Further information on username_regex_match upstream
robertgates55 opened this issue · 2 comments
Hey - I think this project could be exactly what I'm after, but I'm struggling to configure it the way I need to.
steve@ ------>| | /---> upstream1.svc:22
| sshpiper | ---+
dave@ ------>| | \---> upstream2.svc:22
Ideally, I'd like the upstreams themselves to be doing the hostkey verification - I'd like sshpiper to do as little as possible except route based on username.
What config is needed for this? I assume I need to create pipes using /sshpiperd pipe add -n steve -u upstream1.svc (& dave)?
If so, then how does the sshpiperd.yaml & SSHPIPERD_UPSTREAM_YAML_FILE affect the routing? I have:
sshpiperd.yaml
version: 1
pipes:
- username: ^dave.*$
username_regex_match: true
upstream_host: host2
ignore_hostkey: true
- username: ^steve.*$
username_regex_match: true
upstream_host: host1
ignore_hostkey: true
but I can't see that this is being used yet. Should passing the YAML file mean I don't have to run the sshpiperd pipe add commands?
to clarify some concepts:
upstream_uprovider:
the middle ware to handle request from downstream and find proper upstream to it
there are 3 upstream_provider
working_dir: using a home-like directory structure to route
database: put routing info into a database, such as mysql
yaml: put all routing info in a yaml file
working_dir is easy to understand but cannot do some 'rich' routing, for example, regex.
you should use --upstream-driver= to choose which provide you want to use
upstream_uprovider management tools:
sshpiperd pipe * is the management tools for upstream provider
it provide some unified commands to add/remove pipes in current upstream provider
last, do you mean hostkey or userkey?
hostkey is not supported and sshpiper cannot pass any key base info to upstream
sshpiper must have a valid private key, host or user, to talk to upstream.
Thanks - I hadn't found the yaml upstream_provider at this stage - but had a bit more of a look in the code and found what I needed.