What happened:
Unsetting a hop from a host using host update --unset-hop <host> unsets the hops from all the hosts it is set on :

config> host ls
   ID  |            NAME            | |            HOP
+------+----------------------------+-+----------------------------+
     3 | test3                      | | test1
     2 | test2                      | | test1
     1 | test1                      | |
config> host update --unset-hop 2
config> host ls
   ID  |            NAME            | |            HOP
+------+----------------------------+-+----------------------------+
     3 | test3                      | |
     2 | test2                      | |
     1 | test1                      | |

What you expected to happen:

Hop should be unset only on the specified host.

How to reproduce it (as minimally and precisely as possible):
See example above.

Hi,

I could be great to be able to do configuration through conf files (yaml,json ...),
to be able to push them with configuration management software (ansible,puppet,chef....)
maybe sync them to database (and keep the dynamic ssh invite key registration).

Currently we could generate mysql query, but if we apply them multiple time, we have duplicate entries on some tables. (don't remember exactly, but I think this is the case for permissions)

I'm implementing a simple ssh server on top of gliderlabs/ssh and realized it doesn't properly support scp/rsync. Do you have any tips/pointers as to how I might add that to my server? It's not clear from your codebase how you support it, or I'd look at that :)

Hi, is it possible to restrict a user to only connect using SFTP ? I looked in the readme and I checked the acl command but I was unable to find the answer to that question.

Thanks

I suggest to add ability to set DB driver and DB credentials from Environment Variables.
see https://12factor.net/config

Any users should be abble to be granted the admin rights.

Access to admin interface through user@sshportal ssh login.

Implement exit command to kill interactive command line when done.

build fail on MS Windows

.\main.go:282:14: undefined: pty.Start
.\main.go:290:31: not enough arguments in call to syscall.Syscall
.\main.go:290:32: undefined: syscall.SYS_IOCTL
.\main.go:290:67: undefined: syscall.TIOCSWINSZ

Compilation finished with exit code 2

go version go1.9.2 windows/amd64, win 10 Pro

Informations :
Kernel: Linux mercury 4.13.0-16-lowlatency #19-Ubuntu SMP PREEMPT Wed Oct 11 19:51:52 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Distrib: Ubuntu 17.10
Docker: Docker version 17.11.0-ce, build 1caf76c
SSH Client: OpenSSH_7.5p1 Ubuntu-10, OpenSSL 1.0.2g 1 Mar 2016

Reproduction :

docker run -p 2222:2222 -d --name=sshportal -v "$(pwd):$(pwd)" -w "$(pwd)" moul/sshportal:latest
ssh localhost -p 2222 -l invite:<token>

After running the client freeze, impossible to Ctrl+C or anything like this. If you need something more tell me :)

What happened:

When using sshportal, for instance, for sftp connections, session logs contains all data sent. So if you send large volumes of data, you have all of them written to session logs on portal server, so after some time the disk is full and portal stops working.

What you expected to happen:

IMO, session logs are rather impractical, because you can attack portal server with simple shell script producing lots of data, or by simply sending large files with sftp. So, it would be good idea to add global option to disable logs (and disable logs by default).

Using nullfs with the current version as a temporarily hack.

What happened:
When we are running commands in non-interactive sessions against a server, the command exits with status -1 and without any output.

What you expected to happen:
The commands should run and produce some output.

How to reproduce it (as minimally and precisely as possible):
Running the command
ssh $SSHPORTAL_HOST -p $SSHPORTAL_PORT -l $TARGET_HOST "<<cmd here>>" in terminal works, but running the same e.g. inside and CI chain or Docker-Container produces the error. No ssh-client option (-t, -tt, ..) or forcing to run as interactive session still works.
The server-session log file lists the requested command, but without any output.

Anything else we need to know?:
The Log says "Error: rch closed the connection"

Environment:
OS Type: linux
OS Architecture: amd64
Go routines: 35
Go version (build): go1.12.1
Uptime: 49h40m44.268702385s
User ID: 1
User email: admin@localhost
Version: 1.9.0+dev
GIT SHA: 883bad2
GIT Branch: master
GIT Tag: v1.9.0-33-g883bad2

What happened:

1. Running a command such as ssh somehost@sshportal hostname will sometimes return the command out put and sometimes not.

