I am a fairly heavy user of ChromeOS. Most of my "actual work" is done on my server so ChromeOS makes for a great laptop OS for me. However it is not compatible with my "Golden Gate" SSH setup as the Secure Shell extension for Chrome does not support ProxyCommand. There is a relay option that is used internally at Google that is unfortunately not open sourced.

However, I was able to find a reverse engineered relay server.

I installed it as per the manual however I removed the '<blacklist>' option from the config.xml as it did not apply to me. I then put the binary behind an nginx reverse proxy as was recommended in the manual but added my own authentication into the mix.

Now I can access servers that are behind my firewall only if I can both authenticate against the nginx server and also supply the expected credentials (publickey) to the destination server.

My config.xml:

<?xml version="1.0" encoding="UTF-8" ?>

For my nginx config file I took the sample and added the ssl portions as well as the auth_basic portions.

My nginx config file:

server {
        listen 9091 ssl;

        server_name ssh.naphos.com;
        ssl_certificate /PATH/TO/fullchain.pem;
        ssl_certificate_key /PATH/TO/privkey.pem;

        location /cookie {
            auth_basic "Restricted";
            auth_basic_user_file /etc/nginx/.htpasswd;
            proxy_pass http://localhost:9090/cookie;
            include proxy_params;

        location /proxy {
            proxy_pass http://localhost:9090/proxy;
            include proxy_params;

        location /read {
            proxy_pass http://localhost:9090/read;
            include proxy_params;

        location /write {
            proxy_pass http://localhost:9090/write;
            include proxy_params;

        location /connect {
            proxy_pass http://localhost:9090/connect;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_read_timeout 10m;
            include proxy_params;

Photo Credit: https://www.flickr.com/photos/slgc/6042224090