Cookie policy

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

You have declined cookies. This decision can be reversed.

You have allowed cookies to be placed on your computer. This decision can be reversed.

Article Index

CompaSSH logo

Compassh has a really small codebase made of three files:

  • compassh: the command used by you to start and stop Compassh pseudo-VPNs
  • compassh_proxy: the helper used by OpenSSH
  • compassh.utils: the library used by compassh_proxy and compassh

To install use the provided script install.sh. The main command compassh will be installed in /usr/bin, while compassh_proxy and compassh.utils will go in /usr/libexec/compassh/.

The whole configuration of Compassh is held in ~/.compassh.conf. This file contains two sections. The first, %VPN, defines the pseudo-VPNs, while the second, %patterns, describe the routing policies. Let's see the first:

our %VPN = (
   strumentiresistenti => {
      proxy => 'root @ proxy.strumentiresistenti.org.',
      local_port => "1080"
   },
)

Here we have the definition of a VPN. It's called strumentiresistenti and is routed through proxy.strumentiresistenti.org using the root account (of course you can use any SSH account). The local_port is the local port used for the SOCKS proxy. Each VPN must have a separate local port. So for example we can expand this configuration with another VPN:

our %VPN = (
   strumentiresistenti => {
      proxy => 'root @ proxy.strumentiresistenti.org.',
      local_port => "1080"
   },
   office => {
      proxy => 'jondoe @ proxy.bigcompany.biz.',
      local_port => "1081"
   },
);

Here we have a second VPN, called office, using proxy.bigcompany.biz as gateway and jondoe as login account. As we said before, the local port must be different, so we choose 1081 here.

Next we setup the %pattern section where we define the regexp patterns to be matched against host names to let Compassh choose where the connection should be routed.

our %patterns = (
'strumentiresistenti.org$' => 'strumentiresistenti',
'bigcompany.biz$' => 'office',
);

It should be quite self explanatory: any host matching regexp pattern strumentiresistenti.org$ should be routed through the first VPN called strumentiresistenti while any host matching bigcompany.biz$ should be routed through the second, office. Any other destination will not be routed and will instead start a direct connection, as usually.

Now Compassh is configured, but how do we tell OpenSSH that we would use it? The answer lays in the ~/.ssh/config file.


  The Cog In The Machine On Which All Depends