2. Piping something to a command input such as :

echo "print('test')" | ssh somehost@sshportal '/bin/sh -c '"'"'/usr/bin/python && sleep 0'"'"''

seems to never return a result.

What you expected to happen:
Command output to show up.

How to reproduce it (as minimally and precisely as possible):
Test with the aforementionned commands, see if you get a result.

Anything else we need to know?:
Running Ansible through sshportal doesn't work and due to the way it uses python I suspect this is related to the fact the second command I gave as example doesn't work.

Environment:
debug mode (server): false
Demo mode: false
DB Driver: mysql
Bind Address: :2222
OS Type: linux
OS Architecture: amd64
Go routines: 11
Go version (build): go1.9.4
Version: 1.7.1+dev
GIT SHA: 47a6fc9
GIT Branch: dont_crash_on_missing_user
GIT Tag: v1.7.1-41-g47a6fc9

install method : docker build
OS : debian 9

Hi,

go get looks broken after last patches ?

What happened:

go get -u moul.io/sshportal
package github.com/moby/moby/pkg/namesgenerator: code in directory /usr/local/go/src/github.com/moby/moby/pkg/namesgenerator expects import "github.com/docker/docker/pkg/namesgenerator"

What you expected to happen:
installing successfully

How to reproduce it (as minimally and precisely as possible):
go get -u moul.io/sshportal

Anything else we need to know?:
EDIT: sed -ie "17s/moby/docker/g" src/moul.io/sshportal/shell.go seems to be working
EDIT2: sed -ie "18s/moby/docker/g" src/moul.io/sshportal/pkg/bastion/shell.go seems to be working

Environment:

• sshportal --version :

/usr/local/go/bin/sshportal --version            
sshportal version 1.8.0+dev ()   

Currently, a file copy done through sshportal using utilities such as scp or rsync logs the file content.

(at least when pulling a file, oddly enough the file content doesn't seem to be logged when pushing a file)

If many files or big files are being copied this can quickly lead to a huge usage of storage space.

It would be great if there was a way to detect sessions that are scp/rsync/etc and avoid logging their content.

Having some issues building. Has this been added after the fact. The SHA in vendor.json doesn't appear to have it in the upstream repo. What do?

./proxy.go:31: s.MaskedReqs undefined (type "github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh".Session has no field or method MaskedReqs)

Hi!
If in CLI I press enter without any command the program panic.

I'm using last docker image

config> info
Debug mode (server): false
Hostname: 6e60ad0b0a2f
CPUs: 4
Demo mode: false
DB Driver: sqlite3
DB Conn: ./sshportal.db
Bind Address: :2222
System Time: 2017-12-15T08:45:50.935254557Z
OS Type: linux
OS Architecture: amd64
Go routines: 9
Go version (build): go1.9.2
Uptime: 7.928332912s
User email: 1
User email: admin@sshportal
Version: 1.6.0+dev
GIT SHA: a413aa86c277941b831ecbe3dcecaec117d5a0b5
GIT Branch: master
GIT Tag: a413aa8

config> version
1.6.0+dev

2017/12/15 08:44:23 New connection: sshUser="admin" remote="172.16.1.36:22407" local="172.17.0.2:2222" command=[] dbUser=id:'\x01',email:admin@sshportal
panic: runtime error: index out of range

goroutine 81 [running]:
main.(*Event).SetArg(...)
        /go/src/github.com/moul/sshportal/shell.go:1921
main.shell(0xc42027a420, 0xdf80a0, 0xc42031f6b0, 0x0, 0x0, 0x0, 0xc4200f62d0, 0x0, 0x0)
        /go/src/github.com/moul/sshportal/shell.go:1921 +0x884c
main.server.func2(0xdf80a0, 0xc42031f6b0)
        /go/src/github.com/moul/sshportal/main.go:135 +0x17ef
github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh.(*session).handleRequests.func1(0xc42031f6b0)
        /go/src/github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh/session.go:231 +0x3b
created by github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh.(*session).handleRequests
        /go/src/github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh/session.go:230 +0x4e2

What happened:

When connecting to a host through sshportal, an entry is created in the sessions table. But all connections are shown as "Closed" immediately, and the stopped_at column is set to the same value as the created_at.

