Repository files navigation

First, install the python requirements using:

python3 -m pip install -r generator/requirements.txt

Note that in some systems,python-dotenv package cannot be installed manually. In thatcase you should install it using your distribution's package manager.

Then copyenv-sample as.env and change its variables according to yourown needs. For example you may need to changeTEMPLATE_PATH if you want touse your own template file instead of the one atgenerator/template.json.

Initialize the required directories:

# Run the following commands as Rootmkdir -p /tmp/etc/ssh/mkdir -p /etc/ssh-liberty-bridge/

Then generate host keys for yourssh-server. Please put these keys in a safeplace and never share the ones that don't end in.pub (your public keys) with others.

# Run the following commands as Rootssh-keygen -A -f /tmp# Creates the required keys in /tmp/etc/ssh# Remove unneeded key pairsrm /tmp/etc/ssh/ssh_host_dsa_key*rm /tmp/etc/ssh/ssh_host_rsa_key*# Copy the keys to the installation directorycp /tmp/etc/ssh/* /etc/ssh-liberty-bridge/# Delete the temporary key files and make sure they are not recoverableshred /tmp/etc/ssh/*rm /tmp/etc/ssh/*

And change file ownership and permissions so only your user could read the created files.

# Run these commands from your user but use sudo.# Or run as root without sudo and write your username instead of `$USER`sudo chown -R$USER:$USER /etc/ssh-liberty-bridge/sudo chmod 0600 /etc/ssh-liberty-bridge/*

After this, you have to installredis on your server. After doing so, it is ofutmost importancethat you add a strong password to its configuration. In order to achieve this, you have tonavigate to/etc/redis/redis.conf and edit the following line(in my installation, this is line 1036, it may not be exactly this for you)

# requirepass foobard

to something like:

requirepass my_strong_and_long_password

You should also adjust your.env file to reflect your chosen password. It is not recommended toadd special characters to your password. We do this because by default connected users can accessour local network (even if we add basic restrictions it can still be bypassed,so lets not endanger our servers by not using a strong password)

After doing this, don't forget to start and enable redis by running

# Run this as rootsystemctlenable --now redis.service

Now

• you can download the latest release file

wget https://github.com/hiddify/ssh-liberty-bridge/releases/latest/download/ssh-liberty-bridge-$(dpkg --print-architecture)mv ssh-liberty-bridge-* ssh-liberty-bridgechmod +x ssh-liberty-bridge

or

• you can build and run the server.

go build main.go./main /path/to/.env

After running the server, you can generate configs for your clients.

First, make sure thatTEMPLATE_PATH in your.env is correctly set.Then run the following command to see the supported commands by your configuration generator:

python3 main.py --help

Note that almost any variable specified by.env file can be overridden using the cli interfaceof the generator or normal environmental variables. Also if the.env file is not in its usuallocation, you may provide it to your code using the--env flag. You may also have to run the commands as root to access your user config path. In this case you also have to install python requirements from the first step as root.

For example, to add 5 new users, do the following:

python3 main.py --env /path/to/.env --add 5

And to list the available configurations, run:

python3 main.py --env /path/to/.env --list

And to remove a configuration:

python3 main.py --env /path/to/.env --rem (UUID of the client to remove from above)