My language list his empty... What can I do?

Hello,
It would be usefull to be able to add a target and specify directly the proxy server when the target is not reachable from outside. Like :
target add target.name.exemple.com with SSH_PROXY proxy.name.exemple.com

Thx

Is it possible, for a manager, to receive by mail a summary of users / targers / ACL (like command: user TOTO access notify) ?

1 - It would be nice to have :
usergroup access info

2 - Mising help command :
usergroup list targets is missing in "help usergroup"

We use this to do bash completion on sshgate command, maybe can be usefull:

We define 2 alias in .bash_aliases:

alias sshgate="ssh -Xt sshgate@YOUR_SERVER"
alias update_sshgate="ssh sshgate@YOUR_SERVER cmd list targets > ~/.sshgate_list_targets.txt"

And in your .bashrc:

_sshgate_hosts()
{
local args cur opts
COMPREPLY=()

argc : parameters number

argc=${COMP_CWORD}

cur : current word

cur="${COMP_WORDS[argc]}"

targets list

opts=""

if [ ! -e ~/.sshgate_list_targets.txt ]
then
/usr/bin/ssh sshgate@YOUR_SERVER cmd list targets > ~/.sshgate_list_targets.txt
fi

for i in $(cat ~/.sshgate_list_targets.txt)
do
opts="$opts $i"
done

we search $cur in targets list

COMPREPLY=( $(compgen -W "$opts" -- $cur ) )
}
complete -F _sshgate_hosts sshgate

An example:

cat ~/.sshgate_list_targets.txt
root@server1
root@server2
root@server3

sshg[TAB]
sshgate [TAB]
sshgate root@server[TAB][TAB]
root@server1
root@server2
root@server3

For an user, it could be usefull to list all targets allowed.

For example:

ssh sshgate@my_ssh_gate list targets
root@server1
root@server2
toto@server3

session log file name must use timestamp instead of date in %Y%m%d%M%i%s

Because of datetime modification in France for example.

Hello Patrick !

It's possible to add check packages is installed (sudo / vim) :

Example :

Configure sudo with NOPASSWD to launch remote admin CLI [Y] ?

• Reload configuration ... OK
• Installing sshGate ... OK
• Generate default sshkey pair ... OK
• Setup files permissions ... OK
• Install archive cron ... OK
• configure /etc/sudoers ... ./install.sh: line 204: /etc/sudoers: Aucun fichier ou dossier de ce type
  mv: impossible d'évaluer « /tmp/sudoers.4521 »: Aucun fichier ou dossier de ce type

and :

You need to add the first user of sshGate, which will be sshGate administrator.
This user will allow you to manage other users, targets and accesses.
user login ? jgoffaux
user mail ? [email protected]
/opt/sshgate/bin/core/user.func: line 399: vim : commande introuvable

Thanks

Hello,
I think that it's more easy to use the command user del conf CONF_NAME rather than user set conf .

The target help doesn't show how to remove target conf. In the same way it should be target TARGET_NAME del conf CONF_NAME

Thx

Hello,
It would be very nice to have an automatic mechanism which generate up to date help.

Thx

On a target, we can't use ncurse program like 'aptitude' on a Debian system.

aptitude
Error opening terminal: unknown.

sshGate version: 0.3 beta

It's kind of freaking me out to see that "SSHGATE_MAIL_TO='[email protected]'" is set in /etc/sshgate.conf after installation and in "sshgate/bin/core/setup.func:","sshgate/bin/tests/sshgate.test.conf" and "sshgate/data/sshgate.conf". Even if I didn't activate mail, seeing some of sensible data go by default to unkown mail address let me think that a little code error can become dramatical (ie: if a mail go out even if I have deactivate mail alert).

I think sshgate is not reliable while you keep this kind of data in final installation. Please replace by dummy mails ([email protected]).

Hi,

I manage to use scp with sshgate (scp localfile sshgate@sshgateserver:sshinnerlogin@innerserver//path/) and I already used sftp with wallix, but I couldn't find a way to use sftp with sshgate.

