Ezeelogin - A secure SSH Jump Server solution

Web based API (new, since version 6)

Ezeelogin version 6 introduced web based API using HTTP and JSON with which 3rd party applications can directly communicate with ezeelogin web panel.

A PHP library for calling the API functions in ezeelogin can be found unencoded in /usr/local/ezlogin/apilib/Ezlogin.php

Copy the above library file to the place where API client needs to be implemented. To use the library from PHP:

<?php

require_once('/path/to/apilib/Ezlogin.php');

$api_secret = 'xxx'; // replace with the API secret entered in API Settings

$api_url = 'http://ezeelogin_host.com/ezlogin'; // replace with the base URL of ezeelogin web panel without the trailing slash

$server = array(

       // fill the array with server details

);

$ezlogin = new Ezlogin($api_secret,$api_url);

$result = $ezlogin->add_server($server);

$result_obj = json_decode($result);

var_dump($result_obj);

?>

A sample unencoded PHP script using the above PHP ezeelogin API library can be found in /usr/local/ezlogin/ezwapi.php

Usage:

ezwapi.php -help <action>

action : API action (add_server/update_server/remove_server/reset_fingerprint/add_user_server_acl/suspend_user/unsuspend_user/force_user_password_change/reset_user_password/set_user_expiry)

The script is a replacement for old API script making use of the new web based API instead.

The library will also serve as an example for directly calling web API in other languages using JSON and HTTP or to write a wrapper library for other languages.

API Actions

add_server: To add a server / device node
php  /usr/local/ezlogin/ezwapi.php -help add_server

Usage: ezwapi.php add_server -api_url <API URL> -secret <API secret> -name <hostname> -password <password> -ip_address <IP address> -group <group> [-ssh_port <port>] [-rdp_port <port>] [-ssh_user <username>] [-keep_password <Y/N/S>]

[-enable_ssh <Y/N/H>] [-cp <control panel>]

-api_url : The API URL

-secret : The API secret configured in web panel settings

-name : The server host name

-description : A description for the server

-password : The server password (optional)

-ssh_key : The SSH private key file (optional)

-passphrase : The SSH key pass phrase (optional)

-db_ssh_key : The name of SSH private key saved in Ezeelogin (optional)

-ip_address : The server IP address

-ssh_port : The server SSH port (optional, use default if unspecified)

-ssh_user : The server SSH user

-switch_user : Switch to this user after login as SSH user (optional)

-switch_pass : Password for switch user (optional)

-switch_sudo : Y or N or E to escalate privilege with 'sudo su' or 'enable' (for Cisco devices) (optional, default: N = disabled)

-prompt1 : Unique string in shell prompt of SSH user (optional)

-prompt2 : Unique string in password prompt for su or sudo (optional, default: Password:)

-prompt3 : Unique string in shell prompt of root user (optional, required for sudo)

-rdp_port : The server RDP port (optional, use default if unspecified)

-group : The server group name

-keep_password : Y (keep given password), N (automatic) or S (keep server password as such - no verification) (optional, default: Y)

-enable_ssh : Y, N or H to enable/disable/via Host Node (optional, default: N)

-ishn : Y or N to make this a Host Node or not (optional, default: N)

-onhost : The name of Host Node (optional)

-cp : The control panel name (optional, use default if unspecified)

-dc : The datacenter name (optional, use default if unspecified)

-rc_host : The remote console host (optional)

-rc_user : The remote console user (optional)

-rc_pass : The remote console password (optional)

update_server

php /usr/local/ezlogin/ezwapi.php -help update_server

Usage: ezwapi.php update_server -api_url <API URL> -secret <API secret> -name <hostname> [-newname <new hostname>] [-password <password>] [-ip_address <IP address>] [-ssh_port <port>] [-rdp_port <port>] [-ssh_user <username>]

[-group <group>] [-keep_password <Y/N/S>] [-enable_ssh <Y/N>] [-cp <control panel>]

-api_url : The API URL

-secret : The API secret configured in web panel settings

-name : The server host name

-newname : The new host name (optional)

-description : A description for the server

-password : The server password (optional)

-ssh_key : The SSH private key file (optional)

-passphrase : The SSH key pass phrase (optional)

-db_ssh_key : The name of SSH private key saved in Ezeelogin (optional)

-ip_address : The server IP address (optional)

-ssh_port : The server SSH port (optional)

-ssh_user : The server SSH user (optional)

