Tyler King
bfa26cfd15
Open-source SSH proxy with pluggable authentication and extensible session handling. Zero external governance dependencies. Core (bascule-core): russh 0.46 SSH server with PTY bridge (portable-pty) Pluggable auth: AuthProvider trait (SSH keys, accept-all dev mode) SessionHandler trait for extending behavior (audit, governance) TOML configuration, ephemeral Ed25519 host key generation Binary (bascule-server): Single binary, 5.6MB release build CLI with --config flag Default: accept-all auth on port 2222 Extension points: AuthProvider — implement for OIDC, certificates, custom auth SessionHandler — implement for audit, governance, recording DefaultHandler — passthrough (ships with open-source version) Zero substrate/chronicle/gsap/hfl dependencies. Apache 2.0 License. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
23 lines
614 B
TOML
23 lines
614 B
TOML
# Bascule SSH Proxy — Example Configuration
|
|
|
|
# Listen address
|
|
listen_addr = "0.0.0.0:2222"
|
|
|
|
# Host key (auto-generated if not present)
|
|
# host_key_path = "/etc/bascule/host_key"
|
|
|
|
# Shell command to spawn for each session
|
|
# Default: /bin/bash
|
|
# shell_command = "/bin/bash"
|
|
# shell_command = "/usr/local/bin/gsh" # Governed shell
|
|
|
|
# Authentication
|
|
[auth]
|
|
mode = "accept-all" # "accept-all" (dev only), "authorized-keys"
|
|
# authorized_keys_path = "/etc/bascule/authorized_keys"
|
|
|
|
# Session banner (optional)
|
|
# banner = "Welcome to the governed shell."
|
|
|
|
# Max concurrent sessions (0 = unlimited)
|
|
# max_sessions = 100
|