ssh-timeout

2024-04-30 20:30:18 -04:00 · 2024-04-30 20:30:18 -04:00 · b5f0ab4908
commit b5f0ab4908
15 changed files with 199 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,57 @@
 # SSH Timeout Proxy
 ## Description
 SSH Timeout Proxy is a simple TCP reverse proxy designed to handle SSH connections, forwarding them to a specified backend SSH server and enforcing a maximum connection duration. It utilizes environment variables to configure the backend SSH server's address and the maximum allowed connection duration, making it flexible for various deployment environments.
 ## Requirements
 - **Go** (at least Go 1.13) - To run the program.
 - **SSH Server** - The backend server where SSH connections should be forwarded. Typically, this is `localhost:22` for testing purposes.
 ## Installation
 1. **Clone the repository:**
   ```bash
   git clone https://example.com/ssh-timeout-proxy.git
   cd ssh-timeout-proxy
   ```
 2. **Build the project:**
   ```bash
   go build -o ssh-timeout
   ```
 ## Configuration
 The application uses two environment variables:
 - `SSH_BACKEND`: Specifies the IP address and port of the backend SSH server (e.g., "localhost:22").
 - `SSH_MAX_DURATION`: Specifies the maximum duration (in seconds) that a connection should be allowed to persist.
 ## Usage
 To run the application, use the following command, setting the environment variables as needed:
 ```bash
 SSH_BACKEND="your_backend_ip:port" SSH_MAX_DURATION="duration_in_seconds" ./ssh-timeout
 ```
 For example, to set the backend SSH server to `localhost` on port `22` and limit connection duration to 600 seconds (10 minutes), you would use:
 ```bash
 SSH_BACKEND="localhost:22" SSH_MAX_DURATION="600" ./ssh-timeout
 ```
 ## Testing
 To test the SSH Timeout Proxy, perform the following steps:
 1. **Start the Proxy:**
   Run the proxy with the desired backend and maximum duration configuration as shown in the Usage section.
 2. **SSH Through the Proxy:**
   In a separate terminal window, use SSH to connect through the proxy:
   ```bash
   ssh -p 2222 your-username@localhost
   ```
   Replace `your-username` with your actual username, and ensure you connect to the port where the proxy listens (default `2222`).
 3. **Observe:**
   Monitor the terminal running the proxy to see the connection and disconnection logs. Ensure the connection is terminated after the specified duration.
 ## Contributing
 Contributions to the SSH Timeout Proxy are welcome. Please feel free to fork the repository, make changes, and submit pull requests.
--- a/build.sh
+++ b/build.sh
@ -0,0 +1,57 @@
 #!/bin/bash
 # Default architecture
 DEFAULT_ARCH="linux/amd64"
 # Supported architectures (adjust as needed)
 ARCHITECTURES=("linux/amd64" "linux/arm64" "linux/arm/v7" "darwin/amd64" "darwin/arm64")
 # Ensure all necessary directories exist and go modules are ready
 prepare_build() {
    # Create necessary directories if they don't exist
    mkdir -p dist
    mkdir -p build_logs
    # Initialize go modules if go.mod does not exist
    if [ ! -f go.mod ]; then
        echo "Initializing Go modules"
        go mod init yourmodule  # Replace 'yourmodule' with your actual module name or path
    fi
    # Fetch and ensure all dependencies are up to date
    echo "Checking dependencies..."
    go mod tidy
 }
 # Build function
 build_binary() {
    os=$1
    arch=$2
    output_name="ssh-timeout"
    if [[ "$os/$arch" != "$DEFAULT_ARCH" ]]; then
        output_name="${output_name}_${os}_${arch}"
    fi
    output_name="dist/${output_name}"
    echo "Building for ${os}/${arch} -> ${output_name}"
    GOOS=${os} GOARCH=${arch} go build -o ${output_name} main.go 2>build_logs/${os}_${arch}_build.log
    if [ $? -eq 0 ]; then
        echo "Successfully built ${output_name}"
    else
        echo "Failed to build ${output_name}. Check build_logs/${os}_${arch}_build.log for errors."
    fi
 }
 # Main Build Process
 prepare_build
 for arch in "${ARCHITECTURES[@]}"; do
    IFS='/' read -r -a parts <<< "$arch"  # Split architecture string
    os=${parts[0]}
    arch=${parts[1]}
    build_binary $os $arch
 done
 echo "Build process completed."
