ProxySSH gate driver

Allows users to establish connection with any debug-capable Resource.

Features

• SSH TTY
• SCP/SFTP
• Port-Forwarding
• One-time key/password

How to use

1. You need to use provider driver that supports ProxySSH, so here is the list with links on how to use those:
   • AWS ProxySSH gate needs
2. You need to know your Application UID to request the Resource UID:

   $ curl -u "$USER:$TOKEN" -k "https://aquarium-fish-1.node.example.com:8001/api/v1/application/$APP_UID/resource"
   {"UID":"aef64fb7-06de-4618-9098-f34154675ae5", ...
   

3. Now you can request one-time access to the resource (it can't be reused, re-request if need to connect one more time):

   $ curl -u "$USER:$TOKEN" -k "https://aquarium-fish-1.node.example.com:8001/api/v1/applicationresource/aef64fb7-06de-4618-9098-f34154675ae5/access"
   {"UID":"aef64fb7-06de-4f0b-82c5-fc0578a2d279","address":"TODO","application_resource_UID":"aef64fb7-06de-4618-9098-f34154675ae5","created_at":"2025-05-29T15:04:06.141107-07:00","key":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEILFDizbBtNrcQeZ5iFW55BTLk4o9uoPWqSjkjMWEJODAoAoGCCqGSM49\nAwEHoUQDQgAEkOSUc+xxaP2zt3Xgbvj4/xDFozNspLoqJqhPx1mfWtcehUdHXHkf\n9mnwQ1bIPjVTdMomJd5/mXG80elETqwWvw==\n-----END EC PRIVATE KEY-----\n","password":"mHsezvUzu7BWMBfPZT1fgDJuzYmq3t6wsZLcCYravPcqwkHXCrLRB95iLBBqkrM1","username":"user"}
   

4. Now you can connect to Aquarium's ProxySSH with your user and the access credentials to get access to the Resource:

   $ ssh -p 1222 [email protected]
   [email protected]'s password: <ACCESS_PASSWORD>
   ubuntu@ip-10-15-10-15:~$
   

Configuration

For the gate itself it's relatively easy - but for the Providers/Labels could be complicated, so please refer to the specific Provider page for more info.

drivers:
  gates:
    proxyssh:
      bind_address: string  # Where to listen for incoming SSH connections, by default it's 0.0.0.0:1222
      ssh_key:      string  # Where to store the SSHD key for the proxy, default: in workspace directory and hostname + '_id_ecdsa'