From 725f6501937cd410a071f85cf3037b8279be4179 Mon Sep 17 00:00:00 2001 From: Neur0toxine Date: Tue, 21 Nov 2023 19:04:05 +0300 Subject: [PATCH] update .gitignore & add proper example config --- .gitignore | 1 + examples/config.yml | 161 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 examples/config.yml diff --git a/.gitignore b/.gitignore index dcc8aa7..3d6b736 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ cryptolib go.work .idea config.yml +!examples/config.yml diff --git a/examples/config.yml b/examples/config.yml new file mode 100644 index 0000000..75bebc3 --- /dev/null +++ b/examples/config.yml @@ -0,0 +1,161 @@ +# Enable or disable debug logging. Default: false +debug: true +# API settings. +api: + web: + # Local port for Web API. Will be bound to localhost. + port: 25680 + token: "VbNG6T6wYmj9YHM6etuZgN35" + plugin: + # Local port for plugin API. Will listen on all interfaces because it has auth. + port: 25681 +# Docker client preferences. +docker: + # Extract client params from the environment. Default: true + from_env: true + # Cert path for the Docker client. + cert_path: ~ + # Set it to false to disable TLS cert verification. Default: true + tls_verify: true + # Docker host. Can be useful for running containers alongside remote plugin (although it sounds weird to do so). + host: ~ + # Docker version. + version: ~ +# Default server to use if `sshpoke.server` is not specified in the target container labels. +default_server: mine +# Servers configuration. +servers: + # Server name. + - name: mine + # Server driver. Each driver has its own set of params. Supported drivers: ssh, plugin, null. + driver: ssh + params: + # SSH server address + address: "your1.server:2222" + # Remote port to be used for forwarding. + forward_port: 80 + # This disables remote host resolution and forcibly uses server IP for remote host. + # It's the same as this syntax for sish: `ssh -R addr:80:localhost:80 your.sish.server` + # Set this to true if you're using sish, otherwise you'll get weird domains with IP's in them. + # Default: false + fake_remote_host: true + # Disables PTY request for this server. Default: false + nopty: true + # Requests interactive shell for SSH sessions. Should be `true` for the `commands`. + # You can also pass a string with shell binary, for example, "/bin/sh". + # Note: commands will be executed using provided shell binary. + # Note (2): some servers won't send you any data until you request a shell even without a PTY. + # You can use a combination of `nopty: true` & `shell: true`. Also, even with PTY you may need `shell` to be `true`. + # Default: false + shell: false + # Spoof client version with provided (value below is taken directly from OpenSSH). This value must be compliant with RFC-4253. + # Default: SSH-2.0-Go + client_version: "SSH-2.0-OpenSSH_9.5" + # Authentication data. + auth: + # Authentication type. Supported types: key, password, passwordless + type: key + # Remote user + user: user + # Directory with SSH keys. ssh-config from this directory will be used if `keyfile` is not provided. + # Supported ssh-config directives: HostName, Port, User, IdentityFile + # known_hosts from this directory will be used if `host_keys` is not provided. + directory: "~/.ssh" + # Expose mode (multiple domains or single domain). Allowed values: single, multi. + mode: multi + # Keep-alive settings. Remove to disable keep-alive completely. + keepalive: + # Interval for keep-alive requests in seconds. Default: 0 (disabled). + interval: 1 + # How many attempts should fail to forcibly restart the connection. Default: 0 (disabled). + max_attempts: 2 + # Regular expression that will be used to extract domain from stdout & stderr. Useful for services like sish or + # localhost.run. `commands` output will also be parsed by this regex. + # With `!name` syntax you can use some built-in expressions: + # - !webUrl - any HTTP or HTTPS URL. + # - !httpUrl - any HTTP URL. + # - !httpsUrl - any HTTPS URL. + # Default: "" (disabled). + domain_extract_regex: "!httpsUrl" + # Host keys to prevent MITM. You can obtain those via `ssh-keyscan
` (specify `-p` for non-standard port). + # Always use '|' YAML syntax here (not '>') or sshpoke won't be able to parse keys. + host_keys: | + # ssh.neur0tx.site:2222 SSH-2.0-sish + # ssh.neur0tx.site:2222 SSH-2.0-sish + # ssh.neur0tx.site:2222 SSH-2.0-sish + [ssh.neur0tx.site]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvxbqK0u8UjqEtrO/83GPS7MeoFp6C3+7KjOHd8+1GF + # ssh.neur0tx.site:2222 SSH-2.0-sish + # ssh.neur0tx.site:2222 SSH-2.0-sish + - name: ssh-demo-single-domain + driver: ssh + params: + auth: + type: key + user: user + directory: "~/.ssh" + keyfile: id_ed25519 + address: "your2.server" + forward_port: 80 + fake_remote_host: true + nopty: false + shell: "/usr/bin/bash" + mode: single + keepalive: + interval: 1 + max_attempts: 2 + domain_extract_regex: "!webUrl" + # Read output data from raw SSH packets. This can help if domain_extract_regex couldn't catch the domain. + # You can also enable debug logging - it should contain outputs from ssh server. + # Default: false + read_raw_packets: true + # Enable or disable sessions output. Disabling this will stop domain_extract_regex from reading commands output. + # Default: true + read_sessions_output: false + - name: ssh-demo-commands + driver: ssh + params: + address: "your3.server" + forward_port: 8080 + auth: + type: key + user: user + directory: "~/.ssh" + mode: multi + keepalive: + interval: 1 + max_attempts: 2 + domain_extract_regex: "!webUrl" + # Commands that will be executed on the host. + commands: + # These commands will be executed after connect. + on_connect: + - echo https://`date +%s`.proxy.test + # These commands will be executed before disconnect. + on_disconnect: + - echo disconnect from `cat /etc/hostname` + - name: ssh-demo-with-password + driver: ssh + params: + address: "ssh.neur0tx.site" + forward_port: 8081 + auth: + type: password + user: user + # Remote user password. + password: password + mode: multi + keepalive: + interval: 1 + max_attempts: 2 + domain_extract_regex: "!httpUrl" + commands: + on_connect: + - echo http://`date +%s`.proxy.test + - name: plugin-demo + driver: plugin + params: + # This token will be used by plugin while connecting to gRPC API. + token: key + - name: noop + # Null driver doesn't do anything. This driver will automatically be used for servers with invalid 'driver' value. + driver: null