What you expected to happen:

sshportal saves the timestamp when the connection closes.

How to reproduce it (as minimally and precisely as possible):

1. Setup sshportal with a user and a host
2. Connect to the host
3. In another terminal, run session ls in sshportal
4. Session is marked as "Closed", with a 1s duration

Environment:

• sshportal --version: sshportal version 1.8.0+dev ()
• sshportal info:

debug mode (server): false
Hostname: bastion
CPUs: 4
Demo mode: false
DB Driver: mysql
DB Conn: REDACTED@tcp(localhost:3306)/sshportal?charset=utf8&parseTime=true&loc=Local
Bind Address: :2222
System Time: 2018-06-26T14:22:35.351678631Z
OS Type: linux
OS Architecture: amd64
Go routines: 2275
Go version (build): go1.8.3
Uptime: 1302h33m53.669240829s
User ID: 4
User email: REDACTED
Version: 1.8.0+dev
GIT SHA:
GIT Branch:
GIT Tag:

• OS: CentOS 7.4.1708
• install method: go
• installed with a MySQL DB to store data

What happened:
Doing a session ls results in an error message :

config> session ls
error: Error 1390: Prepared statement contains too many placeholders

What you expected to happen:

Sessions should be listed.

How to reproduce it (as minimally and precisely as possible):
Doing a session ls while having many sessions in the database (90000+ in our case) and using MySQL.

Hello,
how to Reconnect to another server or selected server from list from admin console?

Sorry for this stupid question... but, I feel the current documentation is quite confusing. 😕

Technically, what is the architecture of sshportal? Something like this:

  ssh (client) -------/ Internet /------> sshportal --------/ Private LAN /--------> ssh-server
                     [SSH protocol]                          [SSH protocol]

So the client stablish the SSH connection to the sshportal, and after the sshportal stablish another SSH connection to the target server?

If this is true, then:

• Can the cypher be different for each connection?
• Can the SSH client connection use Compression, and not the SSH server?
• Dynamic SSH commands that runs the SSH client (like create tunnel, repeat key exchange, etc.; that are executed after the connection is stablished) are passed to the target host, or are processed by the sshportal process?

Please help me to better understand the architecture.
Thank you!

What happened:
tried to change admin name / email

config> user update --name cnf admin
config> user ls
  ID | NAME  |          EMAIL          |      ROLES       | KEYS |    GROUPS    |    UPDATED    |    CREATED     |       COMMENT         
+----+-------+-------------------------+------------------+------+--------------+---------------+----------------+----------------------+                  
   1 | admin | admin@localhost         | admin            |    1 | default      | now           | 30 minutes ago | created by sshportal  

What you expected to happen:
for the admin name / email to change
How to reproduce it (as minimally and precisely as possible):
try changing the admin name / email
Anything else we need to know?:

When I change it from another users that I made admin, it SEEMS like it changed, until i log in as the admin user again, and everything is reverted.

Environment:
installed with docker

config> version
1.8.0+dev
config> info
debug mode (server): false
Hostname: remote-access-sshportal-1
CPUs: 1
Demo mode: false
DB Driver: sqlite3
DB Conn: ./sshportal.db
Bind Address: :2222
System Time: 2018-09-29T13:39:02.3592274Z
OS Type: linux
OS Architecture: amd64
Go routines: 34
Go version (build): go1.9.5
Uptime: 29m17.979287554s
User ID: 1
User email: admin@localhost
Version: 1.8.0+dev
GIT SHA: a22f8f0b7b3d8174ee5ac66c381cccb9e8cbb1b7
GIT Branch: master
GIT Tag: a22f8f0

Hi!
I run the docker container as per instructions.
docker run -p 2222: 2222 -d --name = sshportal -v "$ (pwd): $ (pwd)" -w "$ (pwd)" moul / sshportal: v1.9.0

I looked through the logs through
docker logs -f sshportal

Found there administrator invite token.

When connected using
ssh localhost -p 2222 -l [invite token]

Output:

The authenticity of host '[localhost]: 2222 ([:: 1]: 2222)' can't be established.
RSA key fingerprint is SHA256: J3XonjHWFoMaFTeNIqhbSFmdbvVa4Yyy12wtuCYvsZs.
Are you sure you want to continue connecting (yes / no)? yes
Warning: Permanently added '[localhost]: 2222' (RSA) to the list of known hosts.
invite: ERzPy8kOtbatlurd @ localhost's password:

Why does he ask for a password?

