ssh-proxy with idP support without exposing sshd.
The guilty parties:
ssh client
^
|
v
proxy command
^
| host network
----v-------------------------
proxy server private network
^
|
v
sshd
requirements:
- docker
- go
# run once
$ make init
# build all the things
$ make build
# run sshd
$ docker run -d --name sshd --network pnet sshd
# run proxy-server
$ docker run -p 8080:8080 --network pnet proxy-server
# run ssh client
$ ssh root@sshd -o ProxyCommand="./bin/cmd %h %p"- don't expose sshd
- put sshd_config in docker volume
- make proxy command log to file
- set ssh session timeout to token expiration
- proxy command idP login dance
- mitm
- set sshd hostname
- re-create in AWS alb? no
- mv backend into a private network
- proxy other protocols
- is http.Mux blocking?
- federated auth w JWTs
- ssh certs
- mTLS
- io.MultiWriter for conn metrics
- proxy-command exit codes and error messages
- proxy-server mgmt controls (kill sessions etc)
- unit tests