Further information on username_regex_match upstream
robertgates55 opened this issue · 2 comments
Hey - I think this project could be exactly what I'm after, but I'm struggling to configure it the way I need to.
steve@ ------>| | /---> upstream1.svc:22
| sshpiper | ---+
dave@ ------>| | \---> upstream2.svc:22
Ideally, I'd like the upstreams themselves to be doing the hostkey verification - I'd like sshpiper to do as little as possible except route based on username.
What config is needed for this? I assume I need to create pipes using /sshpiperd pipe add -n steve -u upstream1.svc
(& dave)?
If so, then how does the sshpiperd.yaml
& SSHPIPERD_UPSTREAM_YAML_FILE
affect the routing? I have:
sshpiperd.yaml
version: 1
pipes:
- username: ^dave.*$
username_regex_match: true
upstream_host: host2
ignore_hostkey: true
- username: ^steve.*$
username_regex_match: true
upstream_host: host1
ignore_hostkey: true
but I can't see that this is being used yet. Should passing the YAML file mean I don't have to run the sshpiperd pipe add
commands?
to clarify some concepts:
upstream_uprovider:
the middle ware to handle request from downstream and find proper upstream to it
there are 3 upstream_provider
working_dir: using a home-like directory structure to route
database: put routing info into a database, such as mysql
yaml: put all routing info in a yaml file
working_dir is easy to understand but cannot do some 'rich' routing, for example, regex.
you should use --upstream-driver=
to choose which provide you want to use
upstream_uprovider management tools:
sshpiperd pipe *
is the management tools for upstream provider
it provide some unified commands to add/remove pipes in current upstream provider
last, do you mean hostkey
or userkey
?
hostkey
is not supported and sshpiper cannot pass any key base info to upstream
sshpiper must have a valid private key
, host or user, to talk to upstream.
Thanks - I hadn't found the yaml
upstream_provider at this stage - but had a bit more of a look in the code and found what I needed.