The yaml plugin for sshpiperd is a simple plugin that allows you to use single yaml file to configure your sshpiperd.
some basic idea of yaml config file:
- first matched
pipe
will be used. - any
from
inpipe
fitsdownstream
authentication will be considered as thepipe
matched. username_regex_match
can be used to match with regexauthorized_keys
,private_key
,known_hosts
arepath/to/target/file
, but there are alsoauthorized_keys_data
,private_key_data
,known_hosts_data
accepting base64 inline data- magic placeholders in path, example usage:
/path/to/$UPSTREAM_USER/file
DOWNSTREAM_USER
: supported inprivate_key
,known_hosts
UPSTREAM_USER
: supported inauthorized_keys
,private_key
,known_hosts
- environment variables: supported in
authorized_keys
,private_key
,known_hosts
sshpiperd yaml --config /path/to/sshpiperd.yaml
--config value path to yaml config file [$SSHPIPERD_YAML_CONFIG]
--no-check-perm disable 0400 checking (default: false) [$SSHPIPERD_YAML_NOCHECKPERM]
# yaml-language-server: $schema=https://raw.githubusercontent.com/tg123/sshpiper/master/plugin/yaml/schema.json
version: "1.0"
pipes:
- from:
- username: "password_simple"
to:
host: host-password:2222
username: "user"
ignore_hostkey: true
- from:
- username: "password_.*_regex"
username_regex_match: true
to:
host: host-password:2222
username: "user"
ignore_hostkey: true
- from:
- username: "publickey_simple"
authorized_keys: /path/to/publickey_simple/authorized_keys
to:
host: host-publickey:2222
username: "user"
private_key: /path/to/host-publickey/id_rsa
known_hosts_data: "base64_known_hosts_data"
- from:
- username: ".*" # catch all
username_regex_match: true
authorized_keys: /path/to/catch_all/authorized_keys
to:
host: host-publickey:2222
username: "user"
ignore_hostkey: true
private_key: /path/to/host-publickey/id_rsa