Question: how to set acl/group/role for users and hosts correctly?

[ftrojahn]

Hello,

first tried to use latest docker image - got some errors, started from scratch using
docker v1.14.1.

After https://github.com/moul/sshportal#installation-and-usage
and the demo.gif
and even reading:
https://github.com/moul/sshportal/blob/master/examples/integration/_client.sh

I cannot get past "Profit: ... ssh localhost -p 2222 -l foo" or "ssh myhost -p 2222 -l myserver",
i.e. can't allow a user to reach a host behind sshportal.

What am I missing, or: how should I set acl so this works? What about roles and groups?

May be I did not find the right documentation, but I'd like to know,
what "user-group" and "host-group" have to be set in accordance, so that a user has
the right to access a host?

Sorry, if there is something obvious, what I might have overlooked.

Thanx and best wishes
Falko

[ghost]

I've set up the following, keep in mind i use double names
User frank is in usergroup "internal",
In hostgroup "webservers" I added all the relevant servers

Then I created an ACL also named "Internal" with user group "internal, host group "internal", action "allow".
acl create --ug=internal --hg=internal --action=allow --weight=0

I can now login with ssh sshportal -l <name_of_webserver>
Image below (did some painting to obscure some of the private information):