mirror of
https://github.com/boringproxy/boringproxy.git
synced 2024-07-04 11:22:57 -05:00
Implement overriding SSH server per tunnel
This lets you use a proxy for connecting to the SSH server, which is useful on networks that block SSH/port 22. For example you can use the boringproxy tuntls command to create a proxy that will tunnel the client's SSH connections over TLS to the server. It's all very meta and forces at least double encryption, but it could be useful.
This commit is contained in:
parent
197e202d69
commit
dcb06497ad
18
api.go
18
api.go
|
@ -378,6 +378,22 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
|
|||
return nil, errors.New("Invalid tls-termination parameter")
|
||||
}
|
||||
|
||||
sshServerAddr := a.db.GetAdminDomain()
|
||||
sshServerAddrParam := params.Get("ssh-server-addr")
|
||||
if sshServerAddrParam != "" {
|
||||
sshServerAddr = sshServerAddrParam
|
||||
}
|
||||
|
||||
sshServerPort := a.config.SshServerPort
|
||||
sshServerPortParam := params.Get("ssh-server-port")
|
||||
if sshServerPortParam != "" {
|
||||
var err error
|
||||
sshServerPort, err = strconv.Atoi(sshServerPortParam)
|
||||
if err != nil {
|
||||
return nil, errors.New("Invalid ssh-server-port parameter")
|
||||
}
|
||||
}
|
||||
|
||||
request := Tunnel{
|
||||
Domain: domain,
|
||||
Owner: owner,
|
||||
|
@ -389,6 +405,8 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
|
|||
AuthUsername: username,
|
||||
AuthPassword: password,
|
||||
TlsTermination: tlsTerm,
|
||||
ServerAddress: sshServerAddr,
|
||||
ServerPort: sshServerPort,
|
||||
}
|
||||
|
||||
tunnel, err := a.tunMan.RequestCreateTunnel(request)
|
||||
|
|
|
@ -276,6 +276,7 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error {
|
|||
}
|
||||
|
||||
sshHost := fmt.Sprintf("%s:%d", tunnel.ServerAddress, tunnel.ServerPort)
|
||||
fmt.Println(sshHost)
|
||||
client, err := ssh.Dial("tcp", sshHost, config)
|
||||
if err != nil {
|
||||
return errors.New(fmt.Sprintf("Failed to dial: ", err))
|
||||
|
|
|
@ -59,6 +59,15 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<div class='input'>
|
||||
<label for="ssh-server-addr">Override SSH Server Address:</label>
|
||||
<input type="text" id="ssh-server-addr" name="ssh-server-addr">
|
||||
</div>
|
||||
<div class='input'>
|
||||
<label for="ssh-server-port">Override SSH Server Port:</label>
|
||||
<input type="text" id="ssh-server-port" name="ssh-server-port">
|
||||
</div>
|
||||
|
||||
<button class='button' type="submit">Submit</button>
|
||||
|
||||
</form>
|
||||
|
|
|
@ -98,8 +98,6 @@ func (m *TunnelManager) RequestCreateTunnel(tunReq Tunnel) (Tunnel, error) {
|
|||
return Tunnel{}, err
|
||||
}
|
||||
|
||||
tunReq.ServerAddress = m.db.GetAdminDomain()
|
||||
tunReq.ServerPort = m.config.SshServerPort
|
||||
tunReq.ServerPublicKey = ""
|
||||
tunReq.Username = m.user.Username
|
||||
tunReq.TunnelPrivateKey = privKey
|
||||
|
|
Loading…
Reference in New Issue
Block a user