Linux Certif

Toute la documentation sur la certification Linux LPI

sshproxy.ini

NAME

sshproxy.ini - sshproxy configuration file

FORMAT

The configuration file sshproxy.ini is a simple INI file containing several sections.

SECTION [sshproxy]

This is the main section of the configuration file.

bindip

Bind sshproxy to the given IP address. Default (when empty) is to bind to all adresses (0.0.0.0).

port

Bind to port. Default is 2242.

plugin_dir

Where the plugins are located. Defaults to /usr/lib/sshproxy.

logger_conf

Point to the logger.conf file. Default is

/usr/share/sshproxy/logger.conf.

log_dir

This directory will contain debug logs from paramiko and sshproxy. Defaults to @log.

pkey_id

The id string of the sshproxyd(8) public key, used when a client connects with the option --get-pkey. Defaults to sshproxy@penguin.fr.

auto_add_key

If no, the client's public key will not be added in the database (equivalent to the authorized_keys file for sshd). If yes, the client's public key will always be added, no matter how many keys are already in the database. You can give a number to limit the number of keys automatically added. Defaults to no.

client_db

The type of backend to use to handle the clients database. This is the name of the chosen plugin.

acl_db

The type of backend to use to handle the ACL database. This is the name of the chosen plugin.

site_db

The type of backend to use to handle the sites database. This is the name of the chosen plugin.

plugin_list

Space separated list of plugins to load at startup. Plugins are located by default in /usr/share/sshproxy. You MUST give at least one backend plugin (*_db).

cipher_type

The cipher type to use, one of plain, base64 or blowfish (default).

SECTION [blowfish]

This section configures the blowfish cipher engine.

secret

The secret passphrase for the blowfish cipher engine. It MUST be at least 10 characters long.

SECTIONS [client_db.ini] [acl_db.ini] [site_db.ini]

These sections configure the three databases of the ini_db backend.

file (applies to client_db, acl_db)

The path to the database file. Defaults are resp. @client_db and @acl_db.

db_path (applies to site_db)

The path to the database directory. Defaults to @site_db.

SECTIONS [client_db.mysql] [acl_db.mysql] [site_db.mysql]

These sections configure the three databases of the mysql_db backend.

host

The IP address or resolvable name of the database host. Defaults to localhost.

port

The database host port. Defaults to 3306.

db

The database name. Defaults to sshproxy.

user

The database user. Defaults to sshproxy.

password

The database user password. Defaults to sshproxypw, but you should change it.

EXAMPLES

Here is a complete configuration file which tells sshproxyd(8) to use the ini_db plugin for the ACL database, and the mysql_db plugin for client and site databases:

 [sshproxy]
 bindip =
 port = 2242
 plugin_dir = /usr/lib/sshproxy
 logger_conf = /usr/share/sshproxy/logger.conf
 log_dir = @log
 pkey_id = sshproxy@penguin.fr
 auto_add_key = no
 client_db = mysql_db
 acl_db = ini_db
 site_db = mysql_db
 plugin_list = ini_db mysql_db
 cipher_type = blowfish
 
 [blowfish]
 secret = This should be a valid passphrase
 
 [acl_db.ini]
 file = @acl.db
 
 [client_db.mysql]
 db = sshproxy
 host = localhost
 user = sshproxy
 password = sshproxypw
 port = 3306
 
 [site_db.mysql]
 db = sshproxy
 host = localhost
 user = sshproxy
 password = sshproxypw
 port = 3306
 
 

 

FILES

~/.sshproxy/sshproxy.ini

The main configuration file. See sshproxy.ini for further details.

~/.sshproxy/id_dsa

The private hostkey file. This hostkey is automatically generated by sshproxyd(8) at startup if it doesn't exist.

AUTHOR

David Guerizec <david@guerizec.net>

SEE ALSO

sshproxy-setup(1), sshproxyd(8), pssh(1), pscp(1),

The sshproxy home page: <http://sshproxy-project.org/>

The sshproxy online documentation:

<http://sshproxy-project.org/documentation/>