Neur0toxine/sshpoke
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update .gitignore & add proper example config

Browse Source
This commit is contained in:
Pavel 2023-11-21 19:04:05 +03:00
parent 0f27400a48
commit 725f650193
2 changed files with 162 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -25,3 +25,4 @@ cryptolib
go.work go.work
.idea .idea
config.yml config.yml
!examples/config.yml

161
examples/config.yml Normal file
View File

@ -0,0 +1,161 @@
# Enable or disable debug logging. Default: false
debug: true
# API settings.
api:
web:
# Local port for Web API. Will be bound to localhost.
port: 25680
token: "VbNG6T6wYmj9YHM6etuZgN35"
plugin:
# Local port for plugin API. Will listen on all interfaces because it has auth.
port: 25681
# Docker client preferences.
docker:
# Extract client params from the environment. Default: true
from_env: true
# Cert path for the Docker client.
cert_path: ~
# Set it to false to disable TLS cert verification. Default: true
tls_verify: true
# Docker host. Can be useful for running containers alongside remote plugin (although it sounds weird to do so).
host: ~
# Docker version.
version: ~
# Default server to use if `sshpoke.server` is not specified in the target container labels.
default_server: mine
# Servers configuration.
servers:
# Server name.
- name: mine
# Server driver. Each driver has its own set of params. Supported drivers: ssh, plugin, null.
driver: ssh
params:
# SSH server address
address: "your1.server:2222"
# Remote port to be used for forwarding.
forward_port: 80
# This disables remote host resolution and forcibly uses server IP for remote host.
# It's the same as this syntax for sish: `ssh -R addr:80:localhost:80 your.sish.server`
# Set this to true if you're using sish, otherwise you'll get weird domains with IP's in them.
# Default: false
fake_remote_host: true
# Disables PTY request for this server. Default: false
nopty: true
# Requests interactive shell for SSH sessions. Should be `true` for the `commands`.
# You can also pass a string with shell binary, for example, "/bin/sh".
# Note: commands will be executed using provided shell binary.
# Note (2): some servers won't send you any data until you request a shell even without a PTY.
# You can use a combination of `nopty: true` & `shell: true`. Also, even with PTY you may need `shell` to be `true`.
# Default: false
shell: false
# Spoof client version with provided (value below is taken directly from OpenSSH). This value must be compliant with RFC-4253.
# Default: SSH-2.0-Go
client_version: "SSH-2.0-OpenSSH_9.5"
# Authentication data.
auth:
# Authentication type. Supported types: key, password, passwordless
type: key
# Remote user
user: user
# Directory with SSH keys. ssh-config from this directory will be used if `keyfile` is not provided.
# Supported ssh-config directives: HostName, Port, User, IdentityFile
# known_hosts from this directory will be used if `host_keys` is not provided.
directory: "~/.ssh"
# Expose mode (multiple domains or single domain). Allowed values: single, multi.
mode: multi
# Keep-alive settings. Remove to disable keep-alive completely.
keepalive:
# Interval for keep-alive requests in seconds. Default: 0 (disabled).
interval: 1
# How many attempts should fail to forcibly restart the connection. Default: 0 (disabled).
max_attempts: 2
# Regular expression that will be used to extract domain from stdout & stderr. Useful for services like sish or
# localhost.run. `commands` output will also be parsed by this regex.
# With `!name` syntax you can use some built-in expressions:
# - !webUrl - any HTTP or HTTPS URL.
# - !httpUrl - any HTTP URL.
# - !httpsUrl - any HTTPS URL.
# Default: "" (disabled).
domain_extract_regex: "!httpsUrl"
# Host keys to prevent MITM. You can obtain those via `ssh-keyscan <address>` (specify `-p` for non-standard port).
# Always use '|' YAML syntax here (not '>') or sshpoke won't be able to parse keys.
host_keys: |
# ssh.neur0tx.site:2222 SSH-2.0-sish
# ssh.neur0tx.site:2222 SSH-2.0-sish
# ssh.neur0tx.site:2222 SSH-2.0-sish
[ssh.neur0tx.site]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvxbqK0u8UjqEtrO/83GPS7MeoFp6C3+7KjOHd8+1GF
# ssh.neur0tx.site:2222 SSH-2.0-sish
# ssh.neur0tx.site:2222 SSH-2.0-sish
- name: ssh-demo-single-domain
driver: ssh
params:
auth:
type: key
user: user
directory: "~/.ssh"
keyfile: id_ed25519
address: "your2.server"
forward_port: 80
fake_remote_host: true
nopty: false
shell: "/usr/bin/bash"
mode: single
keepalive:
interval: 1
max_attempts: 2
domain_extract_regex: "!webUrl"
# Read output data from raw SSH packets. This can help if domain_extract_regex couldn't catch the domain.
# You can also enable debug logging - it should contain outputs from ssh server.
# Default: false
read_raw_packets: true
# Enable or disable sessions output. Disabling this will stop domain_extract_regex from reading commands output.
# Default: true
read_sessions_output: false
- name: ssh-demo-commands
driver: ssh
params:
address: "your3.server"
forward_port: 8080
auth:
type: key
user: user
directory: "~/.ssh"
mode: multi
keepalive:
interval: 1
max_attempts: 2
domain_extract_regex: "!webUrl"
# Commands that will be executed on the host.
commands:
# These commands will be executed after connect.
on_connect:
- echo https://`date +%s`.proxy.test
# These commands will be executed before disconnect.
on_disconnect:
- echo disconnect from `cat /etc/hostname`
- name: ssh-demo-with-password
driver: ssh
params:
address: "ssh.neur0tx.site"
forward_port: 8081
auth:
type: password
user: user
# Remote user password.
password: password
mode: multi
keepalive:
interval: 1
max_attempts: 2
domain_extract_regex: "!httpUrl"
commands:
on_connect:
- echo http://`date +%s`.proxy.test
- name: plugin-demo
driver: plugin
params:
# This token will be used by plugin while connecting to gRPC API.
token: key
- name: noop
# Null driver doesn't do anything. This driver will automatically be used for servers with invalid 'driver' value.
driver: null