Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SSH Proxy #72

Merged
merged 6 commits into from
Jul 11, 2024
Merged

Add SSH Proxy #72

merged 6 commits into from
Jul 11, 2024

Conversation

svenevs
Copy link
Collaborator

@svenevs svenevs commented Jul 10, 2024

Description

Add SSH Proxy:

  • Create additional ResourceAccess and Authentication structures
    and related yaml to store in the database.
  • The only supported driver is VMX. All other drivers need to be
    taught about the new Authentication struct (in the future).
  • Add ProxySshAddress configuration variable to fish Config, the
    default value is 0.0.0.0:2022.
  • Add corresponding SSH examples.
  • NOTE: while scp succeeds, it hangs and must be ctrl+C'd.
    This is not getting fixed in this PR.

This feature currently only supports SSH via username/password.
See the new example label creation:

authentication:
  username: packer
  password: packer

When the fish node is running, you must query the application
resource UID and request /access (see new run application
example). These passwords are one time use only, in order
to get a new password, re-request /access.

Related Issue

Toward #61.

Motivation and Context

Step 1: get username / password SSH proxy configured for VMX driver.

How Has This Been Tested?

Rigorous local testing only.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@svenevs
Rename proxy to proxy_socks to pave way for proxy_ssh
94e0953
@svenevs
Add SSH proxy
03185ee 
- Create additional ResourceAccess and Authentication structures
  and related yaml to store in the database.
- The only supported driver is VMX.  All other drivers need to be
  taught about the new Authentication struct (in the future).
- Add ProxySshAddress configuration variable to fish Config, the
  default value is `0.0.0.0:2022`.
- Add corresponding SSH examples.

This feature currently only supports SSH via username/password.
See the new example label creation:

```
authentication:
  username: packer
  password: packer
```

When the fish node is running, you must query the application
resource UID and request `/access` (see new run application
example).  These passwords are **one time use only**, in order
to get a new password, re-request `/access`.
@svenevs svenevs requested a review from sparshev as a code owner July 10, 2024 20:27
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 10, 2024
View reviewed changes
lib/proxy_ssh/proxy.go Dismissed Show resolved Hide resolved
sparshev
sparshev requested changes Jul 10, 2024
View reviewed changes
Copy link
Collaborator

@sparshev sparshev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Damn, we've missed something important but easy to do.

lib/proxy_ssh/proxy.go Outdated Show resolved Hide resolved
lib/proxy_ssh/proxy.go Outdated Show resolved Hide resolved
@svenevs
fixup: remove stale comment about listener already being open
e8a1550 
it is no longer a parameter
@svenevs
generate id_rsa if not provided
138b303 
added new fish config var NodeSSHKey, chose Node prefix
since we could imagine "SSHKey" becoming overloaded / confusing
down the road.  renaming might be needed

- cfg: NodeSSHKey
- file: ${node.name}_id_rsa
- file: ${node.name}_id_rsa.pub <unused, but still generated>
@svenevs
fix log verbiage, add note indicating _why_ we are adding the
92a0048 
init() function and logging (aka flag not to delete it ever)
sparshev
sparshev requested changes Jul 11, 2024
View reviewed changes
Copy link
Collaborator

@sparshev sparshev left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extra is always not something we need.

lib/proxy_ssh/proxy.go Outdated Show resolved Hide resolved
@sparshev sparshev added the enhancement New feature or request label Jul 11, 2024
sparshev
sparshev approved these changes Jul 11, 2024
View reviewed changes
Copy link
Collaborator

@sparshev sparshev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@svenevs svenevs merged commit fb07ac5 into main Jul 11, 2024
5 checks passed
@svenevs svenevs deleted the feat/ssh_proxy branch July 11, 2024 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sparshev sparshev sparshev approved these changes

Assignees

@svenevs svenevs

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@svenevs @sparshev