-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathconfig_template.yaml
103 lines (98 loc) · 3.84 KB
/
config_template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# This is a a rospo config template example file
# The sections below are almost all optional.
# the ssh client configuration
sshclient:
# OPTIONAL: private key path. Default to ~/.ssh/id_rsa
identity: "~/.ssh/id_rsa"
# REQUIRED: server url
server: [email protected]:22
# OPTIONAL: Known hosts file path. Ignored if insecure is set to true
known_hosts: "~/.ssh/known_hosts"
# OPTIONAL: ssh connection password
password: mypass
# OPTIONAL: if the check against know_hosts is enabled or not
# default insecure false
insecure: false
# OPTIONAL: list of jump hosts hop to traverse
# comment the section for a direct connection
jump_hosts:
- uri: user@server:port
# OPTIONAL: private key path. Default to ~/.ssh/id_rsa
identity: "~/.ssh/id_rsa"
# OPTIONAL: ssh connection password
password: mypass
# if set, enable a socks proxy over ssh connection
socksproxy:
listen_address: :1080
# OPTIONAL: if defined use a dedicated sshclient for the socksproxy
# sshclient:
# if set, enable a dns proxy over ssh connection
# the remote dns must accept tcp connections
dnsproxy:
listen_address: :53
remote_dns_address: 8.8.8.8:53
# OPTIONAL: if defined use a dedicated sshclient for the socksproxy
# sshclient:
# List of tunnels configuration. Requires that the sshclient section
# is configured too. We are going to use one ssh connection
# configured into the sshclient section to enable multiple tunnels
tunnel:
- remote: ":8000"
local: ":8000"
forward: yes
# OPTIONAL: if defined use a dedicated sshclient for the socksproxy
# sshclient:
- remote: ":2222"
local: ":2222"
forward: no
# reverse proxy the local 5432 (forwarded in the forward section below)
# to the remote server (the one configured into sshclient section)
- remote: ":5432"
local: ":5432"
# this one is not a forward (copy from local to remote)
# but a reverse (copy from remote to local)
forward: no
# create a reverse tunnel that open the port 8080 into the remote server (the ssclient
# target). The local endpoint, points to a service reachable from the
# local machine (the service is hosted at my-local-reachable-service address)
- remote: ":8080"
local: "my-local-reachable-service:8080"
forward: false
# sshd server configuration
# Comment this section to disable the embedded ssh server
sshd:
server_key: "./server_key"
# OPTIONAL
# This is the authorized_keys file paths. It can be also an http resource
# so you can use paths like https://github.com/<your_username>.keys
# Github exposes all users public_keys by default on that url
# You can use multiple authorized_keys sources at the same time
authorized_keys:
- ./authorized_keys
- https://github.com/<your_username>.keys
# OPTIONAL: if set will permit password based authentication.
# The keys will always take precedence
# There is no user, so you can use whatever you want
authorized_password: mypass
listen_address: ":2222"
# OPTIONAL: default false
# If enabled the ssh shell,exec command will be disabled. So you can use
# the sshd for tunnels, forwards but not to gain a remote shell or to execute
# commands
disable_shell: false
# if true no banner will be displayed while interacting
# with the sshd server
disable_banner: false
# if disabled, server will not allow forward and reverse tunnels
disable_tunnelling: false
# OPTIONAL: default false. If set to true clients can connect without
# any authentication form (so no keys and no passwords!).
# Use with caution!
disable_auth: false
# OPTIONAL: if true, the sftp subsystem will be disabled server side
disable_sftp_subsystem: false
# OPTIONAL: if empty a shell will be auto inferred. You can
# set a custom value here.
# Example1: /usr/bin/python3
# Example2: sh -c your command here
shell_executable: "your/custom/shell"