tauop / sshgate Goto Github PK
View Code? Open in Web Editor NEWTools to configure and use a ssh proxy server
License: GNU General Public License v2.0
Tools to configure and use a ssh proxy server
License: GNU General Public License v2.0
My language list his empty... What can I do?
Hello,
It would be usefull to be able to add a target and specify directly the proxy server when the target is not reachable from outside. Like :
target add target.name.exemple.com with SSH_PROXY proxy.name.exemple.com
Thx
Is it possible, for a manager, to receive by mail a summary of users / targers / ACL (like command: user TOTO access notify) ?
1 - It would be nice to have :
usergroup access info
2 - Mising help command :
usergroup list targets is missing in "help usergroup"
We use this to do bash completion on sshgate command, maybe can be usefull:
We define 2 alias in .bash_aliases:
alias sshgate="ssh -Xt sshgate@YOUR_SERVER"
alias update_sshgate="ssh sshgate@YOUR_SERVER cmd list targets > ~/.sshgate_list_targets.txt"
And in your .bashrc:
_sshgate_hosts()
{
local args cur opts
COMPREPLY=()argc : parameters number
argc=${COMP_CWORD}
cur : current word
cur="${COMP_WORDS[argc]}"
targets list
opts=""
if [ ! -e ~/.sshgate_list_targets.txt ]
then
/usr/bin/ssh sshgate@YOUR_SERVER cmd list targets > ~/.sshgate_list_targets.txt
fifor i in $(cat ~/.sshgate_list_targets.txt)
do
opts="$opts $i"
donewe search $cur in targets list
COMPREPLY=( $(compgen -W "$opts" -- $cur ) )
}
complete -F _sshgate_hosts sshgate
An example:
cat ~/.sshgate_list_targets.txt
root@server1
root@server2
root@server3sshg[TAB]
sshgate [TAB]
sshgate root@server[TAB][TAB]
root@server1
root@server2
root@server3
For an user, it could be usefull to list all targets allowed.
For example:
ssh sshgate@my_ssh_gate list targets
root@server1
root@server2
toto@server3
session log file name must use timestamp instead of date in %Y%m%d%M%i%s
Because of datetime modification in France for example.
Hello Patrick !
It's possible to add check packages is installed (sudo / vim) :
Example :
Configure sudo with NOPASSWD to launch remote admin CLI [Y] ?
and :
You need to add the first user of sshGate, which will be sshGate administrator.
This user will allow you to manage other users, targets and accesses.
user login ? jgoffaux
user mail ? [email protected]
/opt/sshgate/bin/core/user.func: line 399: vim : commande introuvable
Thanks
Hello,
I think that it's more easy to use the command user del conf CONF_NAME rather than user set conf .
The target help doesn't show how to remove target conf. In the same way it should be target TARGET_NAME del conf CONF_NAME
Thx
Hello,
It would be very nice to have an automatic mechanism which generate up to date help.
Thx
On a target, we can't use ncurse program like 'aptitude' on a Debian system.
aptitude
Error opening terminal: unknown.
sshGate version: 0.3 beta
It's kind of freaking me out to see that "SSHGATE_MAIL_TO='[email protected]'" is set in /etc/sshgate.conf after installation and in "sshgate/bin/core/setup.func:","sshgate/bin/tests/sshgate.test.conf" and "sshgate/data/sshgate.conf". Even if I didn't activate mail, seeing some of sensible data go by default to unkown mail address let me think that a little code error can become dramatical (ie: if a mail go out even if I have deactivate mail alert).
I think sshgate is not reliable while you keep this kind of data in final installation. Please replace by dummy mails ([email protected]).
Hi,
I manage to use scp with sshgate (scp localfile sshgate@sshgateserver:sshinnerlogin@innerserver//path/
) and I already used sftp with wallix, but I couldn't find a way to use sftp with sshgate.
If it's possible, could you please provide an example and update the doc ?
If not, could you implement this feature ?
I have a target with ssh port 1522
then when a try to connect to target it fails because port 22 is not available.
I had set SSH_PORT
and SCP_PORT
to port 1522
and it fails.
sshGate > target cancer display conf
SSH_PORT="1522"
SCP_PORT="1522"
sshGate > target cancer ssh list logins
oracle
root
sshGate > target cancer ssh test
- root@cancer ... KO
ssh: connect to host cancer port 22: Connection refused
Bonjour,
Il y a une faute d'orthographe répétée dans 4 fichiers :
Tauop-sshGate-dfaf078\server\bin\core\setup.func
Line 268: MESSAGE "List of avariable languages: ${languages}"
Tauop-sshGate-dfaf078\server\bin\core\sshgate.core
Line 101: # - otherwise the first login avariable for the host
Tauop-sshGate-dfaf078\server\bin\core\target-ssh.func
Line 296: # desc: List all avariable ssh logins of target
Tauop-sshGate-dfaf078\server\bin\sshgate-cli
Line 179: MSG "Use 'help' command to list all avariable commands"
Remplacer avariable par available, corriger également le wiki d'installation.
Bonne continuation.
When I use "user add", two identical lines are added to /home/sshgate/.ssh/authorized_keys2 for the user.
