-
Notifications
You must be signed in to change notification settings - Fork 12
/
README
83 lines (67 loc) · 4.24 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
== Welcome to sshGate server ==
sshGate is a tool which helps to configure an OpenSSH server in order to have
a SSH proxy. sshGate uses the double SSH method to be able to connect to
a target host. In fact, sshGate has private ssh-keys of target hosts, makes
ACL checks and can log what users do on a given target host.
/-------> target host N
/--------> . . .
user ----> sshGate ----> target host 1
|-> ACL
|-> targets private sshkeys
|-> users public sshkeys
sshGate is under GPLv2 license.
Server project is located at http://github.com/Tauop/sshGate
Client project is located at http://github.com/Tauop/sshGate-client
ScriptHelper project is located at http://github.com/Tauop/ScriptHelper
== Install & Upgrade ==
If you crab the source for github.com, you need to build a sshGate-server tarball.
For more information : https://github.com/Tauop/sshGate/wiki/BuildPackages
Just run the ./install.sh script and answer to questions.
It you make a upgrade, the installed configuration can be re-used, and
data migration can be performed.
For more information : https://github.com/Tauop/sshGate/wiki/ServerInstallation
== Documentation ==
The project documentation is available on the github wiki at http://github.com/Tauop/sshGate/wiki
== Configuration ==
After installation, sshGate configuration can be changed through the sshgate-configure script,
or you can change settings values in the /etc/sshgate.conf files. This configuration file sets
main settings, and can override internal settings too.
Main settings :
- SSHGATE_VERSION : version of sshGate (do not edit)
- SSHGATE_BUILD : the build number of sshGate (internal use - do not edit)
- SSHGATE_DIRECTORY : root directory of sshGate program
- SCRIPT_HELPER_DIRECTORY : ScriptHelper dependance directory
- SSHGATE_GATE_ACCOUNT : the unix account used by sshGate
- SSHGATE_ALLOW_REMOTE_COMMAND : Do we allow remote command like "sshg 'cmd list targets'" ? default: Y
- SSHGATE_USE_REMOTE_ADMIN_CLI : Do we allow remote administration CLI ? default: Y
- SSHGATE_USERS_MUST_ACCEPT_TOS : Do users have to accept TOS at the first connection ? default: Y
- SSHGATE_EDITOR : editor program to use by sshGate. default: ${EDITOR}
- SSHGATE_TARGETS_SCP_PATH : default SCP path when it's not specified. default: ~/
- SSHGATE_TARGET_DEFAULT_SSH_LOGIN : default ssh login to use when connecting to target host. default: root
- SSHGATE_DEFAULT_LANGUAGE : The default language of sshGate users
- SSHGATE_MAIL_SEND : Is sshGate mail notification activated ? default: N
- SSHGATE_MAIL_TO : mail to this mail adresse if [SSHGATE_MAIL_SEND] is 'Y'
- SSHGATE_MAIL_SUBJECT : E-mail subject to use
other settings which can be override in /etc/sshgate.conf
- SSHGATE_DIR_DATA : sshGate data root directory
- SSHGATE_DIR_TEMPLATES : Directory containing multi-language templates
- SSHGATE_DIR_BIN : binaries of sshGate. default = [SSHGATE_DIRECTORY]/bin
- SSHGATE_DIR_CORE : all sshGate 'func' and 'core' files (internal sshGate library)
- SSHGATE_DIR_TEST : sshGate test files
- SSHGATE_DIR_USERS : users data (ssh keys and properties)
- SSHGATE_DIR_TARGETS : targets data (ssh keys, properties, access, logins, ...)
- SSHGATE_DIR_USERS_GROUPS : usergroups data
- SSHGATE_DIR_LOGS : logs root directory
- SSHGATE_DIR_LOGS_TARGETS : targets logs directory
- SSHGATE_DIR_LOGS_USERS : users logs directory
- SSHGATE_DIR_ARCHIVE : logs archives directory
- SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME : filename of the target private ssh key
- SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME : filename of the target public ssh key
- SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE : path to the default target private ssh key file
- SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE : path to the default target public ssh key file
- SSHGATE_TARGETS_USER_ACCESS_FILENAME : name of the target users access file
- SSHGATE_TARGETS_USERGROUP_ACCESS_FILENAME : name of the target usergroup access file
- SSHGATE_TARGETS_SSH_CONFIG_FILENAME : name of the target ssh configuration file
- SSHGATE_TARGETS_SSH_LOGINS_FILENAME : name of the target ssh login list file
- SSHGATE_LOGS_CURRENT_SESSION_FILE : path to the current session log file
- SSHGATE_TOS_FILENAME : name of the file containing TOS