If it's possible, could you please provide an example and update the doc ?
If not, could you implement this feature ?

I have a target with ssh port 1522then when a try to connect to target it fails because port 22 is not available.

I had set SSH_PORT and SCP_PORT to port 1522 and it fails.

sshGate >  target cancer display conf
SSH_PORT="1522"
SCP_PORT="1522"
sshGate >  target cancer ssh list logins
oracle
root
sshGate >  target cancer ssh test
-  root@cancer  ... KO
     ssh: connect to host cancer port 22: Connection refused

Bonjour,

Il y a une faute d'orthographe répétée dans 4 fichiers :

Tauop-sshGate-dfaf078\server\bin\core\setup.func
Line 268: MESSAGE "List of avariable languages: ${languages}"

Tauop-sshGate-dfaf078\server\bin\core\sshgate.core
Line 101: # - otherwise the first login avariable for the host

Tauop-sshGate-dfaf078\server\bin\core\target-ssh.func
Line 296: # desc: List all avariable ssh logins of target

Tauop-sshGate-dfaf078\server\bin\sshgate-cli
Line 179: MSG "Use 'help' command to list all avariable commands"

Remplacer avariable par available, corriger également le wiki d'installation.
Bonne continuation.

When I use "user add", two identical lines are added to /home/sshgate/.ssh/authorized_keys2 for the user.

If I rebuild authorized_keys2 with "user build auth_keys", each line appear also twice.

Hello Taoup,

It's possible to add function "targetgroup" in the project ?

It would be interesting to add servers in a group of machine.
This will help to save time in the management of ACL.

Thanks.

Today I download code install it but stock in following line for ever. Compile was success and generated tar.gz file

• Reload configuration ... OK
• Installing sshGate ... OK
• Setup files permissions ... <===

my server is ubuntu 16.04 32 bit LTS. The generated tar file is sshGate-server-0.3-beta.tar.gz. Please help !

Hello,
It seem's that the copy of sshgate's public key on a FreeBSD (7) target doesn't work.
Maybe because ~/.ssh doesn't exist but only /etc/ssh/authorized_keys ?

Thx,

Is this specifically forbidden by SSHGate, or something we should configure ?

Hello,
It would be nice to create an ACL to allow some users to add a target.
Maybe it would be interesting to design a whole ACL system for adding / deleting target, user, usergroup; granting access, etc ...

Thx in advance.

Hello,
It would be nice to be able to grant access to a user / usergroup for a defined period or until a specified date.

Thx

Hello,
It should be nice to have usergroup access notify.

Thx

When I try to open sshgate-cli first time after install, the script returns:

/opt/sshgate/bin/sshgate-cli: línea 73: CLI_REGISTER_HELP: no se encontró la orden
and
ERROR: Code cache file missing. Seems CLI_REGISTER_COMMAND() was never called to add CLI commands

output:

[root@cancer sshgate]# /opt/sshgate/bin/sshgate-cli -u fernando.perez
/opt/sshgate/bin/sshgate-cli: línea 73: CLI_REGISTER_HELP: no se encontró la orden
sshGate administration Interface
By Patrick Guiran <[email protected]>

Use 'help' command to list all available commands

ERROR: Code cache file missing. Seems CLI_REGISTER_COMMAND() was never called to add CLI commands
NOTICE: No modification noticed. Prepared e-mail will not be sent.
NOTICE: No modification noticed. Repport e-mail will not be sent

Maybe add som global variable to don't parse and check several times the same arguments
For example, for TARGET_* related functions, we always parse and check and related argument. Sometimes we have 2 arguments, and sometime one in the @ format.
Factorize this treatment will make performance better.

Hi,
Actually, $EDITOR is set on common systems and provide a user editor choice. Including a specific editor preference for sshgate seems to void this $EDITOR feature.

Regards,

Erwan

Hello,

During setup, if you select 'N' to configure sudo
The treatment will still try to configure it.

