# ssh-bastion
SSH proxy server.
Transport ssh connection to other servers.
Based on [paramiko](https://github.com/paramiko/paramiko)👍.
## Why
System managers may want to limit access routes to their servers,
so this tool can act as a bastion or proxy or whatever-you-call server.
And also if you want the activities of what users did on these servers,
the logging function could help.
## What can do
1. Just works as a normal ssh server.
2. Connect to other ssh servers through this tool.
## What can not do
1. GSSAPI(Kerberos) authentication: Nah...
2. Port, X11 or any other forwarding: Not the purpose of this project.
## Requirements
- Python: 3.6+
- [paramiko](https://pypi.org/project/paramiko/)
- [python-pam](https://pypi.org/project/python-pam/)
- [six](https://pypi.org/project/six/) (Needed by python-pam😟)
- OS: Linux
- PAM module
- Shell
- OpenSSH-client (for scp)
- OpenSSH-server (for sftp)
## Installation
```bash
pip install ssh-bastion
```
## Usage
To start the server:
```bash
ssh-bastion -s
```
For more information:
```bash
ssh-bastion -h
```
Login
1. As a normal ssh server, you know how to use it.
2. As a proxy server:
- Use username like this: `<username of proxy>#<username of target>@<hostname or IP of target>[:<port of target>]`
- You need to use "%" to escape "#", "@", "%" in both usernames.
For example: `A%@very%#strange%%username#%#another%%strange%username@192.168.1.100:2222`
This will connect to `192.168.1.100:2222` with user `#another%strangeusername` via user `A@very#strange%username` on proxy server.
- Use password like this: `<password of proxy>#<password of target>`
- Same as username, you need to use "%" to escape "#" in both passwords.
- When use private key authentication, put the key in ~/.ssh, and name it like this: `<username of target>@<hostname or IP of target>[:<port of target>]`
- Use "%" to escape "@" in username.
## Still working on😴
1. Make command line tool.
1. ~~Start the server.~~
2. ~~Set/unset systemd unit file. (Including reload)~~
3. Generate default config file.
4. Show parsed configuration.
2. ~~PyPI packaglize.~~
3. Private key authentication.
4. Logging.
1. System log
1. DEBUG
2. INFO
3. WARNING
4. ERROR
5. CRITICAL
6. OFF
2. Access log
1. DUMP (file)
2. INFO
3. OFF
3. File (transfer) log
1. DUMP (file)
2. INFO
3. OFF
5. Configuration file. (Including accesss control)
## Vulnerabilities😴
Not yet, will check after all features are done.
## Disclaimer
Use at your own risk.
Raw data
{
"_id": null,
"home_page": "https://github.com/yxc890123/ssh-bastion",
"name": "ssh-bastion",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": null,
"keywords": null,
"author": "yxc890123",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/7c/b7/15d820e864cb90613cbfc644f8220695cf78a3cfb9e1b518e0ad148b0986/ssh_bastion-0.1.3.tar.gz",
"platform": null,
"description": "# ssh-bastion\n\nSSH proxy server.\n\nTransport ssh connection to other servers.\n\nBased on [paramiko](https://github.com/paramiko/paramiko)\ud83d\udc4d.\n\n## Why\n\nSystem managers may want to limit access routes to their servers,\nso this tool can act as a bastion or proxy or whatever-you-call server.\n\nAnd also if you want the activities of what users did on these servers,\nthe logging function could help.\n\n## What can do\n\n1. Just works as a normal ssh server.\n2. Connect to other ssh servers through this tool.\n\n## What can not do\n\n1. GSSAPI(Kerberos) authentication: Nah...\n2. Port, X11 or any other forwarding: Not the purpose of this project.