A security layer for managing access to external/internal applications
Project description
Socket Gatekeeper
Socket Gatekeeper provides a means of password securing and routing arbitrary sockets.
It listens on a socket and waits for a connection. Upon connection, it sends a 1024-bit RSA public key to the client. The client uses this public key to encrypt the password and sends it back over the wire. That password is hashed using SHA-256 and compared against a provided mapping file. This mapping file specifies where that password is to be routed. Example, giving password “abc” may route to some management info on one port, giving a different password “foo” may route to an information service running somewhere else. Giving a password that is not mapped will result in a terminated connection. There is no information to the client describing what is running where, or that this is even a gatekeeper socket (for security).
You can use Socket Gatekeeper for many tasks:
Securing protocols that do not have any inherit security
Only opening one port on a machine where several administrative services are running. Admins are given their own unique passwords to acccess the services they require
Opening a port to the outside world which then routes using secure passwords to any number of internal services
Several others!
Mapping File
The routing provided by the daemon is controlled by a mapping file.
This file is in the format:
sha256sum=Addr:Port
Example, for a password “abc” to route to localhost port 6379, use:
ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad = 127.0.0.1:6379
You can derive a sha256 sum with the following script:
echo -n “your_password_here” | sha256sum | awk {‘print $1’}
You may have multiple passwords lead to the same endpoint, but a single password may only lead to one endpoint.
Starting The Server
Use the provided command “socket-gatekeeperd” to start a gatekeeper daemon.
Required Arguments:
You must provide “–mappings=/path/to/file” (or “-m /path/to/file”) to the mapping file. You must also provide “–bind=addr:port” (or “-b addr:port”) example: 127.0.0.1:50001
Other Arguments:
- --client-buffer-len=X
This will use X as the number of bytes transmitted/received at one time to/from the client
- --endpoint-buffer-len=X
This will use X as the number of bytes transmitted/received at one time to/from the endpoint
Both buffer arguments default to 4096.
—enable-quit This will intercept the messages “quit” and “exit” and cause them to terminate the connection.
Connecting To The Server
Once you have a server up and running, you can connect to it with the provided “socket-gatekeeper-connect” program. You specify the address and port on which to connect, and it handles the RSA portion, prompts for a password which is not echoed to the screen, and then serves as an in-between to you and the endpoint.
Dependencies
Depends on python 2.7 and ArgumentParser (https://pypi-hypernode.com/pypi/argumentparser) as well as PyCrypto (https://pypi-hypernode.com/pypi/pycrypto)
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file socket-gatekeeper-1.2.tar.gz
.
File metadata
- Download URL: socket-gatekeeper-1.2.tar.gz
- Upload date:
- Size: 12.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3916d4228d053935b429fb97ab5eed28cecd27d5740823b6e5822fda52bc83f7 |
|
MD5 | fed0f970b862f647845169bc67c9cccd |
|
BLAKE2b-256 | f647b06cacdd8aa914b7fc19f06e6564381218d07729479e9da62e6ab84d1328 |