[..]
Do users have to accept TOS when connecting for the first time [Y] ?   
Allow remote command [Y] ?   
Allow remote administration CLI [Y] nfigure sudo with NOPASSWD to launch remote admin CLI [Y] ?  N


- Reload configuration ... OK
- Installing sshGate ... OK
- Generate default sshkey pair ... OK
- Setup files permissions ... OK
- Install archive cron ... OK
- configure /etc/sudoers ... ./install.sh: line 203: /etc/sudoers: Aucun fichier ou dossier de ce type
mv: impossible d'évaluer « /tmp/sudoers.26708 »: Aucun fichier ou dossier de ce type
OK

Thanks

Good morning,

Is there a way to perform an autologin?

For example, the SSHGate user "example" connect to SSHGate host. Then, SSHGate detect that the user is "example". So, it avoid to ask a target, it will connect directly the user into a default target.

Hello,

It would be very nice to improve scpg command to allow file copy between two servers.

Any idea ?
Thx

Hello Tauop,

We found a bug that gives us access to the server sshGate

test3@vm:$ ssh sshgate@SERVER_BASTION IP_TARGET '; hostname'
bastion
bash: -c: line 0: Erreur de syntaxe pr�s du symbole inattendu � ; �
bash: -c: line 0: `; hostname'
test3@vm:$

We will look to try to find a solution.

Thanks,

Hello,
I got an error when I try notify the access for a user :
sshGate > user xxx access info
xxx ---> [email protected]
sshGate > user xxx access notify
ERROR: Target host '' doesn't exist

Thx !

When I connect to a server through the sshGate server i configured, here are the errors showing :

/opt/sshgate/bin/core/record.func: line 135: MUTEX_GET: command not found
/opt/sshgate/bin/core/record.func: line 137: MUTEX_RELEASE: command not found
/opt/sshgate/bin/core/record.func: line 79: chwon: command not found
/opt/sshgate/bin/core/record.func: line 142: MUTEX_GET: command not found
/opt/sshgate/bin/core/record.func: line 144: MUTEX_RELEASE: command not found
/opt/sshgate/bin/core/record.func: line 96: MUTEX_GET: command not found
/opt/sshgate/bin/core/record.func: line 98: MUTEX_RELEASE: command not found

I changed the mistyped "chwon" to "chown" but how do I get rid of the other errors ?

Thanks.

Hi all,

I've juste download, build a sshgate version 0.3 beta package, and install it. And I've broke into some few issues even before start using it. Below are questions I will pleased to be answered.

When I try to test my sshgate-server installation, I get a fail at the "target test" stage. Here is my test output :

    [root@sshgate tests]# ./test.sh all
    - Loading sshGate core ... OK
    - Setup sshGate data directory ... OK
    - Generate temporary test file ... OK
    - Generate temporary sshkey test file ... OK
    - Create and setup temporary Unix account ... OK
    - Reset temporary test file ... OK
    - Reset sshGate data directories ... OK
    - Generate usergroup tests ... OK
    - Launch usergroup tests ... OK
    - Reset temporary test file ... OK
    - Reset sshGate data directories ... OK
    - Generate user tests ... OK
    - Launch user tests ... OK
    - Reset temporary test file ... OK
    - Reset sshGate data directories ... OK
    - Generate access tests ... OK
    - Launch access tests ... OK
    - Reset temporary test file ... OK
    - Reset sshGate data directories ... OK
    - Generate target tests ... OK
    - Launch target tests ... Test Failed
    ==========================================================
    --- /tmp/test_sshgate_expected.2531008  2015-05-01 18:28:20.130000001 +0200
    +++ /tmp/test_sshgate_output.1675774694 2015-05-01 18:28:25.525000001 +0200
    @@ -43,7 +43,7 @@
     sshGate >  target ssh test all
     = Test all targets ssh connectivity =
     -  [email protected]  ... KO
    -     Permission denied (publickey,password).
    +     Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
     -  [email protected]  ... OK
     -  [email protected]  ... KO
          ssh: Could not resolve hostname sshgate.newshub.loc2: Name or service not known
    @@ -137,4 +137,5 @@
     .  [email protected]  ... OK
     sshGate >  target add 192.168.1.100 with proxy sshgate.newshub.loc
     Use the sshGate default sshkey for this target host [Y] ?   Y
    +NOTICE: Public ssh key of '192.168.1.100' can't be installed on '[email protected]'. Install it manually
     sshGate >  exit
    ==========================================================
    - Remove tests data ... OK