-switch_user : Switch to this user after login as SSH user (optional)

-switch_pass : Password for switch user (optional)

-switch_sudo : Y or N or E to escalate privilege with 'sudo su' or 'enable' (for Cisco devices) (optional, default: N = disabled)

-prompt1 : Unique string in shell prompt of SSH user (optional)

-prompt2 : Unique string in password prompt for su or sudo (optional)

-prompt3 : Unique string in shell prompt of root user (optional, required for sudo)

-rdp_port : The server RDP port (optional, use default if unspecified)

-group : The server group name

-keep_password : Y (keep given password), N (automatic) or S (keep server password as such - no verification) (optional)

-enable_ssh : Y, N or H to enable/disable/via Host Node (optional)

-ishn : Y or N to make this a Host Node or not (optional)

-onhost : The name of Host Node (optional)

-cp : The control panel name (optional)

-dc : The datacenter name (optional)

-rc_host : The remote console host (optional)

-rc_user : The remote console user (optional)

-rc_pass : The remote console password (optional)

remove_server
php /usr/local/ezlogin/ezwapi.php -help remove_server

Usage: ezwapi.php remove_server -api_url <API URL> -secret <API secret> -name <hostname>

-api_url : The API URL

-secret : The API secret configured in web panel settings

-name : The server host name

reset_fingerprint

php /usr/local/ezlogin/ezwapi.php -help reset_fingerprint

Usage: ezwapi.php reset_fingerprint -api_url <API URL> -secret <API secret> -name <hostname>

-api_url : The API URL

-secret : The API secret configured in web panel settings

-name : The server host name

get_password of a server

php /usr/local/ezlogin/ezwapi.php -help get_password

Usage: ezwapi.php get_password -api_url <API URL> -secret <API secret> -name <hostname(s)>

-api_url : The API URL

-secret : The API secret configured in web panel settings

-name : The server host name(s)

add_user_server_acl

php /usr/local/ezlogin/ezwapi.php -help add_user_server_acl

Usage: ezwapi.php add_user_server_acl -api_url <API URL> -secret <API secret> -user <username> -server <hostname> [-defer]

-api_url : The API URL

-secret : The API secret configured in web panel settings

-user : The username

-server : The server host name

-defer : Defer the ACL addition if user doesn't already exist (optional)

suspend_user

php /usr/local/ezlogin/ezwapi.php  -help suspend_user

Usage:

ezwapi.php suspend_user -api_url <API URL> -secret <API secret> -user <username>

unsuspend_user

php /usr/local/ezlogin/ezwapi.php -help add_user_server_acl

Usage:

ezwapi.php unsuspend_user -api_url <API URL> -secret <API secret> -user <username>

force_user_password_change

php /usr/local/ezlogin/ezwapi.php  -help force_user_password_change

Usage:

ezwapi.php force_user_password_change -api_url <API URL> -secret <API secret> -user <username>

reset_user_password

php /usr/local/ezlogin/ezwapi.php  -help reset_user_password

Usage:

ezwapi.php reset_user_password -api_url <API URL> -secret <API secret> -user <username>

set_user_expiry

php /usr/local/ezlogin/ezwapi.php  -help set_user_expiry

Usage:

ezwapi.php set_user_expiry -api_url <API URL> -secret <API secret> -user <username> -expiry <YYYY-MM-DD>

API Script (deprecated)

An API script is provided for automating server add/edit/delete tasks in Ezeelogin. With the help of this script, you can integrate Ezeelogin with any 3rd party application managing your clients/customers. Also, make sure to enable API.

The API script can be executed as:

php /usr/local/ezlogin/ezapi.php [params...]

For help:

php /usr/local/ezlogin/ezapi.php -help

API action specific parameters and help can be obtained with:

php /usr/local/ezlogin/ezapi.php -help add_server

If you need to execute the API script from a server other than the Ezeelogin installed SSH gateway server, copy /usr/local/ezeelogin/ezlapi.php file and necessary sourceguardian loaders into the server. In this case, you must pass the Ezeelogin installed SSH gateway server IP address with –ezeelogin option to the API script. Also grant access for the server to Ezeelogin by executing the following command on Ezeelogin installed SSH gateway server:

php /usr/local/ezlogin/grant_host.php <IP address of server on which API script runs>

Make sure API is enabled in API settings for the API script to work.

PS: For “IP of Ezeelogin installed server” to provide with –ezeelogin option, you can give either master or slave node IP address.