Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

expanded ssh_config parameters for qemu+ssh uri option #1059

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open

expanded ssh_config parameters for qemu+ssh uri option #1059

wants to merge 24 commits into from

Conversation

memetb
Copy link

@memetb memetb commented Dec 20, 2023
edited

Hello @dmacvicar,

this PR is in relation to the issue #1058 I recently opened.

This is a preliminary PR and work in progress. I have listed the known issues with this PR at this point. I would also like to get feedback from you before putting more effort in.

This feature is a must-have for my use case since I require to access my bare metal servers through a bastion host.

Known issues:

  1. using ProxyJump with openssh implementation of ssh will ask the bastion host to resolve the HostName. This allows for local resolution (e.g. private and/or dynamic IP addresses) to be used for the hostname resolution (i.e. a machine may have a name that is only locally resolvable on the bastion). The current code will not forward the name resolution from the bastion host.
  2. there is a hardcoded maximum depth of 10 jump hosts
    3. little to no effort on code style and documentation: this was a quick and dirty feature feasibility test to see if the desired workflow worked correctly
  3. no unit tests have been added

Memet Bilgin added 22 commits December 20, 2023 19:00
bump ssh_config to stable version which contains GetAll call
ba090fc
refactor dialSSH and break out dialHost as support function
19893fc
move authentication parsing to per host part of loop
94ae671 
this allows different hosts (jump hosts) to have different identity files
specified
implement per Host identity file lookup
76ed8d0
fix tilde (~) based home directory notation for convenience
7dacf0b
updated go.sum
7273b7d
cleanup log outputs
4abb01a
remove unnecessary local variable
f190d80
make use of net package URI building to support correct ipv6
329a202 
as per commit from MaxMatti:
dmacvicar@1152bdd
correctly use host:port format when dialing bastion host
c1e4fbf
put quotes around target in case it is empty
100f82b
if the hostname override isn't present, simply use target name
e203600
add log output for port override
d47102d
add default host key algorithm
1516454
move port configuration earlier so that hostkey callback works right
7caaf18 
the hostKeyCallback makes use of the SSH port and fails if a custom ssh port is
being used by the host
cleanup log output, add error handling for dial host
ad51d68
add support for sshconfig based known hosts file behaviour
6754108
integrate HostKeyAlgorithms ssh_config option
60cf3f1
move dial host impl so that bastion hosts have same features
060987d
add comments
31af282
use a more modern default host key
3680059 
this value was chosen as the lowest RSA available by default on a debian build
running OpenSSH_9.2 and works out of the box for most hosts tested by authority.
Any older systems can specifically set their key algorithms in .ssh/config
update auth method parse to allow for multiple private ssh keys
615b189
@memetb memetb marked this pull request as ready for review February 22, 2024 16:13
@memetb memetb changed the title WIP: expanded ssh_config parameters for qemu+ssh uri option expanded ssh_config parameters for qemu+ssh uri option Feb 22, 2024
@memetb memetb mentioned this pull request Feb 22, 2024
Open
@memetb memetb mentioned this pull request Feb 23, 2024
Open
memetb pushed a commit to memetb/terraform-provider-libvirt that referenced this pull request Feb 23, 2024
remove node info data source impl from dmacvicar#1059
1768b27
@memetb memetb mentioned this pull request Feb 23, 2024
Draft
@memetb memetb mentioned this pull request Feb 29, 2024
Open
@tuxillo
Copy link

tuxillo commented Mar 5, 2024

will this ever be merged?

@memetb
Copy link
Author

memetb commented Mar 5, 2024

@tuxillo fyi, I'm using my forked project in production. I haven't published that project on terraform specifically because I want to keep the noise ratio down, but if you so wish, you can use the forked project's production branch which has this merged as well as a couple of other small features merged in.

@gthieleb
Copy link

@tuxillo fyi, I'm using my forked project in production. I haven't published that project on terraform specifically because I want to keep the noise ratio down, but if you so wish, you can use the forked project's production branch which has this merged as well as a couple of other small features merged in.

@dmacvicar This looks like good improvement regarding the ssh connection. May you have a look regarding compatibility, etc. if this can be merged into upstream?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@memetb @tuxillo @gthieleb