• sshportal --version sshportal version 1.9.0+dev
• install method docker

The sessions list is very useful for auditing connections, but storing the IP address used to connect to a certain host would allow us to detect unusual behavior (such as detecting a sudden change in the IP used, or geolocating them on a map).

debug mode (server): false
Hostname: bastion
CPUs: 4
Demo mode: false
DB Driver: mysql
DB Conn: REDACTED@tcp(localhost:3306)/sshportal?charset=utf8&parseTime=true&loc=Local
Bind Address: :2222
System Time: 2018-06-26T14:22:35.351678631Z
OS Type: linux
OS Architecture: amd64
Go routines: 2275
Go version (build): go1.8.3
Uptime: 1302h33m53.669240829s
User ID: 4
User email: REDACTED
Version: 1.8.0+dev
GIT SHA:
GIT Branch:
GIT Tag:

What happened:

When the host you are trying to connect is unavailable for some reason, sshportal is trying to connect infinitely, because Timeout field in gossh client configuration is equal to 0 by default. So client has endlessly frozen session.

What you expected to happen:

It would be great to have some (configurable) timeout value for outgoing connections in gossh client config (as a global option maybe). So, if some host is unavailable, client connection is closed by portal.

How to reproduce it (as minimally and precisely as possible):

To reproduce, just add some unavailable host and try to connect to it via portal. The host is unavailable, but ssh connection to portal is live and does nothing.

Anything else we need to know?:

To really close the connection, you need to add missing lch.Close() after error check in ChannelHandler:

    rconn, err := gossh.Dial("tcp", config.Addr, config.ClientConfig)
    if err != nil {
            lch.Close() // close client connection
            return err
    }

BTW, thanks for great tool, trying to use it internally in medium-sized web shop for interactive shells and afuse+sshfs mounted file systems.

Session keeps open forever. Should implement idle timeout to close server side session if client side is dead.

Hi,

I know that all of you think that keys are secure. And you're right. However, passwords can be useful on a some environments. So, I request if it's possible to support passwords for user authentication too.

Thank you!

Hi! Can SSHportal be called simultaneously by multiple programs i.e. through an API? What's the recommended way of automating user, ACL creation etc.? Direct database edits? Automated ssh shell input scripting i.e. Python paramiko?

Also, just to clarify, what does Host Keys verifications shared across users mean? Does that mean it will record the identity of the remote server once (trust on first use) and this shall be recorded for all SSHPortal users?

Hi, thanks for your work.
I'm trying to use PuTTY on Windows 10 (default settings) and it doesn't connect to destination server (admin session work good).

PuTTY error
Disconected: Server protocol violation: unexpected SSH2_MSG_CHANNEL_SUCCESS packet

sshportal log

2017/12/25 12:16:35 New connection: sshUser="dev" remote="172.16.1.36:57353" local="172.17.0.2:2222" command=[] dbUser=id:'\x01',email:admin@sshportal
2017/12/25 12:16:35 SSH Connection established

config> info
Debug mode (server): false
Hostname: 89ac0e76234d
CPUs: 4
Demo mode: false
DB Driver: sqlite3
DB Conn: ./sshportal.db
Bind Address: :2222
System Time: 2017-12-25T12:18:54.035718535Z
OS Type: linux
OS Architecture: amd64
Go routines: 18
Go version (build): go1.9.2
Uptime: 24m13.976681124s
User email: 1
User email: admin@sshportal
Version: 1.6.0+dev
GIT SHA: c8fb1037621034abc3b4af85c20e8b8bde1fbf69
GIT Branch: master
GIT Tag: c8fb103

PuTTY

Release 0.70

Build platform: 64-bit Windows
Compiler: clang 5.0.0 (http://llvm.org/git/clang.git dba970f4d143480b964f77b363ec23f22cea0390) (http://llvm.org/git/llvm.git 52ebe03cb0a728134e66d04f85281bc5a60d7091), emulating Visual Studio 2013 / MSVC++ 12.0 (_MSC_VER=1800)
Source commit: 3cd10509a51edf5a21cdc80aabf7e6a934522d47

© 1997-2017 Simon Tatham. All rights reserved.

sshportal is amazing and the invite-based flow for adding users is pretty awesome!

