Total Pageviews

Thursday 26 April 2012

sshGate-server Installation

sshGate is a tool which helps to configure an OpenSSH server in order to have a SSH proxy. sshGate uses the double SSH method to be able to connect to a target host. In fact, sshGate has private ssh-keys of target hosts, makes ACL checks and can log what users do on a given target host.
sshGate is distributed under GLPv2 license.

List of features

  • ssh & scp support
  • Access Control List
  • ssh-key authentification support
  • OpenSSH client and Windows Putty support
  • Administration CLI
  • logs of what users do on target hosts

Read more

from https://github.com/Tauop/sshGate/wiki
--------------------------------------------------------

sshGate-server Installation


To install sshGate-server, you need the sshGate-server-<version>.tar.gz tarball.
First, untar the sshGate-server-<version>.tar.gz and got into the created directory :
tauop@Tauopbox:/tmp/example$ tar zxvf sshGate-server-0.2-0.69.tar.gz
tauop@Tauopbox:/tmp/example$ cd sshGate-server-0.2-0.69/
Then, run the install.sh script and answer to questions :
tauop@Tauopbox:/tmp/example/sshGate-server-0.2-0.69$ sudo ./install.sh

   --- sshGate server installation ---
            by Patrick Guiran


NOTICE: ScriptHelper will be installed as part of sshGate, not system-wide
If you want to install ScriptHelper system-wide, please visit http://github.com/Tauop/ScriptHelper

Where do you want to locate sshGate [/opt/sshgate] ?
Which unix account to use for sshGate users [sshgate] ?
What the default user account to use when connecting to target host [root] ?
List of avariable languages: fr us
Default language for user messages [us] ?
Which editor to use [vim] ?
Activate mail notification system [N] ?
Do users have to accept TOS when connecting for the first time [Y] ?
Allow remote command [Y] ?
Allow remote administration CLI [Y] ?
Configure sudo with NOPASSWD to launch remote admin CLI [Y] ?


- Reload configuration ... OK
- Installing sshGate ... OK
- Generate default sshkey pair ... OK
- Setup files permissions ... OK
- Install archive cron ... OK
- configure /etc/sudoers ... OK

You need to add the first user of sshGate, which will be sshGate administrator.
This user will allow you to manage other users, targets and accesses.
user login ?  pguiran
user mail ?  pguiran@linagora.com

In order to administrate sshGate, just ssh this host with this user
  If you have installed sshGate client -> sshg cli
  with standard ssh client -> ssh -t sshgate@Tauopbox cli
  from this terminal -> /opt/sshgate/bin/sshgate-cli -u pguiran

NOTICE: You may add /opt/sshgate/bin in your PATH variable

tauop@Tauopbox:/tmp/exmaple/sshGate-server-0.2-0.69$

installed components

Here is a description of what the install.sh script make on the system. When talking about directories, we use answers given in the example above.
The installation procedure makes those actions on the system :
  • Install sshGate structure and files in in /opt/sshgate/
  • Generate default ssh key pairs for target host
  • Create sshgate unix account
  • Install archive-log.sh in /etc/cron.monthly/
  • Configure /etc/sudoers to allow remove CLI administration
  • Create the first sshGate user (which will be admin and not restricted by ACL)
For more information about sshGate-server directories and files structure, please read sshGate-server: Description of directories and files.

from https://github.com/Tauop/sshGate/wiki/Installation