\n\n## Requirements\n\n- Python: 3.6+\n - [paramiko](https://pypi.org/project/paramiko/)\n - [python-pam](https://pypi.org/project/python-pam/)\n - [six](https://pypi.org/project/six/) (Needed by python-pam\ud83d\ude1f)\n- OS: Linux\n - PAM module\n - Shell\n - OpenSSH-client (for scp)\n - OpenSSH-server (for sftp)\n\n## Installation\n\n```bash\npip install ssh-bastion\n```\n\n## Usage\n\nTo start the server:\n\n```bash\nssh-bastion -s\n```\n\nFor more information:\n\n```bash\nssh-bastion -h\n```\n\nLogin\n\n1. As a normal ssh server, you know how to use it.\n2. As a proxy server:\n - Use username like this: `<username of proxy>#<username of target>@<hostname or IP of target>[:<port of target>]`\n - You need to use \"%\" to escape \"#\", \"@\", \"%\" in both usernames.\n\n For example: `A%@very%#strange%%username#%#another%%strange%username@192.168.1.100:2222`\n\n This will connect to `192.168.1.100:2222` with user `#another%strangeusername` via user `A@very#strange%username` on proxy server.\n - Use password like this: `<password of proxy>#<password of target>`\n - Same as username, you need to use \"%\" to escape \"#\" in both passwords.\n - When use private key authentication, put the key in ~/.ssh, and name it like this: `<username of target>@<hostname or IP of target>[:<port of target>]`\n - Use \"%\" to escape \"@\" in username.\n\n## Still working on\ud83d\ude34\n\n1. Make command line tool.\n 1. ~~Start the server.~~\n 2. ~~Set/unset systemd unit file. (Including reload)~~\n 3. Generate default config file.\n 4. Show parsed configuration.\n2. ~~PyPI packaglize.~~\n3. Private key authentication.\n4. Logging.\n 1. System log\n 1. DEBUG\n 2. INFO\n 3. WARNING\n 4. ERROR\n 5. CRITICAL\n 6. OFF\n 2. Access log\n 1. DUMP (file)\n 2. INFO\n 3. OFF\n 3. File (transfer) log\n 1. DUMP (file)\n 2. INFO\n 3. OFF\n5. Configuration file. (Including accesss control)\n\n## Vulnerabilities\ud83d\ude34\n\nNot yet, will check after all features are done.\n\n## Disclaimer\n\nUse at your own risk.\n",
"bugtrack_url": null,
"license": "Apache 2.0",
"summary": "SSH proxy server.",
"version": "0.1.3",
"project_urls": {
"Homepage": "https://github.com/yxc890123/ssh-bastion"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "411cda1debf3cbc61bca4e97e786a49dcba54a9986043989a3038d8d6575e203",
"md5": "0ec5e38a008597fbf26b0772778ee128",
"sha256": "63dc8a8892cd5ca9354432fd9c95f71410bd57afb4ea4e527a4eb430d59f95d5"
},
"downloads": -1,
"filename": "ssh_bastion-0.1.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0ec5e38a008597fbf26b0772778ee128",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 15014,
"upload_time": "2024-06-28T06:53:26",
"upload_time_iso_8601": "2024-06-28T06:53:26.125405Z",
"url": "https://files.pythonhosted.org/packages/41/1c/da1debf3cbc61bca4e97e786a49dcba54a9986043989a3038d8d6575e203/ssh_bastion-0.1.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "7cb715d820e864cb90613cbfc644f8220695cf78a3cfb9e1b518e0ad148b0986",
"md5": "e8bc0026dcca9749d389beb2dba2cf48",
"sha256": "3c37fbf2f24c995120d66eb313513f6c78c2f592e7c7500f2f3deec11d4ac35b"
},
"downloads": -1,
"filename": "ssh_bastion-0.1.3.tar.gz",
"has_sig": false,
"md5_digest": "e8bc0026dcca9749d389beb2dba2cf48",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 15073,
"upload_time": "2024-06-28T06:53:27",
"upload_time_iso_8601": "2024-06-28T06:53:27.761949Z",
"url": "https://files.pythonhosted.org/packages/7c/b7/15d820e864cb90613cbfc644f8220695cf78a3cfb9e1b518e0ad148b0986/ssh_bastion-0.1.3.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-28 06:53:27",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "yxc890123",
"github_project": "ssh-bastion",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "ssh-bastion"
}
JSON