But in some cases the information I have from the target user is their username and public key (because they already login to a normal SSH server that I own), and I'd like to make the process transparent for them so they login to sshportal as if it was the existing server.

Is there a way currently to add a user based on their public key (other than editing the database or backup config, of course)?

Here's a command that would work well for me, I think:

user create nictuku --key='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEoD6YVJWufZaFCd41WEdeBsENMJWnwibs6SE87R/7qPb0cZFoEvoTsxwX5qGW/DTr4uYJUjlxFgM2GRUrcceAeFVSDEEqa7OU5tM5ABRE9jAS99V3D1kgj9RTcDhBI7y/lE8e0qSgfICZteJTvbcxHZltiBdrlrz8hDexL44rAez6s3/76SPK6OeIGzRJUmJ/PJMRS3nsFXj1WJD6sdMKkdpEJVrAMXg/GESwx4V66BMt2ZMoFvdmSgxts+f6CLSGkBhHzuty4sXhazVXvpnR5ha9zj8qyBHTvyalJJKxRAxx/PkHX82TiK0YWvTotKNaMKF+/SC7aVEki3wLP7wz'

Would that make sense? Let me know if you'd accept a PR to add this. Or perhaps you could suggest a better way for me to support my use case?

Many thanks!

What happened:
With mysql, when hosts are created, it's a concatenation of the username and the target host.
The combination of the two can be more than 32 chars.
32 is the maximum length of that field (https://github.com/moul/sshportal/blob/master/db.go#L56)
The field has a UNIQUE constraint, which can lead to problems creating new entries.

When that happen, the user:host is truncated.
Ex:
this-is-a-long-username:this-is-a-long-hostname
is transformed to :
this-is-a-long-username:this-is-

What you expected to happen:
"this-is-a-long-username:this-is-a-long-hostname" should be kept as-is

How to reproduce it (as minimally and precisely as possible):
Use a long username and/or a long hostname

Anything else we need to know?:

Version: 1.7.1+dev
Os: debian 9.4

Thank you
Yoda-BZH on IRC

ACL details should be updatable.

ACL parsing order should be possible and reordering must be implemented.

Parsing rule & method should be shared on documentation.

• Support specifying "connection driver" when managing hosts, prefixing hosts with ssh://, telnet:// scheme?
• Add telnet support
• Create a DB migration
• Document it in the README.md file

dev branch: https://github.com/moul/sshportal/tree/dev/moul/telnet

What happened:
typed session ls on the config> prompt, and the server crashed.

What you expected to happen:
to get a list of sessions.

How to reproduce it (as minimally and precisely as possible):
Run v1.7.1 in docker, create an admin user, type session ls

Anything else we need to know?:

config> info
Debug mode (server): false
Hostname: remote-access-sshportal-1
CPUs: 1
Demo mode: false
DB Driver: sqlite3
DB Conn: ./sshportal.db
Bind Address: :2222
System Time: 2018-03-04T16:01:29.11994402Z
OS Type: linux
OS Architecture: amd64
Go routines: 11
Go version (build): go1.9.2
Uptime: 2m34.699442174s
User ID: 1
User email: admin@sshportal
Version: 1.7.1
GIT SHA: 2555c478b484c6b420c586c2c2a53b22445e3f7f
GIT Branch: HEAD
GIT Tag: v1.7.1

installed in docker

** Tracebacks**:

2018/03/04 16:02:15 info: shell session  {"args":["ls"],"interactive":true}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x7975fb]

