Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

packer and ssh provisioner via socks/other proxy (Question/Feature Request) #5067

Closed
sirmax123 opened this issue Jun 26, 2017 · 5 comments
Closed

packer and ssh provisioner via socks/other proxy (Question/Feature Request) #5067

sirmax123 opened this issue Jun 26, 2017 · 5 comments
Labels
communicator/ssh question

Comments

@sirmax123
Copy link

Hi!

I have the following issue: I ran packer on builder node which does not have direct ssh access to network used for build.

So for now builds are failed because builder can't connect directly to VM instances.
(it is GCP but it does not matter)

I tried to use proxychains-ng (https://github.com/rofl0r/proxychains-ng) but it looks like

  • packer do not use shared libs (on mac) so I'm mot able to use hooks like this
  • it does not use external ssh (so ~/.ssh/config will not help). Do packer use native go ssh lib?

If no root access/no iptables at all on builder node so not able to use power of netfilter w/o root or on other Unix systems.

My questions are:

  1. Is it possible to use socks proxy for ssh in packer and how? if not it would be great to have such feature. (Not sure if it possible to use socks proxy with go ssh lib).
    1.1 Support ssh config compatible with OpenSSH (~/.ssh/config) also would be very very helpful.

  2. Is it possible to build packer with shared libs to be able to use socksifiers? And how?
@mwhooker
Copy link
Contributor

We have the notion of a bastion host for this problem. Please see https://www.packer.io/docs/templates/communicator.html#ssh-communicator

There's more context on this decision at #2266

@sirmax123
Copy link
Author

Bastion host is NOT a solution because you need ssh access.
But very often you have only SOCKS/HTTP with Connect method proxy without full ssh access.

So it is just workaround for some cases and do not solve issue in general.

@rickard-von-essen
Copy link
Collaborator

rickard-von-essen commented Jun 28, 2017
edited
Loading

  1. Is it possible to use socks proxy for ssh in packer and how? if not it would be great to have such feature. (Not sure if it possible to use socks proxy with go ssh lib).

It might be possible to add support via for SOCKS5 with go-socks but it might be a lot of work or impossible to mangle it into the SSH code. PR's are welcome. Another solutions is just to tell the networking guys that you will defeat their network filtering.

1.1 Support ssh config compatible with OpenSSH (~/.ssh/config) also would be very very helpful.

That would be a very big task, OpenSSH is a complex software.

  1. Is it possible to build packer with shared libs to be able to use socksifiers? And how?

No, Go doesn't use any shared libs.

@pkilar
Copy link

pkilar commented Oct 12, 2017

@rickard-von-essen take a look at #5439 and give it a try

@ghost
Copy link

ghost commented Apr 3, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
communicator/ssh question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mwhooker @rickard-von-essen @pkilar @sirmax123