sshproxy

package module

v0.2.0 Latest Latest Go to latest Published: Feb 18, 2023 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cmoog/sshproxy

Links

Open Source Insights

README ¶

sshproxy

Package sshproxy provides a slim SSH reverse proxy built atop the golang.org/x/crypto/ssh package.

go get github.com/cmoog/sshproxy

Authorization termination proxy

sshproxy.ReverseProxy implements a single host reverse proxy for SSH servers and clients. Its API is modeled after the ergonomics of the HTTP reverse proxy implementation from the standard library.

It enables the proxy to perform authorization termination, whereby custom authorization logic of the single entrypoint can protect a set of SSH hosts hidden in a private network.

For example, one could conceivably use OAuth as a basis for verifying identity and ownership of public keys.

Example usage

Consider the following bare-bones example with error handling omitted for brevity.

package main

import (
  "net"
  "golang.org/x/crypto/ssh"
  "github.com/cmoog/sshproxy"
)

func main() {
  serverConfig := ssh.ServerConfig{
    // TODO: add your custom public key authentication logic
    PublicKeyCallback: customPublicKeyAuthenticationLogic
  }
  serverConfig.AddHostKey(reverseProxyHostKey)

  listener, _ := net.Listen("tcp", reverseProxyEntrypoint)
  for {
    clientConnection, _ := listener.Accept()
    go func() {
      defer clientConnection.Close()
      sshConn, sshChannels, sshRequests, _ := ssh.NewServerConn(clientConnection, &serverConfig)

      // TODO: add your custom routing logic based the SSH `user` string, and/or the public key
      targetServer, targetServerConnectionConfig := customRoutingLogic(sshConn.User())

      proxy := sshproxy.New(targetServer, targetServerConnectionConfig)
      _ = proxy.Serve(ctx, sshConn, sshChannels, sshRequests)
    }()
  }
}

Documentation ¶

Overview ¶

Package sshproxy provides a slim SSH reverse proxy built atop the `golang.org/x/crypto/ssh` package.

Index ¶

type ReverseProxy
- func New(targetAddr string, clientConfig *ssh.ClientConfig) *ReverseProxy
- func (r *ReverseProxy) Serve(ctx context.Context, serverConn *ssh.ServerConn, ...) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ReverseProxy ¶

type ReverseProxy struct {
	TargetAddress      string
	TargetClientConfig *ssh.ClientConfig

	// ErrorLog specifies an optional logger for errors
	// that occur when attempting to proxy.
	// If nil, logging is done via the log package's standard logger.
	ErrorLog *log.Logger
}

ReverseProxy is an SSH Handler that takes an incoming request and sends it to another server, proxying the response back to the client.

func New ¶

func New(targetAddr string, clientConfig *ssh.ClientConfig) *ReverseProxy

New constructs a new *ReverseProxy instance.

func (*ReverseProxy) Serve ¶

func (r *ReverseProxy) Serve(ctx context.Context, serverConn *ssh.ServerConn, serverChans <-chan ssh.NewChannel, serverReqs <-chan *ssh.Request) error

Serve executes the reverse proxy between the specified target client and the server connection.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
_examples

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL