2023-11-21 19:04:05 +03:00
|
|
|
# Enable or disable debug logging. Default: false
|
|
|
|
debug: true
|
|
|
|
# API settings.
|
|
|
|
api:
|
2023-11-22 23:31:35 +03:00
|
|
|
rest:
|
|
|
|
# Local port for REST API. Will be bound to localhost.
|
2023-11-21 19:04:05 +03:00
|
|
|
port: 25680
|
|
|
|
token: "VbNG6T6wYmj9YHM6etuZgN35"
|
|
|
|
plugin:
|
|
|
|
# Local port for plugin API. Will listen on all interfaces because it has auth.
|
|
|
|
port: 25681
|
|
|
|
# Docker client preferences.
|
|
|
|
docker:
|
|
|
|
# Extract client params from the environment. Default: true
|
|
|
|
from_env: true
|
|
|
|
# Cert path for the Docker client.
|
|
|
|
cert_path: ~
|
|
|
|
# Set it to false to disable TLS cert verification. Default: true
|
|
|
|
tls_verify: true
|
|
|
|
# Docker host. Can be useful for running containers alongside remote plugin (although it sounds weird to do so).
|
|
|
|
host: ~
|
|
|
|
# Docker version.
|
|
|
|
version: ~
|
|
|
|
# Default server to use if `sshpoke.server` is not specified in the target container labels.
|
|
|
|
default_server: mine
|
2023-11-29 18:52:59 +03:00
|
|
|
# Services configuration. These values will have higher priority than the container labels.
|
|
|
|
services:
|
|
|
|
# Container ID, one of container names or matcher regex. This value will be used to determine which container will
|
|
|
|
# receive the labels from 'params' section. Add / at the start and the end of the value to use it as regex.
|
|
|
|
# Examples:
|
|
|
|
# - name: a77eaa474cc634f0e4da4d4b72ebf71c03d1ae69329a07e42b830375e247e613 # Match by container ID (exact matcher).
|
|
|
|
# - name: my-container # Match by container name (exact matcher).
|
|
|
|
# - name: /my-container/ # Match by container name via regular expression (e.g. 'my-container_1' will also match).
|
|
|
|
- name: /service-web/
|
|
|
|
# Same params as container labels but without 'sshpoke.' prefix.
|
|
|
|
params:
|
|
|
|
# Enable sshpoke for service. Replaces 'sshpoke.enable' in container labels.
|
|
|
|
enable: true
|
|
|
|
# Specifies container network. Replaces 'sshpoke.network' in container labels.
|
|
|
|
network: service_default
|
|
|
|
# Specifies server which will be used. Replaces 'sshpoke.server' in container labels.
|
|
|
|
server: ssh-demo-sish
|
|
|
|
# Specifies container port to be shared. Replaces 'sshpoke.port' in container labels.
|
|
|
|
port: 80
|
|
|
|
# Specifies remote host to be used. Replaces 'sshpoke.remote_host' in container labels.
|
|
|
|
remote_host: remotehost
|
2023-11-21 19:04:05 +03:00
|
|
|
# Servers configuration.
|
|
|
|
servers:
|
|
|
|
# Server name.
|
2023-11-29 18:52:59 +03:00
|
|
|
- name: ssh-demo-sish
|
2023-11-21 19:04:05 +03:00
|
|
|
# Server driver. Each driver has its own set of params. Supported drivers: ssh, plugin, null.
|
|
|
|
driver: ssh
|
|
|
|
params:
|
|
|
|
# SSH server address
|
|
|
|
address: "your1.server:2222"
|
|
|
|
# Remote port to be used for forwarding.
|
|
|
|
forward_port: 80
|
|
|
|
# This disables remote host resolution and forcibly uses server IP for remote host.
|
|
|
|
# It's the same as this syntax for sish: `ssh -R addr:80:localhost:80 your.sish.server`
|
|
|
|
# Set this to true if you're using sish, otherwise you'll get weird domains with IP's in them.
|
|
|
|
# Default: false
|
|
|
|
fake_remote_host: true
|
|
|
|
# Requests interactive shell for SSH sessions. Should be `true` for the `commands`.
|
|
|
|
# You can also pass a string with shell binary, for example, "/bin/sh".
|
|
|
|
# Note: commands will be executed using provided shell binary.
|
2023-11-21 20:02:07 +03:00
|
|
|
# Note (2): some servers won't send you any data until you request a shell.
|
|
|
|
# Default: true
|
2023-11-21 19:04:05 +03:00
|
|
|
shell: false
|
|
|
|
# Spoof client version with provided (value below is taken directly from OpenSSH). This value must be compliant with RFC-4253.
|
|
|
|
# Default: SSH-2.0-Go
|
|
|
|
client_version: "SSH-2.0-OpenSSH_9.5"
|
|
|
|
# Authentication data.
|
|
|
|
auth:
|
|
|
|
# Authentication type. Supported types: key, password, passwordless
|
|
|
|
type: key
|
|
|
|
# Remote user
|
|
|
|
user: user
|
|
|
|
# Directory with SSH keys. ssh-config from this directory will be used if `keyfile` is not provided.
|
|
|
|
# Supported ssh-config directives: HostName, Port, User, IdentityFile
|
|
|
|
# known_hosts from this directory will be used if `host_keys` is not provided.
|
|
|
|
directory: "~/.ssh"
|
|
|
|
# Expose mode (multiple domains or single domain). Allowed values: single, multi.
|
|
|
|
mode: multi
|
|
|
|
# Keep-alive settings. Remove to disable keep-alive completely.
|
|
|
|
keepalive:
|
|
|
|
# Interval for keep-alive requests in seconds. Default: 0 (disabled).
|
|
|
|
interval: 1
|
|
|
|
# How many attempts should fail to forcibly restart the connection. Default: 0 (disabled).
|
|
|
|
max_attempts: 2
|
|
|
|
# Regular expression that will be used to extract domain from stdout & stderr. Useful for services like sish or
|
|
|
|
# localhost.run. `commands` output will also be parsed by this regex.
|
|
|
|
# With `!name` syntax you can use some built-in expressions:
|
|
|
|
# - !webUrl - any HTTP or HTTPS URL.
|
|
|
|
# - !httpUrl - any HTTP URL.
|
|
|
|
# - !httpsUrl - any HTTPS URL.
|
|
|
|
# Default: "" (disabled).
|
|
|
|
domain_extract_regex: "!httpsUrl"
|
|
|
|
# Host keys to prevent MITM. You can obtain those via `ssh-keyscan <address>` (specify `-p` for non-standard port).
|
|
|
|
# Always use '|' YAML syntax here (not '>') or sshpoke won't be able to parse keys.
|
|
|
|
host_keys: |
|
|
|
|
# ssh.neur0tx.site:2222 SSH-2.0-sish
|
|
|
|
# ssh.neur0tx.site:2222 SSH-2.0-sish
|
|
|
|
# ssh.neur0tx.site:2222 SSH-2.0-sish
|
|
|
|
[ssh.neur0tx.site]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvxbqK0u8UjqEtrO/83GPS7MeoFp6C3+7KjOHd8+1GF
|
|
|
|
# ssh.neur0tx.site:2222 SSH-2.0-sish
|
|
|
|
# ssh.neur0tx.site:2222 SSH-2.0-sish
|
|
|
|
- name: ssh-demo-single-domain
|
|
|
|
driver: ssh
|
|
|
|
params:
|
|
|
|
auth:
|
|
|
|
type: key
|
|
|
|
user: user
|
|
|
|
directory: "~/.ssh"
|
|
|
|
keyfile: id_ed25519
|
|
|
|
address: "your2.server"
|
|
|
|
forward_port: 80
|
|
|
|
fake_remote_host: true
|
|
|
|
shell: "/usr/bin/bash"
|
|
|
|
mode: single
|
|
|
|
keepalive:
|
|
|
|
interval: 1
|
|
|
|
max_attempts: 2
|
|
|
|
domain_extract_regex: "!webUrl"
|
|
|
|
# Read output data from raw SSH packets. This can help if domain_extract_regex couldn't catch the domain.
|
|
|
|
# You can also enable debug logging - it should contain outputs from ssh server.
|
|
|
|
# Default: false
|
|
|
|
read_raw_packets: true
|
|
|
|
# Enable or disable sessions output. Disabling this will stop domain_extract_regex from reading commands output.
|
|
|
|
# Default: true
|
|
|
|
read_sessions_output: false
|
|
|
|
- name: ssh-demo-commands
|
|
|
|
driver: ssh
|
|
|
|
params:
|
|
|
|
address: "your3.server"
|
|
|
|
forward_port: 8080
|
|
|
|
auth:
|
|
|
|
type: key
|
|
|
|
user: user
|
|
|
|
directory: "~/.ssh"
|
|
|
|
mode: multi
|
|
|
|
keepalive:
|
|
|
|
interval: 1
|
|
|
|
max_attempts: 2
|
|
|
|
domain_extract_regex: "!webUrl"
|
|
|
|
# Commands that will be executed on the host.
|
|
|
|
commands:
|
|
|
|
# These commands will be executed after connect.
|
|
|
|
on_connect:
|
|
|
|
- echo https://`date +%s`.proxy.test
|
|
|
|
# These commands will be executed before disconnect.
|
|
|
|
on_disconnect:
|
|
|
|
- echo disconnect from `cat /etc/hostname`
|
|
|
|
- name: ssh-demo-with-password
|
|
|
|
driver: ssh
|
|
|
|
params:
|
|
|
|
address: "ssh.neur0tx.site"
|
|
|
|
forward_port: 8081
|
|
|
|
auth:
|
|
|
|
type: password
|
|
|
|
user: user
|
|
|
|
# Remote user password.
|
|
|
|
password: password
|
|
|
|
mode: multi
|
|
|
|
keepalive:
|
|
|
|
interval: 1
|
|
|
|
max_attempts: 2
|
|
|
|
domain_extract_regex: "!httpUrl"
|
|
|
|
commands:
|
|
|
|
on_connect:
|
|
|
|
- echo http://`date +%s`.proxy.test
|
|
|
|
- name: plugin-demo
|
|
|
|
driver: plugin
|
|
|
|
params:
|
|
|
|
# This token will be used by plugin while connecting to gRPC API.
|
|
|
|
token: key
|
|
|
|
- name: noop
|
2023-11-22 22:21:11 +03:00
|
|
|
# Nil driver doesn't do anything. This driver will automatically be used for servers with invalid 'driver' value.
|
|
|
|
driver: nil
|