-
Notifications
You must be signed in to change notification settings - Fork 0
Example Configuration
Simon Schmidt edited this page May 29, 2017
·
2 revisions
The very first thing you should know is, that this software uses its own implementation of the SSH protocol, provided by https://godoc.org/golang.org/x/crypto/ssh ! It is not compatible with regular SSH logins (shell, scp, sftp etc.) and it can't be mixed with those. Instead, the SSH protocol is uses in the same fashion as TLS (to encrypt another protocol on top).
So, basically, if you setup an "sshproxy" server (the binary is called "sotpd"), you should specify a port to accept incoming connections, as well as outgoing connections. If you setup a client for the protocol (anonymization client) you should specify a port to accept SOCKS connections and outgoing connections.
The used configuration format is https://github.com/lytics/confl
# Here is, how you specify one (or more) ports where the server will
# accept SOCKS connections.
socks [
{
# The "net tcp" part can be omitted, as tcp is default.
net tcp
address localhost:9003
}
]
# Here is, how you specify outgoing SSH connections to foreign servers.
connections [
{
# The "net tcp" part can be omitted, as tcp is default.
net tcp
address ':62399'
user pirco
pass secret123
# The SSH protocol requires the host to offer a host key.
# You can verify it using a hash:
hostkey BSHA256:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAK
# This is an SHA256-hash from a public key (OpenSSH 6.8.)
# See also https://www.openssh.com/txt/release-6.8
# or https://tools.ietf.org/html/rfc4648#section-3.2
# or https://godoc.org/golang.org/x/crypto/ssh#FingerprintSHA256
# Keep in mind, that you must prepend a 'B' to the hash.
}
{
# The "net tcp" part can be omitted, as tcp is default.
net tcp
address some.remote.host.net:12345
user eigenname
# You can specify a private key, instead of a password.
# Keep in mind, that you must not indent the key.
privatekey (
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCju6QhIVxGoZrw8lM1rAR2JII00fNbAVogQ4GDEUCCrrsc2Z5c
x2jLewr9Wbi6UCfGMYdz+jORiSpk4qRtuxOC93zwkRSyXsdz6a81267n0vL+72h4
WyWyBgpGxLUE0WnQO5uty/gOkL52UvQA3nz9wgmzM+dN3AKSP+JkqwXbGwIVAO+P
7hjNGz9GubCrN5GWdWeFW0MzAoGADNg8ihj/Z6J3RwDiU06FqxtofNkZF6ImssZG
G6v5oe36cLSeXFdUJJbcozXaCbIGzV1pyyw0wEtzPobAtlfZak6NnEv6a4fvZlim
E7mJjmqoxfHvfGQQFa2cXAk+JCCEZvXMVnPmcrjL3iDWwkdv3dJq0jXJ+A3+9Sp+
u9WzkW8CgYAtDs7Yv06P3t1DNPU9U3vf8eKBXznBKllummdoq350vIwgoqWL4AU5
/8WXCLv2wj6i0NbVP7Sxh6KTf+V4mZtkb3ljv+vyYhTKPnFZ8y794Eenw7Ymv1/P
95Jcb1s4KmV3ZG9lmIa5dIb/XxKNCWL2pLMAu/PRe++ySfcmlGOpvQIVAI/5auF8
0QOtOZHIOF/qYQC8SQb8
-----END DSA PRIVATE KEY-----
)
