blob: 4ddb52b82991bada7dd30aecad833fe9422559b6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# Bastion
SSH bastion that features transparent connection and session recording.
This project is inspired by https://github.com/moul/sshportal. I wrote this implementation to work around the fact that I couldn't get the go ssh lib
to work properly with non interactive sessions, the bug has been open for a long time and I tend to belive it cannot be fixed
(https://github.com/moul/sshportal/issues/55).
This bastion project does work properly with non interactive sessions, which allows transparent ansible usage through the bastion.
## Contents
- [Dependencies](#dependencies)
- [Manual installation](#manual-installation)
- [Configuration](#configuration)
- [Usage](#usage)
- [Session recording](#session-recording)
- [Docker](#docker)
- [Log management](#log-management)
- [Monitoring](#monitoring)
- [Backup](#backup)
- [Scaling](#scaling)
- [Special thanks](#special-thanks)
## Dependencies
This project has only two hard dependencies :
- the libconfig from http://www.hyperrealm.com/libconfig/libconfig.html
- the libssh from https://www.libssh.org/. You should be able to use your distro's packages if they are recent enough.
The following are optional dependencies :
- the libtty from https://github.com/kilobyte/termrec which allows session recording.
- compression libraries like libbz2, liblzma, libz allow on the fly compression of session records.
## Manual Installation
This project is built using cmake :
```
git submodule update --init
mkdir build
cd build
cmake ..
make
make install
```
You can customise the build with the following cmake flags :
- `CMAKE_BUILD_TYPE` : Debug|Release|RelWithDebInfo|MinSizeRel, defaults to Release if using a tarball, and Debug if using the git tree
- `CMAKE_INSTALL_PREFIX` : path, defaults to `/usr/local`
- `SESSION_RECORDING` : ON|OFF, defaults to ON
For exemple this disables session recording for a debug build and installs the bastion for your current user :
`cmake .. -DCMAKE_BUILD_TYPE=Debug -D CMAKE_INSTALL_PREFIX=$HOME/.local -DSESSION_RECORDING=OFF`
## Configuration
Here is the default configuration :
```
port = 2222;
keys:
{
dsa = "/home/julien/.local/etc/bastion/ssh_host_dsa_key";
rsa = "/home/julien/.local/etc/bastion/ssh_host_rsa_key";
ecdsa = "/home/julien/.local/etc/bastion/ssh_host_ecdsa_key";
};
session_recording:
{
path = "/home/julien/.local/var/log/bastion/$d/$h/$u/$i.gz"; # $d : date in iso format, $h : hostname, $u : username : $i session id
};
```
## Usage
```
julien@hurricane ~/git/bastion/build (master *$%) $ bastion -h
Usage: bastion [-h] [-v] [-t] [-f] [-c STRING]
-h : show this help message and exit
-v : show version and exit
-t : test configuration file and exit
-f : stay in foreground (don't fork)
-c : specify a path to a configuration file to use instead of the default /home/julien/.local/etc/bastion/bastion.conf
```
## Session recording
## Docker
## Log management
## Monitoring
## Backup
## Scaling
## Special thanks
I would like to thank the developers of the following projects, I am merely standing on the shoulders of giants :
- libconfig from http://www.hyperrealm.com/libconfig/libconfig.html
- libssh from https://www.libssh.org/
- libtty from https://github.com/kilobyte/termrec
- uthash from http://troydhanson.github.io/uthash/
|
