Skip to content

Tauop/sshGate

Repository files navigation

== Welcome to sshGate server ==

sshGate is a tool which helps to configure an OpenSSH server in order to have
a SSH proxy. sshGate uses the double SSH method to be able to connect to
a target host. In fact, sshGate has private ssh-keys of target hosts, makes
ACL checks and can log what users do on a given target host.

                        /-------> target host N
                       /-------->     . . .
         user ----> sshGate ----> target host 1
                      |-> ACL
                      |-> targets private sshkeys
                      |-> users public sshkeys

sshGate is under GPLv2 license.

Server project is located at http://github.com/Tauop/sshGate
Client project is located at http://github.com/Tauop/sshGate-client
ScriptHelper project is located at http://github.com/Tauop/ScriptHelper


== Install & Upgrade ==

If you crab the source for github.com, you need to build a sshGate-server tarball.
For more information : https://github.com/Tauop/sshGate/wiki/BuildPackages

Just run the ./install.sh script and answer to questions.
It you make a upgrade, the installed configuration can be re-used, and
data migration can be performed.

For more information : https://github.com/Tauop/sshGate/wiki/ServerInstallation

== Documentation == 

The project documentation is available on the github wiki at http://github.com/Tauop/sshGate/wiki


== Configuration ==

After installation, sshGate configuration can be changed through the sshgate-configure script,
or you can change settings values in the /etc/sshgate.conf files. This configuration file sets
main settings, and can override internal settings too.

Main settings :
- SSHGATE_VERSION : version of sshGate (do not edit)
- SSHGATE_BUILD : the build number of sshGate (internal use - do not edit)
- SSHGATE_DIRECTORY : root directory of sshGate program
- SCRIPT_HELPER_DIRECTORY : ScriptHelper dependance directory
- SSHGATE_GATE_ACCOUNT : the unix account used by sshGate
- SSHGATE_ALLOW_REMOTE_COMMAND : Do we allow remote command like "sshg 'cmd list targets'" ? default: Y
- SSHGATE_USE_REMOTE_ADMIN_CLI : Do we allow remote administration CLI ? default: Y
- SSHGATE_USERS_MUST_ACCEPT_TOS : Do users have to accept TOS at the first connection ? default: Y
- SSHGATE_EDITOR : editor program to use by sshGate. default: ${EDITOR}
- SSHGATE_TARGETS_SCP_PATH : default SCP path when it's not specified. default: ~/
- SSHGATE_TARGET_DEFAULT_SSH_LOGIN : default ssh login to use when connecting to target host. default: root
- SSHGATE_DEFAULT_LANGUAGE : The default language of sshGate users
- SSHGATE_MAIL_SEND : Is sshGate mail notification activated ? default: N
- SSHGATE_MAIL_TO : mail to this mail adresse if [SSHGATE_MAIL_SEND] is 'Y'
- SSHGATE_MAIL_SUBJECT : E-mail subject to use

other settings which can be override in /etc/sshgate.conf
- SSHGATE_DIR_DATA : sshGate data root directory
- SSHGATE_DIR_TEMPLATES : Directory containing multi-language templates
- SSHGATE_DIR_BIN : binaries of sshGate. default = [SSHGATE_DIRECTORY]/bin
- SSHGATE_DIR_CORE : all sshGate 'func' and 'core' files (internal sshGate library)
- SSHGATE_DIR_TEST : sshGate test files
- SSHGATE_DIR_USERS : users data (ssh keys and properties)
- SSHGATE_DIR_TARGETS : targets data (ssh keys, properties, access, logins, ...)
- SSHGATE_DIR_USERS_GROUPS : usergroups data
- SSHGATE_DIR_LOGS : logs root directory
- SSHGATE_DIR_LOGS_TARGETS : targets logs directory
- SSHGATE_DIR_LOGS_USERS : users logs directory
- SSHGATE_DIR_ARCHIVE : logs archives directory
- SSHGATE_TARGET_PRIVATE_SSHKEY_FILENAME : filename of the target private ssh key
- SSHGATE_TARGET_PUBLIC_SSHKEY_FILENAME : filename of the target public ssh key
- SSHGATE_TARGET_DEFAULT_PRIVATE_SSHKEY_FILE : path to the default target private ssh key file
- SSHGATE_TARGET_DEFAULT_PUBLIC_SSHKEY_FILE : path to the default target public ssh key file
- SSHGATE_TARGETS_USER_ACCESS_FILENAME : name of the target users access file
- SSHGATE_TARGETS_USERGROUP_ACCESS_FILENAME : name of the target usergroup access file
- SSHGATE_TARGETS_SSH_CONFIG_FILENAME : name of the target ssh configuration file
- SSHGATE_TARGETS_SSH_LOGINS_FILENAME : name of the target ssh login list file
- SSHGATE_LOGS_CURRENT_SESSION_FILE : path to the current session log file
- SSHGATE_TOS_FILENAME : name of the file containing TOS