TG is the greatest ssh bridge ever ! An SSH bridge, also known as SSH bastion or SSH gateway acts as proxy to handle your SSH connections.

tg -ls view:

First of all, you must have an SSH key on your current machine.

If you don't, create one from your current machine (make sure you provide a password when it asks for one):

ssh-keygen -t rsa -b 4096

Connect to your future bastion server as root (important) :

Install dependencies:

Debian:

apt-get install openssh-server git libjson-perl libemail-mime-perl libdatetime-perl libemail-sender-perl  libemail-mime-creator-perl libjson-xs-perl libwww-perl screen libconvert-base32-perl libauthen-oath-perl

Clone repo in a directory (ex: /opt/tg)

git clone https://github.com/root-gg/tg.git /opt/tg

Create a new user without password and with the tg cache program as shell :

adduser --system --shell /opt/tg/cache --group --disabled-password --home /home/YOURUSER YOURUSER

Replace YOURUSER by the username of your choice.

Now, you must create an SSH key to YOURUSER (this one will be without passphrase) :

sudo -u YOURUSER ssh-keygen -t rsa -b 4096 -N ''

Add your SSH key in /home/YOURUSER/.ssh/authorized_keys If this file does not exist, create it:

touch /home/YOURUSER/.ssh/authorized_keys

And change his owner to YOURUSER

chown YOURUSER: /home/YOURUSER/.ssh/authorized_keys

Try to connect to your bastion host with your key :

ssh [email protected]

This part requires your bastion server to be installed and it must be done on each client you are using.

Choose one of these two methods for each client to fit your needs

First of all, try to connect to your bastion host with your key :

ssh [email protected]

Clone tg in a folder (ex: ~/bin/tg) :

mkdir ~/bin
git clone https://github.com/root-gg/tg.git ~/bin/tg

Change your PATH to add ~/bin/tg :

echo 'export PATH="~/bin/tg::$PATH"' >> ~/.bashrc

Restart your shell !

Initialize TG client :

tg --init

Answer each question according to your bastion server.

Replace YOURUSER by your bastion username and YOURBASTIONHOST by your bastion hostname.

Add tg alias to your bashrc :

echo 'alias tg="ssh -t -t YOURUSER@YOURBASTIONHOST --"' >> ~/.bashrc

Restart your shell !

Try the bastion is working :

tg -ls

If it displays beautiful lines with colors and such, you're good to go !

Optional : Change the default bastion user to root (to connect as root to your servers, by default) :

tg -su root

Main help (quite ugly and incomplete at this time):

tg -h

tg -ls

Replace myserver.mydomain.com by the hostname of the server you want to add

Add host :

tg -a myserver.mydomain.com

Automagically push bastion SSH key to your host (you must provide host password for this) :

tg -ak myserver.mydomain.com

Now you can connect to your host :

tg myserver.mydomain.com

Replace myserver.mydomain.com by your hostname and myalias by the alias you want

tg myserver.mydomain.com is a bit long to type, let's make an alias for this one

Add your host alias :

tg -aa myhostalias myserver.mydomain.com

Now you can connect to your host this way :

tg myalias

When you are pretty soon using a specific command on a host, tg myalias and then mycommand -foo bar is a bit long to type, let's make an alias for this one

Add your command alias :

tg -aca mycommandalias myhostalias -- mycommand -foo bar

Now you can connect run your command on the host this way :

tg mycommandalias

This is used if you want to SSH to your hosts through TOR (if you are a privacy extremist or something...).

On your bastion server, install this dependancy :

apt-get install netcat-openbsd

Debian: On your bastion server, install tor client by following this procedure : https://www.torproject.org/docs/debian.html.en Or, use this quick-win command:

apt-get install tor

Replace myserver.mydomain.com by your hostname

Now you can connect to your hosts through tor this way :

tg -tor myserver.mydomain.com

Replace [email protected] by your mail adress

Enable two factor authentication by mail :

tg -se [email protected]

Now, when you use tg for the first time from a new ip adress, you will need a two-factor authentication code. This code will be sent to you by mail to verify your identity. If two factor authentication with Google Authenticator is also enabled, you can enter one of the two codes.

Follow the instructions to enable two factor authentication with Google Authenticator :

tg -sa

Now, when you use tg for the first time from a new ip adress, you will need a two-factor authentication code. This code will be sent to you by mail to verify your identity. If two factor authentication by mail is also enabled, you can enter one of the two codes.