Local SSH proxy over HTTPS to access servers in remote private networks #11
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
Hm.. there are Flake8 errors only shown in Travis CI builds but not in my local installation/invocation of flake8 command. Could you clarify the differences? |
* Now it uses a commad-arg template for generalized support of tunneling in different CLI commands (both ssh and scp) * If user part is specified in CLI remote aliases used as host names, it SKIPS authorization -- assuming that individual users would have configured their own authorization (e.g., personal keypairs to personal accounts in shared development server) - If the username is same to the remote's configured username, then it performs authorization as it has been doing. * The server should provide a GET version of /tokens/.../remotes/.../ API which returns a single "remote" dictionary containing the information of the given remote.
* Also upgrade min/max protocol version, as we require the new remote GET API even when not using tunneling.
It is useful when using alternative logins without authorization (e.g., shared development servers)
* Use revised masterkey URL path * Prevent Ctrl+C from producing too much unnecessary exception tracebacks
* It is enough to see the response code and status message, not the whole stack trace. (The stack always indicates the line 85 of client.py)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the client-side implementation of geofront-auth/geofront#21.
It uses async-generators heavily, so to use this feature Python 3.6 is required.
For backward-compatibility, I separated the proxy implementation as a separate module that is not imported in older Python versions and made it to work only when
-por--proxyargument is given to the originalsshcommand.When first accessing a new destination server, the proxy assigns a randomly available TCP port for the local proxy. Next time, it reuses the stored TCP port for consistency with SSH's host fingerprint checks used by the system SSH agent as well as third-party security tools.
You can always change or remove those local proxy port mappings in the standard configuration directory set via dirspec module.