If I rebuild authorized_keys2 with "user build auth_keys", each line appear also twice.
Hello Taoup,
It's possible to add function "targetgroup" in the project ?
It would be interesting to add servers in a group of machine.
This will help to save time in the management of ACL.
Thanks.
Today I download code install it but stock in following line for ever. Compile was success and generated tar.gz file
my server is ubuntu 16.04 32 bit LTS. The generated tar file is sshGate-server-0.3-beta.tar.gz. Please help !
Hello,
It seem's that the copy of sshgate's public key on a FreeBSD (7) target doesn't work.
Maybe because ~/.ssh doesn't exist but only /etc/ssh/authorized_keys ?
Thx,
Is this specifically forbidden by SSHGate, or something we should configure ?
Hello,
It would be nice to create an ACL to allow some users to add a target.
Maybe it would be interesting to design a whole ACL system for adding / deleting target, user, usergroup; granting access, etc ...
Thx in advance.
Hello,
It would be nice to be able to grant access to a user / usergroup for a defined period or until a specified date.
Thx
Hello,
It should be nice to have usergroup access notify.
Thx
When I try to open sshgate-cli first time after install, the script returns:
/opt/sshgate/bin/sshgate-cli: línea 73: CLI_REGISTER_HELP: no se encontró la orden
and
ERROR: Code cache file missing. Seems CLI_REGISTER_COMMAND() was never called to add CLI commands
output:
[root@cancer sshgate]# /opt/sshgate/bin/sshgate-cli -u fernando.perez
/opt/sshgate/bin/sshgate-cli: línea 73: CLI_REGISTER_HELP: no se encontró la orden
sshGate administration Interface
By Patrick Guiran <[email protected]>
Use 'help' command to list all available commands
ERROR: Code cache file missing. Seems CLI_REGISTER_COMMAND() was never called to add CLI commands
NOTICE: No modification noticed. Prepared e-mail will not be sent.
NOTICE: No modification noticed. Repport e-mail will not be sent
Maybe add som global variable to don't parse and check several times the same arguments
For example, for TARGET_* related functions, we always parse and check and related argument. Sometimes we have 2 arguments, and sometime one in the @ format.
Factorize this treatment will make performance better.
Hi,
Actually, $EDITOR is set on common systems and provide a user editor choice. Including a specific editor preference for sshgate seems to void this $EDITOR feature.
Erwan
Hello,
During setup, if you select 'N' to configure sudo
The treatment will still try to configure it.
[..] Do users have to accept TOS when connecting for the first time [Y] ? Allow remote command [Y] ? Allow remote administration CLI [Y] nfigure sudo with NOPASSWD to launch remote admin CLI [Y] ? N - Reload configuration ... OK - Installing sshGate ... OK - Generate default sshkey pair ... OK - Setup files permissions ... OK - Install archive cron ... OK - configure /etc/sudoers ... ./install.sh: line 203: /etc/sudoers: Aucun fichier ou dossier de ce type mv: impossible d'évaluer « /tmp/sudoers.26708 »: Aucun fichier ou dossier de ce type OK
Thanks
Good morning,
Is there a way to perform an autologin?
For example, the SSHGate user "example" connect to SSHGate host. Then, SSHGate detect that the user is "example". So, it avoid to ask a target, it will connect directly the user into a default target.
Hello,
It would be very nice to improve scpg command to allow file copy between two servers.
Any idea ?
Thx
Hello Tauop,
We found a bug that gives us access to the server sshGate
test3@vm:$ ssh sshgate@SERVER_BASTION IP_TARGET '; hostname'$
bastion
bash: -c: line 0: Erreur de syntaxe pr�s du symbole inattendu � ; �
bash: -c: line 0: `; hostname'
test3@vm:
We will look to try to find a solution.
Thanks,
Hello,
I got an error when I try notify the access for a user :
sshGate > user xxx access info
xxx ---> [email protected]
sshGate > user xxx access notify
ERROR: Target host '' doesn't exist
Thx !
When I connect to a server through the sshGate server i configured, here are the errors showing :
/opt/sshgate/bin/core/record.func: line 135: MUTEX_GET: command not found
/opt/sshgate/bin/core/record.func: line 137: MUTEX_RELEASE: command not found
/opt/sshgate/bin/core/record.func: line 79: chwon: command not found
/opt/sshgate/bin/core/record.func: line 142: MUTEX_GET: command not found
/opt/sshgate/bin/core/record.func: line 144: MUTEX_RELEASE: command not found
/opt/sshgate/bin/core/record.func: line 96: MUTEX_GET: command not found
/opt/sshgate/bin/core/record.func: line 98: MUTEX_RELEASE: command not found
I changed the mistyped "chwon" to "chown" but how do I get rid of the other errors ?
Thanks.
Hi all,
I've juste download, build a sshgate version 0.3 beta package, and install it. And I've broke into some few issues even before start using it. Below are questions I will pleased to be answered.
