This project comes with a docker-compose configuration that presents a demo of how sb works
It will spawn 5 services:
- A simple Debian Bullseye container with an SSH service that we want to log on to
- An
sbcontainer - Another
sbcontainer (both replicated) - A
Google PubSubemulator, used for replication between the twosbinstances - A
Google Cloud Storageemulator, used to offload SSH sessions recordings to an external storage
t1000@skynet:~# cd demo
t1000@skynet:~# docker-compose up -dt1000@skynet:~# chmod 600 $(PWD)/assets/ssh-keys/id_ed25519t1000@skynet:~# alias sb1="ssh -i $(PWD)/assets/ssh-keys/id_ed25519 -p 22001 t800@127.0.0.1 -A -t -- "
t1000@skynet:~# alias sb2="ssh -i $(PWD)/assets/ssh-keys/id_ed25519 -p 22002 t800@127.0.0.1 -A -t -- "We are now going to generate a personal egress key (sb -> distant host) for your account.
t1000@skynet:~# sb1 self egress-key generate --algo ed25519 --size 256The docker-compose configuration created a Debian Bullseye container acting as a remote machine.
To be able to access through sb, we need to add the newly generated SSH public egress key to the authorized_keys of this machine:
t1000@skynet:~# export TRUSTED_KEY=$(sb1 self egress-keys list | sed -e 's/\x1b\[[0-9;]*m//g' | grep -e "^1:" | sed -e 's/^1: //')
t1000@skynet:~# docker exec -it sbdemo_examplevm /bin/bash -c "echo '$TRUSTED_KEY' > /root/.ssh/authorized_keys"Now, let's authorize our account to access the distant host on port 22 with the user root:
t1000@skynet:~# sb1 self access add --host examplevm --port 22 --user rootNow, just connect to the example container via the other sb instance:
t1000@skynet:~# sb2 root@examplevmCongrats, you just made your first connection to a distant host through sb!