goroutine 140 [running]:
main.shell.func41(0xc420547760, 0x0, 0xc420547760)
	/go/src/github.com/moul/sshportal/shell.go:1886 +0x61b
github.com/moul/sshportal/vendor/github.com/urfave/cli.HandleAction(0x91de20, 0xc4202291d0, 0xc420547760, 0xc42004d600, 0x0)
	/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/app.go:502 +0xd2
github.com/moul/sshportal/vendor/github.com/urfave/cli.Command.Run(0x99b2ca, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a36cf, 0xe, 0x0, ...)
	/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/command.go:210 +0xaad
github.com/moul/sshportal/vendor/github.com/urfave/cli.(*App).RunAsSubcommand(0xc4200f0a80, 0xc4205474a0, 0x0, 0x0)
	/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/app.go:383 +0xad7
github.com/moul/sshportal/vendor/github.com/urfave/cli.Command.startApp(0x99f15b, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a4b23, 0x10, 0x0, ...)
	/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/command.go:298 +0x944
github.com/moul/sshportal/vendor/github.com/urfave/cli.Command.Run(0x99f15b, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a4b23, 0x10, 0x0, ...)
	/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/command.go:98 +0x136a
github.com/moul/sshportal/vendor/github.com/urfave/cli.(*App).Run(0xc4200f0700, 0xc4202fb320, 0x3, 0x3, 0x0, 0x0)
	/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/app.go:259 +0x740
main.shell(0xe14280, 0xc420265d90, 0xc4200ecbb8, 0x5)
	/go/src/github.com/moul/sshportal/shell.go:1935 +0x59d7
main.shellHandler(0xe14280, 0xc420265d90)
	/go/src/github.com/moul/sshportal/ssh.go:211 +0x696
github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh.(*session).handleRequests.func1(0xc420265d90)
	/go/src/github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh/session.go:219 +0x3b
created by github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh.(*session).handleRequests
	/go/src/github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh/session.go:218 +0x216

Users details should be updatable.

A user should be abble to belong to multiple groups.

What happened:
When doing a session ls, sessions are all shown as closed, even those that are currently open.

What you expected to happen:
Open session sshould be marked as open.

How to reproduce it (as minimally and precisely as possible):
Open a session to a host and in parallel do a session ls on the sshportal cli. The session will be seen as closed even though it is open

All import references to moul.io seems wrong.

Quick fix:

grep --include='*.go' -lR '"moul.io/sshportal/pkg/' . ~/go/src/ |
  xargs -r sed -i 's,moul.io/sshportal/pkg/,github.com/moul/sshportal/pkg/,g'

Private key is escaped when consulting it with key inspect cli command.

\n all other the place.

Would be better :

• Remove the \n
• or Display it properly

Hello,

Can you provide a Debian package, or the necessary files to create one ?

Thank you !
Regards,
Yoda-BZH

There's a small issue that we should care about:

These two lines give errors
u.Port undefined (type *url.URL has no field or method Port)
u.Hostname undefined (type *url.URL has no field or method Port)

In fact these functions seem to be supported only since go 1.8. I can

• Correct this to make it work with prior version
• Add some doc to point out golang version at least 1.8 is mandatory
  Which solution do you prefer ?

What happened:
when ssh into sshportal gateway while backend host is a telnet:// host, after the connection established I can not input into the telnet session. I tried use -T option with ssh command, then I can input into telnet session, but have other problems, such as local echo always on and array keys display as ^H...

What you expected to happen:
telnet session work as ssh

How to reproduce it (as minimally and precisely as possible):
running sshportal with docker as writing in README, then add a host with telnet:// protocol, then ssh into sshportal with login name with telnet host name.

Anything else we need to know?:

Environment:
debug mode (server): false
Hostname: 34d63abd0366
CPUs: 4
Demo mode: false
DB Driver: sqlite3
DB Conn: ./sshportal.db
Bind Address: :2222
System Time: 2019-07-04T03:42:03.900987371Z
OS Type: linux
OS Architecture: amd64
Go routines: 14
Go version (build): go1.12.6
Uptime: 106h6m11.889602116s
User ID: 1
User email: admin@localhost
Version: 1.10.0+dev
GIT SHA: c5681bf
GIT Branch: master
GIT Tag: v1.10.0-1-gc5681bf

Hi! Thanks so much for building this, I have been looking for something like this for a long time. Is this production ready? E.g. if I let students (assuming hostile users) SSH into various servers hosting Jupyter notebooks, is there any possibility that the bastion server may be compromised etc.? If it get compromised, is there any risk for other users to be MITMed?

Hello
When i try create user key console freeze on input fileld but server work
In this help only restart server
Any ideas ?

