Skip to content

Driver: ProxySSH

Jump to bottom
Sergei Parshev edited this page Nov 23, 2025 · 4 revisions

ProxySSH gate driver

Allows users to establish connection with any debug-capable Resource.

Features

  • SSH TTY
  • SCP/SFTP
  • Port-Forwarding
  • One-time key/password

How to use

  1. You need to use provider driver that supports ProxySSH, so here is the list with links on how to use those:
  2. You need to know your Application UID to request the Resource UID: 
    $ curl -u "$USER:$TOKEN" -k "https://aquarium-fish-1.node.example.com:8001/api/v1/application/$APP_UID/resource"
{"UID":"aef64fb7-06de-4618-9098-f34154675ae5", ...
  3. Now you can request one-time access to the resource (it can't be reused, re-request if need to connect one more time): 
    $ curl -u "$USER:$TOKEN" -k "https://aquarium-fish-1.node.example.com:8001/api/v1/applicationresource/aef64fb7-06de-4618-9098-f34154675ae5/access"
{"UID":"aef64fb7-06de-4f0b-82c5-fc0578a2d279","address":"TODO","application_resource_UID":"aef64fb7-06de-4618-9098-f34154675ae5","created_at":"2025-05-29T15:04:06.141107-07:00","key":"-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEILFDizbBtNrcQeZ5iFW55BTLk4o9uoPWqSjkjMWEJODAoAoGCCqGSM49\nAwEHoUQDQgAEkOSUc+xxaP2zt3Xgbvj4/xDFozNspLoqJqhPx1mfWtcehUdHXHkf\n9mnwQ1bIPjVTdMomJd5/mXG80elETqwWvw==\n-----END EC PRIVATE KEY-----\n","password":"mHsezvUzu7BWMBfPZT1fgDJuzYmq3t6wsZLcCYravPcqwkHXCrLRB95iLBBqkrM1","username":"user"}
  4. Now you can connect to Aquarium's ProxySSH with your user and the access credentials to get access to the Resource: 
    $ ssh -p 1222 $USER@aquarium-fish-1.node.example.com
user@aquarium-fish-1.node.example.com's password: <ACCESS_PASSWORD>
ubuntu@ip-10-15-10-15:~$

Configuration

For the gate itself it's relatively easy - but for the Providers/Labels could be complicated, so please refer to the specific Provider page for more info.

drivers:
  gates:
    proxyssh:
      bind_address: string  # Where to listen for incoming SSH connections, by default it's 0.0.0.0:1222
      ssh_key:      string  # Where to store the SSHD key for the proxy, default: in workspace directory and hostname + '_id_ecdsa'

Clone this wiki locally