}
{
# The "net tcp" part can be omitted, as tcp is default.
net tcp
address other.remote.host.net:63999
user vectorMaster
# You can also specify multiple keys.
privatekeys [
(
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCju6QhIVxGoZrw8lM1rAR2JII00fNbAVogQ4GDEUCCrrsc2Z5c
x2jLewr9Wbi6UCfGMYdz+jORiSpk4qRtuxOC93zwkRSyXsdz6a81267n0vL+72h4
WyWyBgpGxLUE0WnQO5uty/gOkL52UvQA3nz9wgmzM+dN3AKSP+JkqwXbGwIVAO+P
7hjNGz9GubCrN5GWdWeFW0MzAoGADNg8ihj/Z6J3RwDiU06FqxtofNkZF6ImssZG
G6v5oe36cLSeXFdUJJbcozXaCbIGzV1pyyw0wEtzPobAtlfZak6NnEv6a4fvZlim
E7mJjmqoxfHvfGQQFa2cXAk+JCCEZvXMVnPmcrjL3iDWwkdv3dJq0jXJ+A3+9Sp+
u9WzkW8CgYAtDs7Yv06P3t1DNPU9U3vf8eKBXznBKllummdoq350vIwgoqWL4AU5
/8WXCLv2wj6i0NbVP7Sxh6KTf+V4mZtkb3ljv+vyYhTKPnFZ8y794Eenw7Ymv1/P
95Jcb1s4KmV3ZG9lmIa5dIb/XxKNCWL2pLMAu/PRe++ySfcmlGOpvQIVAI/5auF8
0QOtOZHIOF/qYQC8SQb8
-----END DSA PRIVATE KEY-----
)
(
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCju6QhIVxGoZrw8lM1rAR2JII00fNbAVogQ4GDEUCCrrsc2Z5c
x2jLewr9Wbi6UCfGMYdz+jORiSpk4qRtuxOC93zwkRSyXsdz6a81267n0vL+72h4
WyWyBgpGxLUE0WnQO5uty/gOkL52UvQA3nz9wgmzM+dN3AKSP+JkqwXbGwIVAO+P
7hjNGz9GubCrN5GWdWeFW0MzAoGADNg8ihj/Z6J3RwDiU06FqxtofNkZF6ImssZG
G6v5oe36cLSeXFdUJJbcozXaCbIGzV1pyyw0wEtzPobAtlfZak6NnEv6a4fvZlim
E7mJjmqoxfHvfGQQFa2cXAk+JCCEZvXMVnPmcrjL3iDWwkdv3dJq0jXJ+A3+9Sp+
u9WzkW8CgYAtDs7Yv06P3t1DNPU9U3vf8eKBXznBKllummdoq350vIwgoqWL4AU5
/8WXCLv2wj6i0NbVP7Sxh6KTf+V4mZtkb3ljv+vyYhTKPnFZ8y794Eenw7Ymv1/P
95Jcb1s4KmV3ZG9lmIa5dIb/XxKNCWL2pLMAu/PRe++ySfcmlGOpvQIVAI/5auF8
0QOtOZHIOF/qYQC8SQb8
-----END DSA PRIVATE KEY-----
)
]
}
]
# Here is, how you specify ports where the server will accept incoming SSH
# connections. Keep in mind, that even servers should always define
# outgoing SSH connections.
listeners [
{
# The "net tcp" part can be omitted, as tcp is default.
net tcp
address yetanother.remotehost.net:54321
auth {
pirco { pass secret123 }
otherUser {
# This is an SHA256-hash from a public key (OpenSSH 6.8.)
# See also https://www.openssh.com/txt/release-6.8
# or https://tools.ietf.org/html/rfc4648#section-3.2
# or https://godoc.org/golang.org/x/crypto/ssh#FingerprintSHA256
sha256 SHA256:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAK
# You can also write
hash SHA256:MTIzNDU2Nzg5MDEyMzQ1Njc4OTAK
# instead!
# similarily you can use md5 hashes:
md5 76:5e:bf:24:44:33:11:e7:90:d7:34:17:eb:ba:fb:44
# see also https://godoc.org/golang.org/x/crypto/ssh#FingerprintLegacyMD5
}
thirdUser {
# "any pass" means that every password is accepted.
# "any key" means that every key is accepted.
# "any auth" means that both every password and
# every key is accepted.
any pass
}
}
# You must specify a host key. (The SSH-implementation won't run without)
privatekey (
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQCju6QhIVxGoZrw8lM1rAR2JII00fNbAVogQ4GDEUCCrrsc2Z5c
x2jLewr9Wbi6UCfGMYdz+jORiSpk4qRtuxOC93zwkRSyXsdz6a81267n0vL+72h4
WyWyBgpGxLUE0WnQO5uty/gOkL52UvQA3nz9wgmzM+dN3AKSP+JkqwXbGwIVAO+P
7hjNGz9GubCrN5GWdWeFW0MzAoGADNg8ihj/Z6J3RwDiU06FqxtofNkZF6ImssZG
G6v5oe36cLSeXFdUJJbcozXaCbIGzV1pyyw0wEtzPobAtlfZak6NnEv6a4fvZlim
E7mJjmqoxfHvfGQQFa2cXAk+JCCEZvXMVnPmcrjL3iDWwkdv3dJq0jXJ+A3+9Sp+
u9WzkW8CgYAtDs7Yv06P3t1DNPU9U3vf8eKBXznBKllummdoq350vIwgoqWL4AU5
/8WXCLv2wj6i0NbVP7Sxh6KTf+V4mZtkb3ljv+vyYhTKPnFZ8y794Eenw7Ymv1/P
95Jcb1s4KmV3ZG9lmIa5dIb/XxKNCWL2pLMAu/PRe++ySfcmlGOpvQIVAI/5auF8
0QOtOZHIOF/qYQC8SQb8
-----END DSA PRIVATE KEY-----
)
}
]