diff --git a/CHANGELOG.md b/CHANGELOG.md index ac64bab..b48f3dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## master (unreleased) * Add `--latest` and `--quiet` options to `ls` commands +* Add `healthcheck` user ## v1.5.0 (2017-12-02) diff --git a/README.md b/README.md index e088213..0a90796 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,7 @@ Jump host/Jump server without the jump, a.k.a Transparent SSH bastion * Session management * Audit log * Host Keys verifications shared across users +* Healthcheck user ## Usage @@ -316,3 +317,15 @@ ssh whoami@portal ssh portal host create test@chat.shazow.net ssh chat@portal ``` + +## Healthcheck + +By default, `sshportal` will return `OK` to anyone sshing using the `healthcheck` user without checking for authentication. + +```console +$ ssh healthcheck@sshportal +OK +$ +``` + +the `healtcheck` user can be changed using the `healthcheck-user` option. diff --git a/main.go b/main.go index 8527ef6..50e421a 100644 --- a/main.go +++ b/main.go @@ -71,6 +71,11 @@ func main() { Usage: "SSH user that spawns a configuration shell", Value: "admin", }, + cli.StringFlag{ + Name: "healthcheck-user", + Usage: "SSH user that returns healthcheck status without checking the SSH key", + Value: "healthcheck", + }, cli.StringFlag{ Name: "aes-key", Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)", @@ -123,6 +128,9 @@ func server(c *cli.Context) error { } switch username := s.User(); { + case username == c.String("healthcheck-user"): + fmt.Fprintln(s, "OK") + return case username == currentUser.Name || username == currentUser.Email || username == c.String("config-user"): if err := shell(c, s, s.Command(), db); err != nil { fmt.Fprintf(s, "error: %v\n", err)