I understand why I get this error while, I can ssh connect to my localhost (ssh [email protected]) without issue :

    [root@sshgate tests]# ssh [email protected]
    The authenticity of host 'sshgate.newshub.loc (192.168.1.100)' can't be established.
    RSA key fingerprint is 75:a7:6e:74:3d:82:b2:d6:c1:10:e0:ce:71:37:35:91.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added 'sshgate.newshub.loc,192.168.1.100' (RSA) to the list of known hosts.
    [email protected]'s password:
    Last login: Fri May  1 16:11:41 2015 from 192.168.1.13

Please can someone explain me what's going on here?

Also while installing the server, At the end stage they ask you to give the first and admin user name, I provided root. What is the purpose of this user in the system? Because befor this stage you're asked to give unix sshgate users account :

    Which unix account to use for sshGate users [sshgate] ?

Then what's the difference between this user account and the admin user account?
How to modify the sshgate admin user provided during the installion? In my case I did this :

    mv .opt/sshgate/users/root opt/sshgate/users/sshgate
    mv .opt/sshgate/users/root.properties opt/sshgate/users/sshgate.properties

I would also like to konw what the sshg command/tool is part of, cause I can't find it out on my system.

I also try to run sshgate-configure command to see how it behaves, and got this :

    [root@sshgate tests]# /opt/sshgate/bin/sshgate-configure
    ERROR: Unable to load ./bin/core/setup.func

So please can someone advise about my questions above, and tell me how to be sure sshgate-server is set and ready?

It will also be great to have a little sshgate commands documentation (how to add users, target, manage access list....) in the wiki.

Many thanks.

Kind Regards.

1 - The command user add should demand email address as a mandatory parameter.

2 - Optionnaly it should be great to parse user.pub to find user's email address.

Hello,

root@bastion:/opt/sshgate# cat logs/current_session.log 
10720:test2:oneserver.xxxx.fr
21366:test3:A.B.C.D
root@bastion:/opt/sshgate# kill -9 10720
-bash: kill: (10720) - Aucun processus de ce type
root@bastion:/opt/sshgate#

the file logs/current_session.log is not refresh if PID is kill.

Thansk

Hello,

Can you checker the path to the file : bin/sshgate-bridge :

# check usage condition
if [ "${SSHGATE_USERS_MUST_ACCEPT_TOS}" = 'Y' -a -f "${SSHGATE_TOS_FILE}" ]; then
  has_accept_cgu=$( USER_GET_CONF "${SSHKEY_USER}" HAS_ACCEPT_TOS )
  if [ "${has_accept_cgu}" != 'true' ]; then
    lang=$( USER_GET_CONF "${SSHKEY_USER}" LANGUAGE )
    [ -n "${lang}" ] && lang="${SSHGATE_DEFAULT_LANGUAGE}"

-    cat "${SSHGATE_DIR_TEMPLATES}/${lang}/${SSHGATE_TOS_FILE}"
+   cat "${SSHGATE_TOS_FILE}"

    echo
    ASK --yesno var "-> 'yes' / 'no' ?"
    [ "${var}" = 'N' ] && exit 1;
    USER_SET_CONF "${SSHKEY_USER}" HAS_ACCEPT_TOS 'true'
  fi
fi

After installation, and answer to questions :
SSHGATE_USERS_MUST_ACCEPT_TOS="Y"

For the first authentication is not validated the TOS,
To fix I had to add in the / etc / sshgate.conf the variable:
SSHGATE_TOS_FILE = "/opt/sshgate/data/templates/fr/TOS.txt"

Jimmy