Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open google doc issue 35: additional info in manifest RSpec #39

Open
wvdemeer opened this issue May 15, 2014 · 0 comments
Open

Open google doc issue 35: additional info in manifest RSpec #39

wvdemeer opened this issue May 15, 2014 · 0 comments

Comments

@wvdemeer
Copy link

Below is a literal copy of google doc issue 35:

  1. Additional SSH login info needed in manifest: reachability and proxies -- make proposal for this on github

Wim: Currently, basic ssh login info for nodes is returned in the RSpec manifest. As mentioned in 19, this is missing info on the host key. But there is additional info that would be very useful for clients that want to connect to the nodes using SSH:

  • Is the host reachable from the public internet over IPv4?
  • Is the host reachable from the public internet over IPv6?
  • Is there are an SSH gateway ("SSH proxy" = intermediate SSH node) that can be used to reach the node? For such a proxy, a lot of info could be given: hostname and port of proxy (multiple ports could be possible). Type of the proxy (assumed SSH for the rest of this explanation, but could be SOCKS proxy or other as well). What is the username on the proxy? Login type (anonymous access, password or key based)? If password auth, what password is used? If private key based, what private key is used (2 possible options: key of SFA user, or same key(s) as for login to node)? Does the SSH proxy allow port forwarding (to the target node)? Does it allow interactive login? Is netcat installed on the proxy? Is SSH installed on the proxy? Is agent forwarding allowed? (is the proxy reachable over ipv4/ipv6 public internet?)

An example (bold text is what could be added):

<services>
  <login authentication="ssh-keys" hostname="n095-12a.wall2.ilabt.iminds.be" port="22" username="ftester" publicipv4="false" publicipv6="true">
       <hostkey>root@n095-12a ssh-rsa AAAAB3NzaC1yc2EAAAAB...OfZrZar0LrUw==</hostkey>
       <proxy type="ssh">
           <login authentication="ssh-keys" hostname="bastion.test.iminds.be" port="22" username="ftester" publicipv4="true" publicipv6="true">
               <hostkey>bastion.test.iminds.be ssh-rsa AAAAB3NzaC1y..csRQ14fB</hostkey>
           </login>
           <authentication_pubkey>ssh-rsa AAAAB3Nza¿ (pubkey from user certificate)</authentication_pubkey>
           <!-- alternatives:
                 <authentication_pubkey>ssh-rsa AAAAB3Nza... (pubkey specified in CreateSliver call for accessing host)</authentication_pubkey>
                 <authentication_password>12345</authentication_password>
           -->
           <features>
                 <port_forwarding>true</port_forwarding>
                 <interactive_login>true</interactive_login>
                 <agent_forwarding>true</agent_forwarding>
                 <software>netcat</software>
                 <software>ssh</software>
           </features>
       </proxy>
   </login>
</services>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wvdemeer