sshproxy.ini(5)
NAME
sshproxy.ini - sshproxy configuration file
FORMAT
The configuration file sshproxy.ini is a simple INI file containing
several sections.
SECTION [sshproxy]
This is the main section of the configuration file.
- bindip
- Bind sshproxy to the given IP address. Default (when empty) is to bind to all adresses (0.0.0.0).
- port
- Bind to port. Default is 2242.
- plugin_dir
- Where the plugins are located. Defaults to /usr/lib/sshproxy.
- logger_conf
- Point to the logger.conf file. Default is
/usr/share/sshproxy/logger.conf.
- log_dir
- This directory will contain debug logs from paramiko and sshproxy. Defaults to @log.
- pkey_id
- The id string of the sshproxyd(8) public key, used when a client connects with the option --get-pkey. Defaults to sshproxy@penguin.fr.
- auto_add_key
- If no, the client's public key will not be added in the database (equivalent to the authorized_keys file for sshd). If yes, the client's public key will always be added, no matter how many keys are already in the database. You can give a number to limit the number of keys automatically added. Defaults to no.
- client_db
- The type of backend to use to handle the clients database. This is the name of the chosen plugin.
- acl_db
- The type of backend to use to handle the ACL database. This is the name of the chosen plugin.
- site_db
- The type of backend to use to handle the sites database. This is the name of the chosen plugin.
- plugin_list
- Space separated list of plugins to load at startup. Plugins are located by default in /usr/share/sshproxy. You MUST give at least one backend plugin (*_db).
- cipher_type
- The cipher type to use, one of plain, base64 or blowfish (default).
SECTION [blowfish]
This section configures the blowfish cipher engine.
- secret
- The secret passphrase for the blowfish cipher engine. It MUST be at least 10 characters long.
SECTIONS [client_db.ini] [acl_db.ini] [site_db.ini]
These sections configure the three databases of the ini_db backend.
- file (applies to client_db, acl_db)
- The path to the database file. Defaults are resp. @client_db and @acl_db.
- db_path (applies to site_db)
- The path to the database directory. Defaults to @site_db.
SECTIONS [client_db.mysql] [acl_db.mysql] [site_db.mysql]
These sections configure the three databases of the mysql_db backend.
- host
- The IP address or resolvable name of the database host. Defaults to localhost.
- port
- The database host port. Defaults to 3306.
- db
- The database name. Defaults to sshproxy.
- user
- The database user. Defaults to sshproxy.
- password
- The database user password. Defaults to sshproxypw, but you should change it.
EXAMPLES
- Here is a complete configuration file which tells sshproxyd(8) to use
the ini_db plugin for the ACL database, and the mysql_db plugin for
client and site databases:
- [sshproxy]
bindip =
port = 2242
plugin_dir = /usr/lib/sshproxy
logger_conf = /usr/share/sshproxy/logger.conf
log_dir = @log
pkey_id = sshproxy@penguin.fr
auto_add_key = no
client_db = mysql_db
acl_db = ini_db
site_db = mysql_db
plugin_list = ini_db mysql_db
cipher_type = blowfish - [blowfish]
secret = This should be a valid passphrase - [acl_db.ini]
file = @acl.db - [client_db.mysql]
db = sshproxy
host = localhost
user = sshproxy
password = sshproxypw
port = 3306 - [site_db.mysql]
db = sshproxy
host = localhost
user = sshproxy
password = sshproxypw
port = 3306
FILES
- ~/.sshproxy/sshproxy.ini
- The main configuration file. See sshproxy.ini for further details.
- ~/.sshproxy/id_dsa
- The private hostkey file. This hostkey is automatically generated by sshproxyd(8) at startup if it doesn't exist.
AUTHOR
David Guerizec <david@guerizec.net>
SEE ALSO
sshproxy-setup(1), sshproxyd(8), pssh(1), pscp(1),
The sshproxy home page: <http://sshproxy-project.org/>
- The sshproxy online documentation:
- <http://sshproxy-project.org/documentation/>