slues

README

Slues

Slues (Plattdeutsch Slüs, for Sluice) is a tiny SSH router script, barely worth creating a repository for. It acts like an Nginx for your SSH apps, letting you gatekeep and route connections to different targets based on the username.

The only really special thing about it is the subdomain-style routing. The highest domain (in the user part of the ssh target) will be omitted in the target route and forwarded, allowing hierarchical routing.

Installation

go install go.steado.tech/slues@latest

Setup

Give it a Key: Slues needs its own host key to greet your guests:

mkdir -p .ssh
ssh-keygen -t ed25519 -f .ssh/id_ed25519 -N ""

Tell it the Routes: Create a config.toml to define your target hosts. You can list multiple targets for a single route to enable automatic round-robin load balancing. You can also specify a default route for any connection that doesn't match an explicit route:

[listen]
  addr = ":2222"
  host_key = ".ssh/id_ed25519"

# Fallback route when no host part is recognized in the username. Blocks the connection if not set.
default = "minot"

[routes.minot]
  targets = [
    { host = "localhost", port = "2223" },
    { host = "localhost", port = "2224" }
  ]

[routes.docs]
  targets = [
    { host = "10.0.0.5", port = "22" }
  ]

Open the Gates:

slues -config /path/to/my-config.toml

How it Works

Slues uses a simple "subdomain" style for usernames: [target_user.]target_host

The Target Host

The target_host is the last part of the username. Slues looks this up in your config.toml. If multiple targets are defined for that host, Slues will cycle through them for each new connection (round-robin).

The Target User

Everything before the last dot is passed through as the username to the destination. If you don't provide a dot, the target_host name is used as the username.