What happened:
I opened a connection with ssh somehost@portsl -D 3128 and tried using that port as a SOCKS proxy. This works fine if I do an ssh someuser@somehost -D 3128, but going through sshportal, that connection doesn't seem to get forwarded.

What you expected to happen:
For there to be an SOCKS5 capable connection.

How to reproduce it (as minimally and precisely as possible):
Set up sshportal as normal, run ssh host@portal -D 3128, and point your browser to 127.0.0.1:3128 as a SOCKS5 proxy

Anything else we need to know?:

config> info
Debug mode (server): false
Hostname: remote-access-sshportal-1
CPUs: 1
Demo mode: false
DB Driver: sqlite3
DB Conn: ./sshportal.db
Bind Address: :2222
System Time: 2018-03-04T16:35:17.452370294Z
OS Type: linux
OS Architecture: amd64
Go routines: 45
Go version (build): go1.9.2
Uptime: 17m39.569968326s
User ID: 1
User email: admin@sshportal
Version: 1.7.1
GIT SHA: 2555c478b484c6b420c586c2c2a53b22445e3f7f
GIT Branch: HEAD
GIT Tag: v1.7.1

Hi,

As I understand the current behaviour is to map users to hosts like:

  <USER_A> -----------> <HOST_1> ... <HOST_N>
  <USER_B> -----------> <HOST_X> ... <HOST_Z>

And each host is linked to just one "user@" in that host.

If this is true, I suggest to support some special method to use variable users. For example, instead of ssh hostname@portal something like ssh hostname:user@portal. For sure, this will be available only to hosts with this functionality enabled, and for users with access to these hosts.

What you think?

What happened:
Typing userkey ls as admin crashes the process with the following stacktrace :

Mar 14 11:25:17 awhsshportal1 e2a330b0dd81[10318]: 2018/03/14 10:25:17 New connection(shell): sshUser="XXX" remote="1.2.3.4:28731" local="172.17.0.2:2222" command=[] dbUser=id:'\b',email:XXX@XXX
Mar 14 11:25:20 awhsshportal1 e2a330b0dd81[10318]: 2018/03/14 10:25:20 info: shell info  {"args":[],"interactive":true}
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: 2018/03/14 10:25:25 info: shell userkey  {"args":["ls"],"interactive":true}
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: panic: runtime error: invalid memory address or nil pointer dereference
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x58 pc=0x7a34fc]
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: 
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: goroutine 19535 [running]:
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: main.shell.func38(0xc42063b760, 0x0, 0xc42063b760)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/shell.go:1867 +0x6ac
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: github.com/moul/sshportal/vendor/github.com/urfave/cli.HandleAction(0x931740, 0xc42031e090, 0xc42063b760, 0xc4205a0500, 0x0)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/app.go:502 +0xd2
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: github.com/moul/sshportal/vendor/github.com/urfave/cli.Command.Run(0x9b1206, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9b9680, 0xe, 0x0, ...)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/command.go:210 +0xaad
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: github.com/moul/sshportal/vendor/github.com/urfave/cli.(*App).RunAsSubcommand(0xc420116700, 0xc42063b4a0, 0x0, 0x0)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/app.go:383 +0xad7
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: github.com/moul/sshportal/vendor/github.com/urfave/cli.Command.startApp(0x9b52b8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9baae5, 0x10, 0x0, ...)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/command.go:298 +0x944
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: github.com/moul/sshportal/vendor/github.com/urfave/cli.Command.Run(0x9b52b8, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9baae5, 0x10, 0x0, ...)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/command.go:98 +0x136a
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: github.com/moul/sshportal/vendor/github.com/urfave/cli.(*App).Run(0xc420116540, 0xc4206cc7e0, 0x3, 0x3, 0x0, 0x0)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/urfave/cli/app.go:259 +0x740
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: main.shell(0xe355a0, 0xc4201c80b0, 0xc4203167a0, 0x12)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/shell.go:2016 +0x5bad
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: main.shellHandler(0xe355a0, 0xc4201c80b0)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/ssh.go:248 +0x696
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh.(*session).handleRequests.func1(0xc4201c80b0)
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh/session.go:219 +0x3b
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: created by github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh.(*session).handleRequests
Mar 14 11:25:25 awhsshportal1 e2a330b0dd81[10318]: #011/go/src/github.com/moul/sshportal/vendor/github.com/gliderlabs/ssh/session.go:218 +0x216

