Archived
1
0
Fork 0
SSH bastion that features transparent connection and session recording
This repository has been archived on 2025-03-10. You can view files and clone it, but cannot push or open issues or pull requests.
Find a file
2019-03-14 19:10:41 +01:00
bastion Add cmake installation rules along with cpack entries. Made cmake_build_type clever. 2019-03-14 19:10:41 +01:00
common Use proper directories configuration from cmake 2019-03-14 17:40:04 +01:00
external Fixed build problem with SESSION_RECORDING flag set to OFF and updated the readme 2019-03-14 16:44:11 +01:00
.gitignore Switched from standard makefile to cmake 2019-02-14 20:48:20 +01:00
.gitmodules Added cmake rules to build libtty from termrec submodule 2019-03-11 19:02:10 +01:00
CMakeLists.txt Add cmake installation rules along with cpack entries. Made cmake_build_type clever. 2019-03-14 19:10:41 +01:00
LICENSE Added README and LICENSE 2019-03-13 17:28:53 +01:00
README.md Add cmake installation rules along with cpack entries. Made cmake_build_type clever. 2019-03-14 19:10:41 +01:00

Bastion

SSH bastion that features transparent connection and session recording.

This project is inspired by https://github.com/moul/sshportal. I wrote this implementation to work around the fact that I couldn't get the go ssh lib to work properly with non interactive sessions, the bug has been open for a long time and I tend to belive it cannot be fixed (https://github.com/moul/sshportal/issues/55).

This bastion project does work properly with non interactive sessions, which allows transparent ansible usage through the bastion.

Contents

Dependencies

This project has only one hard dependency :

  • the libssh from https://www.libssh.org/. You should be able to use your distro's packages if they are recent enough.

The following are optional dependencies :

  • the libtty from https://github.com/kilobyte/termrec which allows session recording.
  • compression libraries like libbz2, liblzma, libz allow on the fly compression of session records.
  • libmysql for now because it hosts the runtime config

Manual Installation

This project is built using cmake :

mkdir build
cd build
cmake ..
make
make install

You can customise the build with the following cmake flags :

  • CMAKE_BUILD_TYPE : Debug|Release|RelWithDebInfo|MinSizeRel, defaults to Release if using a tarball, and Debug if using the git tree
  • CMAKE_INSTALL_PREFIX : path, defaults to /usr/local
  • SESSION_RECORDING : ON|OFF, defaults to ON

For exemple this disables session recording for a debug build and installs the bastion for your current user :

cmake .. -DCMAKE_BUILD_TYPE=Debug -D CMAKE_INSTALL_PREFIX=$HOME/.local -DSESSION_RECORDING=OFF

Usage

Docker

Monitoring

Backup

Scaling