sshproxy
sshproxy copied to clipboard
revamp sshproxy.yaml with an all-new overrides system
This is a big breaking change in sshproxy.yaml
- it now allows to override any key!
- the route system, users and groups override systems are all replaced by a new overrides system, which is more flexible and upgradeable (we can add new filters to match against).
- matches can be made against user, group and source (host:port of the listening sshd)
- multiple overrides can match, they are applied from top to bottom (meaning the last one will have precedence if a same key is overriden multiple times)
Migration example:
routes:
service1:
source: [host2]
dest: [host3]
default:
dest: [host1]
users:
- foo:
debug: true
becomes:
service: default
dest: [host1]
overrides:
- match:
- source: host2
service: service1
dest: [host3]
- match:
- user: foo
debug: true
A more complex config can now be done, like this:
overrides:
- match:
- source: host1
group: foo
- group: bar
group: baz
debug: true
Meaning "(if source is host1 AND user has group foo) OR (if user has group bar AND user has group baz) then debug is set to true"