==============
About sshproxy
==============

    Author:         David Guerizec <david@guerizec.net>
    Contributor:    Pierre-Yves Roffes <py@wcube.org>
    Contributor:    Erick Michau <emichau@wallix.com>


About sshproxy
==============

sshproxy is a pure python implementation of an ssh proxy.

It allows users to connect to remote sites without having to remember the
password or key of the remote sites.


Why would I need it ?
=====================

There are three possible scenarios which could possibly interest you.

If you have other scenarios, please send them to me (david@guerizec.net)
or to the list (sshproxy@penguin.fr).


Scenario 1: Solo mode
---------------------

If you have a lot of remote servers to administrate, this will relieve you
from doing the boring task of opening your password database, copy-paste the
IP address, copy-paste the password to connect to a remote site. You only have
to know one password (to connect to the proxy) and sshproxy will do the rest
for you. You can also connect to the proxy with a public key, thus allowing
yourself to forgot about any password.

Scenario 2: Team mode
---------------------

Another, more interresting, example: if you're in charge of a lot of remote
sites, and your company has several administrators to do some remote
administration tasks, then no user will ever need to know the password or key
of the servers he administrates. When an employee quit your company, you just
have to delete his entry in the proxy database, and he will never be able to
connect to the remote site. This will protect your business against turn-over.

Scenario 3: Forwarding mode
---------------------------

You want to allow some people to connect through your firewall to a range of
server inside your DMZ or LAN, but you don't want to open one port for each
server. What you can do is open the sshproxy port (default 2242), and setup
the password database to proxy each external user to it's own desktop, or
create groups of users allowed to connect to your DMZ servers.


How does it work ?
==================

sshproxy is a daemon sitting on one of your server in your LAN or DMZ.

The user connect to it with an ssh client, and the proxy will authenticate
her and check if she's allowed to connect to the remote site.

If she's allowed, the proxy will do the connection to the remote site,
using the password or key stored in its database, and will then connect the
client side channels to the server side channels.

The user is then connected to the remote side, and can do shell commands
and/or scp tranfers almost transparently.

What else do I need to make it work?
====================================

sshproxy requires:
  - python >=2.3
  - paramiko >=1.5.3
  - pycrypto (needed for paramiko)
  - mysql-python

How do I install it ?
=====================

See the file INSTALL at the root directory of the sshproxy package.

How do I use it ?
=================

Here is an overview of a normal ssh session::

    me@myhost $ ssh -tp 2242 me@proxy remote-site
    root@remote-site #
    ... doing some administration commands ...
    root@remote-site # exit
    me@myhost $

Here is the same with the pssh shell wrapper::

    me@myhost $ pssh remote-site
    root@remote-site #
    ... doing some administration commands ...
    root@remote-site # exit
    me@myhost $

You can also execute remote commands::

    me@myhost $ pssh remote-site uname -a
    nova.wallix.com
    me@myhost $

Here is an example of an scp transfert::

    me@myhost $ scp /etc/issue me@proxy:root@remote-site:/etc/issue.new
    me@myhost $

And the same with the pscp shell wrapper::

    me@myhost $ pscp /etc/issue remote-site:/etc/issue.new
    me@myhost $
 

How much does it cost ?
=======================

sshproxy is a free software licenced under the GPL v2.0. As such it's free,
and you can use it as long as you want for free.

-- 
David Guerizec <david@guerizec.net>