Go to file
Elara6331 a9fdf0a053
Some checks failed
ci/woodpecker/push/woodpecker Pipeline was successful
ci/woodpecker/tag/woodpecker Pipeline failed
Add CI configuration
2024-08-08 14:34:42 -07:00
assets Initial Commit 2024-08-03 22:31:40 -07:00
internal Fix known hosts handling in proxy backend 2024-08-04 19:49:43 -07:00
.gitignore Initial Commit 2024-08-03 22:31:40 -07:00
.goreleaser.yaml Add CI configuration 2024-08-08 14:34:42 -07:00
.woodpecker.yml Add CI configuration 2024-08-08 14:34:42 -07:00
auth.go Add copyright headers 2024-08-04 16:35:51 -07:00
go.mod Initial Commit 2024-08-03 22:31:40 -07:00
go.sum Initial Commit 2024-08-03 22:31:40 -07:00
keys.go Add copyright headers 2024-08-04 16:35:51 -07:00
LICENSE Initial Commit 2024-08-03 22:31:40 -07:00
main.go Add configurable config path 2024-08-04 14:01:36 -07:00
README.md Add README badges 2024-08-04 23:45:25 +00:00
seashell.ex.hcl Initial Commit 2024-08-03 22:31:40 -07:00
seashell.service Add CI configuration 2024-08-08 14:34:42 -07:00

Seashell logo

Go Report Card  Read the Docs


Seashell is a custom SSH server that implements virtual hosts with username-based routing, allowing users to securely access shells inside VMs, containers, or even on serial ports. It also features its own authentication and permissions system, independent of system users.

Features

Fail2Ban

Seashell has a built-in rate limiter for failed logins. If a user exceeds the configured amount of failed login attempts within the specified time interval, they will be blocked from making any further login attempts until the time interval passes.

Permissions

Seashell comes with a granular permissions system that allows you to allow or deny access to specific resources for specific users or groups of users. This allows you to safely provide shell access to users without also giving them access to any unintended resources.

Integrations

Docker

Seashell can integrate with Docker to provide remote shell access into a container. For example, with a route configured to match docker\\.(.+), you can use the following ssh command to get a shell inside the example container:

ssh user:docker.example@ssh.example.com

See the docker documentation for more info.

Nomad

Seashell can integrate with a Nomad cluster to provide remote shell access into a Nomad allocation. For example, with a route configured to match nomad\\.(.+), you can use the following ssh command to get a shell in the first allocation in the example job:

ssh user:nomad.example@ssh.example.com

If your job has several tasks, you can specify the task you want like so:

ssh user:nomad.example.mytask@ssh.example.com

See the nomad documentation for more info.

Serial

Seashell can provide remote access to a physical serial port. For example, with a route configured to match serial\\.(.+), you can use the following ssh command to get a access to /dev/ttyS0:

ssh user:serial.ttyS0@ssh.example.com

If the baud rate and mode are unknown beforehand, you can specify them in the ssh command, like so:

ssh user:serial.ttyS0.115200.8n1@ssh.example.com

See the serial documentation for more info.

Proxy

Seashell can proxy another SSH server. In this case, your client will authenticate to seashell and then seashell will authenticate to the target server, so you should provide seashell with a private key to use for authentication and encryption. If you don't provide this, seashell will ask the authenticating user for the target server's password.

The proxy backend takes no extra arguments, so the ssh command only requires your username and the routing path:

ssh user:myproxy@ssh.example.com

See the proxy documentation for more info.