--- a/build_logs/darwin_amd64_build.log
+++ b/build_logs/darwin_amd64_build.log
--- a/build_logs/darwin_arm64_build.log
+++ b/build_logs/darwin_arm64_build.log
--- a/build_logs/linux_amd64_build.log
+++ b/build_logs/linux_amd64_build.log
--- a/build_logs/linux_arm64_build.log
+++ b/build_logs/linux_arm64_build.log
--- a/build_logs/linux_arm_build.log
+++ b/build_logs/linux_arm_build.log
--- a/dist/ssh-timeout
+++ b/dist/ssh-timeout
--- a/dist/ssh-timeout_darwin_amd64
+++ b/dist/ssh-timeout_darwin_amd64
--- a/dist/ssh-timeout_darwin_arm64
+++ b/dist/ssh-timeout_darwin_arm64
--- a/dist/ssh-timeout_linux_arm
+++ b/dist/ssh-timeout_linux_arm
--- a/dist/ssh-timeout_linux_arm64
+++ b/dist/ssh-timeout_linux_arm64
--- a/go.mod
+++ b/go.mod
@ -0,0 +1,5 @@
 module yourmodule
 go 1.21.1
 require github.com/google/uuid v1.6.0
--- a/go.sum
+++ b/go.sum
@ -0,0 +1,2 @@
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
--- a/main.go
+++ b/main.go
@ -0,0 +1,78 @@
 package main
 import (
    "io"
    "log"
    "net"
    "os"
    "strconv"
    "time"
    "github.com/google/uuid"
 )
 func main() {
    listenAddr := ":2222" // The local port on which to listen for incoming SSH connections.
    backendAddr := os.Getenv("SSH_BACKEND") // Backend SSH server address from environment variable.
    maxDuration := os.Getenv("SSH_MAX_DURATION") // Max connection duration from environment variable.
    duration, err := strconv.Atoi(maxDuration)
    if err != nil {
        log.Fatalf("Invalid SSH_MAX_DURATION value: %s", err)
    }
    listener, err := net.Listen("tcp", listenAddr)
    if err != nil {
        log.Fatalf("Failed to open listener: %s", err)
    }
    defer listener.Close()
    log.Println("Listening on", listenAddr)
    for {
        clientConn, err := listener.Accept()
        if err != nil {
            log.Println("Failed to accept connection:", err)
            continue
        }
        go handleConnection(clientConn, backendAddr, time.Duration(duration)*time.Second)
    }
 }
 func handleConnection(clientConn net.Conn, backendAddr string, maxDuration time.Duration) {
    connID := uuid.New().String()
    log.Printf("New connection [%s] started from %s", connID, clientConn.RemoteAddr())
    defer clientConn.Close()
    backendConn, err := net.Dial("tcp", backendAddr)
    if err != nil {
        log.Printf("Failed to connect to backend [%s]: %s", connID, err)
        return
    }
    defer backendConn.Close()
    // Set up a timer to close both connections when the maxDuration is exceeded
    timer := time.AfterFunc(maxDuration, func() {
        log.Printf("Connection [%s] exceeded max duration, terminating", connID)
        clientConn.Close()
        backendConn.Close()
    })
    defer timer.Stop()
    // Forward traffic between the client and the backend
    go func() {
        _, err := io.Copy(backendConn, clientConn)
        if err != nil {
            log.Printf("Error forwarding from client to backend [%s]: %s", connID, err)
        }
    }()
    _, err = io.Copy(clientConn, backendConn)
    if err != nil {
        log.Printf("Error forwarding from backend to client [%s]: %s", connID, err)
    }
    log.Printf("Connection [%s] terminated", connID)
 }
		`@ -0,0 +1,2 @@`
							`github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=`
							`github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=`