# Enable or disable debug logging. Default: false debug: true # API settings. api: rest: # Local port for REST API. Will be bound to localhost. port: 25680 token: "VbNG6T6wYmj9YHM6etuZgN35" plugin: # Local port for plugin API. Will listen on all interfaces because it has auth. port: 25681 # Docker client preferences. docker: # Extract client params from the environment. Default: true from_env: true # Cert path for the Docker client. cert_path: ~ # Set it to false to disable TLS cert verification. Default: true tls_verify: true # Docker host. Can be useful for running containers alongside remote plugin (although it sounds weird to do so). host: ~ # Docker version. version: ~ # Default server to use if `sshpoke.server` is not specified in the target container labels. default_server: mine # Services configuration. These values will have higher priority than the container labels. services: # Container ID, one of container names or matcher regex. This value will be used to determine which container will # receive the labels from 'params' section. Add / at the start and the end of the value to use it as regex. # Examples: # - name: a77eaa474cc634f0e4da4d4b72ebf71c03d1ae69329a07e42b830375e247e613 # Match by container ID (exact matcher). # - name: my-container # Match by container name (exact matcher). # - name: /my-container/ # Match by container name via regular expression (e.g. 'my-container_1' will also match). - name: /service-web/ # Same params as container labels but without 'sshpoke.' prefix. params: # Enable sshpoke for service. Replaces 'sshpoke.enable' in container labels. enable: true # Specifies container network. Replaces 'sshpoke.network' in container labels. network: service_default # Specifies server which will be used. Replaces 'sshpoke.server' in container labels. server: ssh-demo-sish # Specifies container port to be shared. Replaces 'sshpoke.port' in container labels. port: 80 # Specifies remote host to be used. Replaces 'sshpoke.remote_host' in container labels. remote_host: remotehost # Servers configuration. servers: # Server name. - name: ssh-demo-sish # Server driver. Each driver has its own set of params. Supported drivers: ssh, plugin, null. driver: ssh params: # SSH server address address: "your1.server:2222" # Remote port to be used for forwarding. forward_port: 80 # This disables remote host resolution and forcibly uses server IP for remote host. # It's the same as this syntax for sish: `ssh -R addr:80:localhost:80 your.sish.server` # Set this to true if you're using sish, otherwise you'll get weird domains with IP's in them. # Default: false fake_remote_host: true # Requests interactive shell for SSH sessions. Should be `true` for the `commands`. # You can also pass a string with shell binary, for example, "/bin/sh". # Note: commands will be executed using provided shell binary. # Note (2): some servers won't send you any data until you request a shell. # Default: true shell: false # Spoof client version with provided (value below is taken directly from OpenSSH). This value must be compliant with RFC-4253. # Default: SSH-2.0-Go client_version: "SSH-2.0-OpenSSH_9.5" # Authentication data. auth: # Authentication type. Supported types: key, password, passwordless type: key # Remote user user: user # Directory with SSH keys. ssh-config from this directory will be used if `keyfile` is not provided. # Supported ssh-config directives: HostName, Port, User, IdentityFile # known_hosts from this directory will be used if `host_keys` is not provided. directory: "~/.ssh" # Expose mode (multiple domains or single domain). Allowed values: single, multi. mode: multi # Keep-alive settings. Remove to disable keep-alive completely. keepalive: # Interval for keep-alive requests in seconds. Default: 0 (disabled). interval: 1 # How many attempts should fail to forcibly restart the connection. Default: 0 (disabled). max_attempts: 2 # Regular expression that will be used to extract domain from stdout & stderr. Useful for services like sish or # localhost.run. `commands` output will also be parsed by this regex. # With `!name` syntax you can use some built-in expressions: # - !webUrl - any HTTP or HTTPS URL. # - !httpUrl - any HTTP URL. # - !httpsUrl - any HTTPS URL. # Default: "" (disabled). domain_extract_regex: "!httpsUrl" # Host keys to prevent MITM. You can obtain those via `ssh-keyscan
` (specify `-p` for non-standard port). # Always use '|' YAML syntax here (not '>') or sshpoke won't be able to parse keys. host_keys: | # ssh.neur0tx.site:2222 SSH-2.0-sish # ssh.neur0tx.site:2222 SSH-2.0-sish # ssh.neur0tx.site:2222 SSH-2.0-sish [ssh.neur0tx.site]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvxbqK0u8UjqEtrO/83GPS7MeoFp6C3+7KjOHd8+1GF # ssh.neur0tx.site:2222 SSH-2.0-sish # ssh.neur0tx.site:2222 SSH-2.0-sish - name: ssh-demo-single-domain driver: ssh params: auth: type: key user: user directory: "~/.ssh" keyfile: id_ed25519 address: "your2.server" forward_port: 80 fake_remote_host: true shell: "/usr/bin/bash" mode: single keepalive: interval: 1 max_attempts: 2 domain_extract_regex: "!webUrl" # Read output data from raw SSH packets. This can help if domain_extract_regex couldn't catch the domain. # You can also enable debug logging - it should contain outputs from ssh server. # Default: false read_raw_packets: true # Enable or disable sessions output. Disabling this will stop domain_extract_regex from reading commands output. # Default: true read_sessions_output: false - name: ssh-demo-commands driver: ssh params: address: "your3.server" forward_port: 8080 auth: type: key user: user directory: "~/.ssh" mode: multi keepalive: interval: 1 max_attempts: 2 domain_extract_regex: "!webUrl" # Commands that will be executed on the host. commands: # These commands will be executed after connect. on_connect: - echo https://`date +%s`.proxy.test # These commands will be executed before disconnect. on_disconnect: - echo disconnect from `cat /etc/hostname` - name: ssh-demo-with-password driver: ssh params: address: "ssh.neur0tx.site" forward_port: 8081 auth: type: password user: user # Remote user password. password: password mode: multi keepalive: interval: 1 max_attempts: 2 domain_extract_regex: "!httpUrl" commands: on_connect: - echo http://`date +%s`.proxy.test - name: plugin-demo driver: plugin params: # This token will be used by plugin while connecting to gRPC API. token: key - name: noop # Nil driver doesn't do anything. This driver will automatically be used for servers with invalid 'driver' value. driver: nil