About SSHproxy

SSHproxy.png

About SSHproxy

SSHproxy is a pure python implementation of an ssh proxy.

It allows users to connect to remote sites without having to remember the password or key of the remote sites.

Why would I need it ?

If you have a lot of remote servers to administrate, this will relieve you from doing the boring task of opening your password database, copy-paste the IP address, copy-paste the password to connect to a remote site. You only have to know one password (to connect to the proxy) and SSHproxy will do the rest for you.

Another, more interresting, example: if you're in charge of a lot of remote sites, and your company has several administrators to do some remote administration tasks, then no user will ever need to know the password or key of the servers he administrates. When an employee quit your company, you just have to delete his entry in the proxy database, and he will never be able to connect to the remote site. This will protect your business against turn-over.

How does it work ?

SSHproxy is a daemon sitting on one of your server in your LAN or DMZ.

The user connect to it with an ssh client, and the proxy will authenticate her and check if she's allowed to connect to the remote site.

If she's allowed, the proxy will do the connection to the remote site, using the password or key stored in its database, and will then connect the client side channels to the server side channels.

The user is then connected to the remote side, and can do shell commands and/or scp tranfers almost transparently.

What else do I need to make it work?

SSHproxy requires:

- python >=2.3
- paramiko-1.5.2
- pycrypto (needed for paramiko)
- mysql-python

See documentation.html

How do I install it ?

See the file INSTALL at the root directory of the SSHproxy package.

For a fast installation path, just run the installdb script and answer all the questions. The database will be created for you. Then run ./sshproxy to launch the daemon.

How do I use it ?

Here is an overview of a normal ssh session:

me@myhost $ ssh -tp 2242 me@proxy remote-site
root@remote-site #
... doing some administration commands ...
root@remote-site # exit
me@myhost $

Here is an example of an scp transfert:

me@myhost $ scp /etc/issue me@proxy:root@remote-site:/etc/issue.new
me@myhost $

Here is an overview of multiple connections:

me@myhost $ ssh -tp 2242 me@proxy
[proxy::ssh proxy] connect nova
Last login: Sat Jan 21 17:18:20 2006 from 10.10.4.2
supernova ~ # ^X
[proxy::ssh proxy] connect pundit@pundit
Last login: Mon Jan 23 04:56:24 2006 from 192.168.1.7
pundit@pundit ~ $ ^X
[proxy::ssh proxy] list_connections
0 root@nova
1 pundit@pundit
[proxy::ssh proxy] switch 0
supernova ~ # ^D
[proxy::ssh proxy] list_connections
0 pundit@pundit
[proxy::ssh proxy] back
pundit@pundit ~ $ ^D
[proxy::ssh proxy] ^D
me@myhost $

Here is an overview of the SSHproxy console commands:

me@myhost $ ssh -tp admin@proxy
admin@proxy's password: 
[proxy::ssh proxy] help

Documented commands (type help <topic>):
========================================
back  connect  list_connections  manage_pwdb  shell  switch

Undocumented commands:
======================
EOF  help

[proxy::ssh proxy] manage_pwdb
[pwdb manager] help

Documented commands (type help <topic>):
========================================
add_group             add_site            list_logins            list_users
add_login             add_site_to_group   list_profile_group     select_site
add_login_to_profile  add_user            list_profiles
add_profile           list_groups         list_sites
add_profile_to_group  list_login_profile  list_sites_from_group

Undocumented commands:
======================
EOF  exit  help

[pwdb manager] ^D
[proxy::ssh proxy] ^D
me@myhost $

See the documentation for more information about the consoles' commands.

How much does it cost ?

SSHproxy is a free software licenced under the GPL v2.0. As such it's free, and you can use it as long as you want for free.

-- 
David Guerizec <david@guerizec.net>