Environment:

config> info
debug mode (server): false
Hostname: e2a330b0dd81
CPUs: 8
Demo mode: false
DB Driver: mysql
DB Conn: sshportal:***@tcp(172.17.0.1:3306)/sshportal?parseTime=true
Bind Address: :2222
System Time: 2018-03-14T10:59:18.161096092Z
OS Type: linux
OS Architecture: amd64
Go routines: 35
Go version (build): go1.9.4
Uptime: 32m38.91168122s
User ID: 8
User email: ***
Version: 1.7.1+dev
GIT SHA: ec1e4d5c8a708c3535144cfdf14507dedd383e86
GIT Branch: master
GIT Tag: v1.7.1-40-gec1e4d5

Installed via docker build.

Hi,

What happened:
When trying to connect to the admin cli after ~5min of inactivity :
error: unknown ssh key
I also had errors where I could connect but he couldn't find informations in the database, like usergroups.

What you expected to happen:
Connecting successfully

How to reproduce it (as minimally and precisely as possible):
Connect as admin, disconnect, wait for 5 minutes, connect again.

Anything else we need to know?:
Looking at the logs i found this

Nov 12 16:10:26 sshportal[1933]: [mysql] 2018/11/12 16:10:26 packets.go:36: unexpected EOF
Nov 12 16:10:30 sshportal[1933]: [mysql] 2018/11/12 16:10:30 connection.go:372: invalid connection

Looks like it's related to this ? go-sql-driver/mysql#674

Environment:

• sshportal --version

/usr/local/go/bin/sshportal --version            
sshportal version 1.8.0+dev ()   

• ssh sshportal info

debug mode (server): false                                                                                                                                   
Hostname: **
CPUs: 2
Demo mode: false
DB Driver: mysql
DB Conn: sshportal:****@tcp(127.0.0.1:3306)/sshportal?charset=utf8&parseTime=true&loc=Local
Bind Address: :2222
System Time: 2018-11-12T16:34:30.907853325+01:00
OS Type: linux
OS Architecture: amd64
Go routines: 96
Go version (build): go1.10.3
Uptime: 73h40m41.205006889s
User ID: 1
User email: root@localhost
Version: 1.8.0+dev
GIT SHA: 
GIT Branch: 
GIT Tag: 

• OS (e.g. from /etc/os-release):

cat /etc/debian_version                                                                                                                   
9.5                

• install method (e.g. go/docker/brew/...): go

Hi,
I tried sshportal, and did a little homework to try understand how it's working.
I am really happy with the smart way it handles the jumps login avoiding the burden of the "ProxyCommand" things.

If I am not wrong, the remote session on the remote host server are not audited. If you are interested in such a feature I am already working on it, the idea is to provide a logfile for each session that could be read by something like ttyrec. I would be happy to provided a patch for this.

Moreover there's one last thing we may need here, it's the tunnel feature from ssh (tunnels invoked by -L or -R options in ssh). And we would like it logged (I thought about a pcap file for that). What is your opinion about this ?

What are you thinking about all this ?

Thank you for your work on sshportal !

What happened:
When trying to assign an host to an hostgroup without unassigning from another hostgroup I get
error: Error 1064: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '))' at line 1

What you expected to happen:
I expected the host being added to a new hostgroup. It might be worth mentioning it would have result in havinge this host to two hostgroups

**How to reproduce it (as minimally and precisely as possible):
host update --assign-group=3 superhost

Anything else we need to know?:
The problem seems to be located at

Hi,

When I try to make a rsync transfert through my sshportal, I get the following error :

rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: remote command not found (code 127) at io.c(226) [sender=3.1.1]

maybe it is related to the fact I only see closed connexion when I use session ls ?

My command looks like this : rsync -avz -e 'ssh -p 2222 -l MY_HOSTNAME' FILE SSHPORT_PUBLIC_IP:/PATH_TO_REMOTE_DIR

Let me add that normal ssh connections through the sshportal are working just fine.

Thanks in advance 😄

Their should be a way to update a host and its details.

Key should be updatable.

Groups should be updatable

A host should be abble to belong to multiple hostgroups