# Enable or disable debug logging. debug: true # API settings. api: # Local port for Web API. Will be bound to localhost. web_port: 25680 # Local port for plugin API. Will listen on all interfaces because it has auth. plugin_port: 25681 # Docker client preferences. docker: # Extract client params from the environment. from_env: true # Cert path for the Docker client. cert_path: ~ # Set it to false to disable TLS cert verification. tls_verify: true # Docker host. Can be useful for running containers alongside remote plugin (although it sounds weird to do so). host: ~ # Docker version. version: ~ # Default server to use if `sshpoke.server` is not specified in the target container labels. default_server: mine # Servers configuration. servers: # Server name. - name: mine # Server driver. Each driver has its own set of params. Supported drivers: ssh, plugin, null. driver: ssh params: # SSH server address address: "your1.server:2222" # Remote port to be used for forwarding. forward_port: 80 # This disables remote host resolution and forcibly uses server IP for remote host. # It's the same as this syntax for sish: `ssh -R addr:80:localhost:80 your.sish.server` # Set this to true if you're using sish, otherwise you'll get weird domains with IP's in them. fake_remote_host: true # Disables PTY request for this server. nopty: true # Requests interactive shell for SSH sessions. Should be `true` for the `commands`. # You can also pass a string with shell binary, for example, "/bin/sh". # Note: commands will be executed using provided shell binary. shell: false # Spoof client version with provided (value below is taken directly from OpenSSH). This value must be compliant with RFC-4253. client_version: "SSH-2.0-OpenSSH_9.5" # Authentication data. auth: # Authentication type. Supported types: key, password, passwordless type: key # Remote user user: user # Directory with SSH keys. ssh-config from this directory will be used if `keyfile` is not provided. # Only some of the ssh-config attributes are used. directory: "~/.ssh" # Expose mode (multiple domains or single domain). Allowed values: single, multi. mode: multi # Keep-alive settings. Remove to disable keep-alive completely. keepalive: # Interval for keep-alive requests in seconds. interval: 1 # How many attempts should fail to forcibly restart the connection. max_attempts: 2 # Regular expression that will be used to extract domain from stdout & stderr. Useful for services like sish or # localhost.run. `commands` output will also be parsed by this regex. # With `!name` syntax you can use some built-in expressions: # - !webUrl - any HTTP or HTTPS URL. # - !httpUrl - any HTTP URL. # - !httpsUrl - any HTTPS URL. domain_extract_regex: "!httpsUrl" # Host keys to prevent MITM. You can obtain those via `ssh-keyscan
` (specify `-p` for non-standard port). # Always use '|' YAML syntax here (not '>') or sshpoke won't be able to parse keys. host_keys: | # ssh.neur0tx.site:2222 SSH-2.0-sish # ssh.neur0tx.site:2222 SSH-2.0-sish # ssh.neur0tx.site:2222 SSH-2.0-sish [ssh.neur0tx.site]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvxbqK0u8UjqEtrO/83GPS7MeoFp6C3+7KjOHd8+1GF # ssh.neur0tx.site:2222 SSH-2.0-sish # ssh.neur0tx.site:2222 SSH-2.0-sish - name: ssh-demo-single-domain driver: ssh params: auth: type: key user: user directory: "~/.ssh" keyfile: id_ed25519 address: "your2.server" forward_port: 80 fake_remote_host: true nopty: false shell: "/usr/bin/bash" mode: single keepalive: interval: 1 max_attempts: 2 domain_extract_regex: "!webUrl" - name: ssh-demo-commands driver: ssh params: address: "your3.server" forward_port: 8080 auth: type: key user: user directory: "~/.ssh" mode: multi keepalive: interval: 1 max_attempts: 2 domain_extract_regex: "!webUrl" # Commands that will be executed on the host. commands: # These commands will be executed after connect. on_connect: - echo https://`date +%s`.proxy.test # These commands will be executed before disconnect. on_disconnect: - echo disconnect from `cat /etc/hostname` - name: ssh-demo-with-password driver: ssh params: address: "ssh.neur0tx.site" forward_port: 8081 auth: type: password user: user # Remote user password. password: password mode: multi keepalive: interval: 1 max_attempts: 2 domain_extract_regex: "!httpUrl" commands: on_connect: - echo http://`date +%s`.proxy.test - name: plugin-demo driver: plugin params: # This token will be used by plugin while connecting to gRPC API. token: key - name: noop # Null driver doesn't do anything. This driver will automatically be used for servers with invalid 'driver' value. driver: null