sshproxy v2.0.1

Changes in v2.0.1:

• Bugfix: config.Etcd.Mandatory must not be nil

sshproxy v2.0.0

Version 2.0.0 brings a lot of changes to sshproxy:

TL;DR: you have to migrate your configuration file(s) with sshproxyctl -c /etc/sshproxy/sshproxy.old.yaml convert > /etc/sshproxy/sshproxy.new.yaml

1. configuration file:

• all configuration options can now be set outside of overrides (those are
  the default values) or inside an override

• users, groups and routes options have been replaced by the overrides
  system:

  • old style:

    routes:
      default:
        some_default_options…
      service1:
        source: [an.ip.sshd.listens.to]
        some_sources_options…
    users:
      - alice,bob:
          some_users_options…
    groups:
      - foo,bar:
          some_groups_options…
    

  • new style:

    some_default_options…
    overrides:
      - match:
          - sources: [an.ip.sshd.listens.to]
        some_sources_options…
      - match:
          - users: [alice,bob]
        some_users_options…
    overrides:
      - match:
          - groups: [foo,bar]
        some_groups_options…
    

• the match conditions of the overrides system can be combined. Here is an
  example meaning "match if (the user is in the group foo and in the
  group bar) or ((the user is alice or bob) and the user is
  connected to an.ip.sshd.listens.to)":

  overrides:
    - match:
        - groups: [foo]
          groups: [bar]
        - users: [alice,bob]
          sources: [an.ip.sshd.listens.to]
  

• nodesets can now be used for the dest key

• if libnodeset.so (from https://github.com/fdiakh/nodeset-rs) is found, it
  allows the use of clustershell groups where nodesets are allowed

• new option: blocking_command runs a command before starting the ssh
  connection to the destination. If the command does not return 0, the
  connection is aborted

2. command line interface:

• sshproxyctl convert has been added: it converts your old v1
  configuration file to the v2 format. Can be used like this:
  sshproxyctl -c /etc/sshproxy/sshproxy.old.yaml convert > /etc/sshproxy/sshproxy.new.yaml
• in all the tables, Host and Port columns are now merged into a single
  Host:Port
• sshproxyctl get_config has been removed and replaced by
  sshproxyctl show config
• sshproxyctl show hosts and sshproxyctl show users -all now display
  persist info
• sshproxyctl enable HOST [PORT] has been removed and replaced by
  sshproxyctl enable -all|-host HOST [-port PORT]
• sshproxyctl disable HOST [PORT] has been removed and replaced by
  sshproxyctl disable -all|-host HOST [-port PORT]
• sshproxyctl forget HOST [PORT] has been removed and replaced by
  sshproxyctl forget host -all|-host HOST [-port PORT]
• sshproxyctl error_banner (without any parameter) has been removed and
  replaced by sshproxyctl forget error_banner
• sshproxyctl forget persist [-user USER] [-service SERVICE] [-host HOST] [-port PORT]
  has been added

sshproxy v1.6.3

Changes in v1.6.3:

• make tests more resilient
• Prevent ssh option injection

This is a security fix release, we advise all users of sshproxy to upgrade as soon as possible.

sshproxy v1.6.2

Changes in v1.6.2:

• Update copyright to 2024
• add nodeset capabilities to sshproxyctl
• add get_config function to sshproxyctl

sshproxy v1.6.1

Changes in v1.6.1:

• Add missing documentation for error_banner
• Upgrade of vendors
• disable etcd zap logs, and force etcd blocking connection

sshproxy v1.6.0

Changes in v1.6.0:

• cleanup and upgrade of vendors
• cleanup: stop using obsolete etcd module
• Only define an empty default route if no route is set AND a subconfig is used
• switch docker image from centos to fedora

Warning! The required minimum golang version is now 1.20

sshproxy v1.5.2

Changes in v1.5.2:

• Enhanced logs
• Bugfix: check host syntax for actions "enable", "disable" and "forget"
• Improve documentation, typos
• bugfix: if no route is set, define an empty default route
• ErrorBanner: bugfix when etcd is not configured
• add etcd.mandatory and max_connections_per_user options

sshproxy v1.5.1

Changes in v1.5.1:

• Add possibility to set environment variables for specific services
• Add possibility of persistent connections

sshproxy v1.5.0

Changes in v1.5.0:

Add an option to force the command executed by sshproxy.
Add an option to close the connection when original command does not match de force command.
Add an option to translate the command to something else.

Warning: there is a configuration change! A configuration is needed for SFTP to work as before. Please have a look at config/sshproxy.yaml and add the "translate_commands" block. You may need to change "internal-sftp" to something else if you're using something else than "internal-sftp". The value must be the same as the SFTP subsystem defined in your sshd_config.

sshproxy v1.4.0

Changes in v1.4.0:

• Bugfix: ordering maps of groups and users.

Warning: there is a configuration change! Users and groups are now in a table, so must be prefixed with a "-". Please have a look at the man pages.