Comments (5)
Hi,
There are two distinct parts in the sshportal flow:
- applying logic to verify, configure and open a connection to the real remote
- when the connection is established and the user interacts with the target host
The part 1. is entirely in-house, it tries to stay simple, and for now, I didn't have any security feedback (I know people using it in production and security people using it); please contact me / open an issue, if you find weaknesses in this part
The part 2. is very simple; it's like a proxy that forwards everything through the secure ssh connections; even if nothing can be considered as 100% secure, I'm confident that this step is "production ready".
The most important thing to check in my opinion is the server that will run sshportal
, because sshportal
uses a database and local files for logs; even in read-only, these files contain sensitive information that an attacker should never see
from sshportal.
@moul thanks for your comprehensive reply! I am using it as bastion for Kubernetes cluster, and after students sign up, the web front end will automatically provision a server and create an account through the bastion, is this a correct use case?
from sshportal.
Yes, definitely, I'm also using it in equivalent workflows
from sshportal.
We use patched version to implement single access for our developers to hundreds of client hosting servers. Besides interactive ssh sessions, we implemented non interactive automatic mounting of remote filesystems using afuse, sshfs and samba. There are some glitches (connection timeouts — solved with a patch, and we have to disable logs with nullfs), but in general it is very useful lighweight tool with well designed UX. Works pretty stable (knock on wood). Great work!
from sshportal.
@kreanda any plans to send a pull? :D
from sshportal.
Related Issues (20)
- Can't purge access list db.
- Broken dependency on sabban/bastion HOT 1
- Dependency Dashboard
- Unable to connect to older Solaris hosts.
- [Feature] Allow all connections access to specified host HOT 1
- Bug when unassign-group on user HOT 12
- MySQL foreign key constraints HOT 3
- Import of ed25519 keys
- Running SSHPortal in a container how to connect to outside SQL DB HOT 1
- Feature add: config file as database HOT 1
- How to view session logs ? HOT 3
- How to connect sshportal HOT 4
- SSHPortal accepts the first key, then disconnects, even if there are multiple in ssh-agent.
- User "Admin" is added to each usergroup created. Unable to remove.
- Is this p2p communication?
- Hide sensitive data in docker compose
- Ubuntu 20 | sshportal: command not found HOT 5
- passwordless login? HOT 2
- Sessions are closed after port-forwarded connection completes HOT 4
- sshportal enable keyboard-interactive ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sshportal.