxy database, and he will never be able to connect to the remote site. This will protect your business against turn-over.
SSHproxy is a daemon sitting on one of your server in your LAN or DMZ.
The user connect to it with an ssh client, and the proxy will authenticate her and check if she's allowed to connect to the remote site.
If she's allowed, the proxy will do the connection to the remote site, using the password or key stored in its database, and will then connect the client side channels to the server side channels.
The user is then connected to the remote side, and can do shell commands and/or scp tranfers almost transparently.
SSHproxy requires:
- python >=2.3 - paramiko-1.5.2 - pycrypto (needed for paramiko) - mysql-python
See the file INSTALL at the root directory of the SSHproxy package.
For a fast installation path, just run the installdb script and answer all the questions. The database will be created for you. Then run ./sshproxy to launch the daemon.
Here is an overview of a normal ssh session:
me@myhost $ ssh -tp 2242 me@proxy remote-site root@remote-site # ... doing some administration commands ... root@remote-site # exit me@myhost $
Here is an example of an scp transfert:
me@myhost $ scp /etc/issue me@proxy:root@remote-site:/etc/issue.new me@myhost $
Here is an overview of multiple connections:
me@myhost $ ssh -tp 2242 me@proxy [proxy::ssh proxy] connect nova Last login: Sat Jan 21 17:18:20 2006 from 10.10.4.2 supernova ~ # ^X [proxy::ssh proxy] connect pundit@pundit Last login: Mon Jan 23 04:56:24 2006 from 192.168.1.7 pundit@pundit ~ $ ^X [proxy::ssh proxy] list_connections 0 root@nova 1 pundit@pundit [proxy::ssh proxy] switch 0 supernova ~ # ^D [proxy::ssh proxy] list_connections 0 pundit@pundit [proxy::ssh proxy] back pundit@pundit ~ $ ^D [proxy::ssh proxy] ^D me@myhost $
Here is an overview of the SSHproxy console commands:
me@myhost $ ssh -tp admin@proxy admin@proxy's password: [proxy::ssh proxy] help Documented commands (type help <topic>): ======================================== back connect list_connections manage_pwdb shell switch Undocumented commands: ====================== EOF help [proxy::ssh proxy] manage_pwdb [pwdb manager] help Documented commands (type help <topic>): ======================================== add_group add_site list_logins list_users add_login add_site_to_group list_profile_group select_site add_login_to_profile add_user list_profiles add_profile list_groups list_sites add_profile_to_group list_login_profile list_sites_from_group Undocumented commands: ====================== EOF exit help [pwdb manager] ^D [proxy::ssh proxy] ^D me@myhost $
See the documentation for more information about the consoles' commands.
SSHproxy is a free software licenced under the GPL v2.0. As such it's free, and you can use it as long as you want for free.
-- David Guerizec <david@guerizec.net>