yaml定义的ssh隧道、socks5代理和sshfs挂载
RabbitHole-SSH的Python项目详细描述
拉比孔
Alice started to her feet, for it flashed across her mind that she had never before seen a rabbit with either a waistcoat-pocket, or a watch to take out of it, and burning with curiosity, she ran across the field after it, and was just in time to see it pop down a large rabbit-hole under the hedge.
这是给谁的?
对于使用ssh隧道(正向和反向)、http/https代理或需要通过ssh安装远程目录的任何人。
功能
- 考虑ssh隧道的简单方法
- 定义ssh隧道的简单yaml语法
- 支持正向和反向通道
- 支持基于密钥和密码的身份验证
- 支持定义基于ssh的代理
- 支持安装ssh目录
- 持续的隧道。断开的连接将自动恢复
安装
快速启动
- 在当前目录下创建一个文件
rabbithole.yaml
,并粘贴到下面的代码片段中,用ssh服务器的ip或主机名替换主机名,相应地更改其他属性:
node:-name:myserverhostname:HOSTNAMEport:22user:rootverifyhost:false-name:localhostname:localhostmap:-from:2222to:myserver:22
- 运行命令
rabbithole
。
现在您有一个从localhost:2222到myserver:22的隧道。用ssh -p 2222 root@localhost
测试您的访问权限。
请参阅Examples部分中的更多示例。
文档
语法定义
node:-name:NAME# an identifier for a SSH hosthostname:HOSTNAME# ip or hostname for the SSH serverport:PORT# (Optional) a port number, default to 22key:PATH# (Optional) specify the private key to usepassword:PASSWORD# (Optional) password to use for the connectionuser:USERNAME# (Optional) username to use, default to "root"verifyhost:BOOL# (Optional) whether or not to verify SSH host when connecting, default to truessh_options:[OPT=VAL,...]# (Optional) Additional SSH options when connectingmap:-from:NODE_NAME:PORT# This is the entry point of the tunnel, NODE_NAME default to localhost if omitted, PORT is requiredto:NODE_NAME:PORT# This is the exit of the tunnel, NODE_NAME default to localhost if omitted, PORT is requiredbind:IP# (Optional) which ip to bind the tunnel to. IP default to 'localhost'. Use 'all' to bind to all interfaces.proxy:-from:PORT# This is the entry point of the proxyto:NODE_NAME# This is the proxy SSH nodebind:IP# (Optional) which ip to bind the proxy to. IP default to 'localhost'. Use 'all' to bind to all interfaces.mount:-from:PATH# This is the entry point of the SSHFS mountto:NODE_NAME:PATH# This is the exit of the SSHFS mount, PATH default to home directory if omitted, NODE_NAME is requiredmkdir:BOOL# (Optional) Whether to create the mount point if does not exist, default to false
配置文件
rabbithole的yaml配置文件需要放在当前目录下,~/rabbithole.yaml
,或/etc/rabbithole.yaml
。按此顺序尝试文件,并使用第一个文件。
示例
- 节点定义
node:-name:server1hostname:server1-name:password_only_serverhostname:password.example.orgpassword:"notmypassword!"user:user-name:an_aws_serverhostname:123.123.123.123key:~/.ssh/ec2_key.pemuser:ec2-userverifyhost:no-name:hidden_ssh_serverhostname:not22.example.orgport:2222
- 前方隧道
map:# localhost:1234 tunneled to myserver:22-from:1234# NODE_NAME default to localhostto:myserver:22# localhost:8080 tunneled to nginx:80-from:localhost:8080to:nginx:80
- 反向通道
map:# SSH access bypassing a firewall-from:myserver:2222to:22# NODE_NAME default to localhost# exposing a test server to the world-from:www_server:80to:localhost:8080
- socks5代理
proxy:-from:9000to:uk_serverbind:all# open port 9000 to all interfaces-from:9001to:us_server# default bind to localhost# Test the proxy: `export http_proxy=socks5://localhost:9000/ https_proxy=socks5://localhost:9000/; curl https://ipinfo.io`
- sshfs安装
mount:-from:/mnt/server1_hometo:server1# PATH default to home directory-from:/mnt/server2_rootto:server2:/mkdir:true# create /mnt/server2_root directory if it does not exist
待办事项
- 添加对通过中间主机的前向通道的支持
- 添加要在启动时运行的init脚本
- 添加详细模式以打印有用的调试消息
- 任何有意义的东西;)
错误或功能请求
找到错误并修复它们,这就是软件的进化。我需要你的帮助,使这个软件更好地为每个人。请随意打开问题或请求,我将对其进行审阅并作出响应。
一个好的软件应该是直观的。我认为任何对兔子洞不感兴趣的东西也都是个虫子。