When I try to test my sshgate-server installation, I get a fail at the "target test" stage. Here is my test output :
[root@sshgate tests]# ./test.sh all
- Loading sshGate core ... OK
- Setup sshGate data directory ... OK
- Generate temporary test file ... OK
- Generate temporary sshkey test file ... OK
- Create and setup temporary Unix account ... OK
- Reset temporary test file ... OK
- Reset sshGate data directories ... OK
- Generate usergroup tests ... OK
- Launch usergroup tests ... OK
- Reset temporary test file ... OK
- Reset sshGate data directories ... OK
- Generate user tests ... OK
- Launch user tests ... OK
- Reset temporary test file ... OK
- Reset sshGate data directories ... OK
- Generate access tests ... OK
- Launch access tests ... OK
- Reset temporary test file ... OK
- Reset sshGate data directories ... OK
- Generate target tests ... OK
- Launch target tests ... Test Failed
==========================================================
--- /tmp/test_sshgate_expected.2531008 2015-05-01 18:28:20.130000001 +0200
+++ /tmp/test_sshgate_output.1675774694 2015-05-01 18:28:25.525000001 +0200
@@ -43,7 +43,7 @@
sshGate > target ssh test all
= Test all targets ssh connectivity =
- [email protected] ... KO
- Permission denied (publickey,password).
+ Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
- [email protected] ... OK
- [email protected] ... KO
ssh: Could not resolve hostname sshgate.newshub.loc2: Name or service not known
@@ -137,4 +137,5 @@
. [email protected] ... OK
sshGate > target add 192.168.1.100 with proxy sshgate.newshub.loc
Use the sshGate default sshkey for this target host [Y] ? Y
+NOTICE: Public ssh key of '192.168.1.100' can't be installed on '[email protected]'. Install it manually
sshGate > exit
==========================================================
- Remove tests data ... OK
I understand why I get this error while, I can ssh connect to my localhost (ssh [email protected]) without issue :
[root@sshgate tests]# ssh [email protected]
The authenticity of host 'sshgate.newshub.loc (192.168.1.100)' can't be established.
RSA key fingerprint is 75:a7:6e:74:3d:82:b2:d6:c1:10:e0:ce:71:37:35:91.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sshgate.newshub.loc,192.168.1.100' (RSA) to the list of known hosts.
[email protected]'s password:
Last login: Fri May 1 16:11:41 2015 from 192.168.1.13
Please can someone explain me what's going on here?
Also while installing the server, At the end stage they ask you to give the first and admin user name, I provided root. What is the purpose of this user in the system? Because befor this stage you're asked to give unix sshgate users account :
Which unix account to use for sshGate users [sshgate] ?
Then what's the difference between this user account and the admin user account?
How to modify the sshgate admin user provided during the installion? In my case I did this :
mv .opt/sshgate/users/root opt/sshgate/users/sshgate
mv .opt/sshgate/users/root.properties opt/sshgate/users/sshgate.properties
I would also like to konw what the sshg command/tool is part of, cause I can't find it out on my system.
I also try to run sshgate-configure command to see how it behaves, and got this :
[root@sshgate tests]# /opt/sshgate/bin/sshgate-configure
ERROR: Unable to load ./bin/core/setup.func
So please can someone advise about my questions above, and tell me how to be sure sshgate-server is set and ready?
It will also be great to have a little sshgate commands documentation (how to add users, target, manage access list....) in the wiki.
Many thanks.
Kind Regards.
1 - The command user add should demand email address as a mandatory parameter.
2 - Optionnaly it should be great to parse user.pub to find user's email address.
Hello,
root@bastion:/opt/sshgate# cat logs/current_session.log 10720:test2:oneserver.xxxx.fr 21366:test3:A.B.C.D root@bastion:/opt/sshgate# kill -9 10720 -bash: kill: (10720) - Aucun processus de ce type root@bastion:/opt/sshgate#
the file logs/current_session.log is not refresh if PID is kill.
Thansk
Hello,
Can you checker the path to the file : bin/sshgate-bridge :
# check usage condition if [ "${SSHGATE_USERS_MUST_ACCEPT_TOS}" = 'Y' -a -f "${SSHGATE_TOS_FILE}" ]; then has_accept_cgu=$( USER_GET_CONF "${SSHKEY_USER}" HAS_ACCEPT_TOS ) if [ "${has_accept_cgu}" != 'true' ]; then lang=$( USER_GET_CONF "${SSHKEY_USER}" LANGUAGE ) [ -n "${lang}" ] && lang="${SSHGATE_DEFAULT_LANGUAGE}" - cat "${SSHGATE_DIR_TEMPLATES}/${lang}/${SSHGATE_TOS_FILE}" + cat "${SSHGATE_TOS_FILE}" echo ASK --yesno var "-> 'yes' / 'no' ?" [ "${var}" = 'N' ] && exit 1; USER_SET_CONF "${SSHKEY_USER}" HAS_ACCEPT_TOS 'true' fi fi
After installation, and answer to questions :
SSHGATE_USERS_MUST_ACCEPT_TOS="Y"
For the first authentication is not validated the TOS,
To fix I had to add in the / etc / sshgate.conf the variable:
SSHGATE_TOS_FILE = "/opt/sshgate/data/templates/fr/TOS.txt"
Jimmy
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.