Skip to content

Open google doc issue 35: additional info in manifest RSpec #39

New issue
New issue
Open
Open
Open google doc issue 35: additional info in manifest RSpec#39
@wvdemeer

Description

@wvdemeer
wvdemeer
opened on May 15, 2014

Below is a literal copy of google doc issue 35:

  1. Additional SSH login info needed in manifest: reachability and proxies -- make proposal for this on github

Wim: Currently, basic ssh login info for nodes is returned in the RSpec manifest. As mentioned in 19, this is missing info on the host key. But there is additional info that would be very useful for clients that want to connect to the nodes using SSH:

  • Is the host reachable from the public internet over IPv4?
  • Is the host reachable from the public internet over IPv6?
  • Is there are an SSH gateway ("SSH proxy" = intermediate SSH node) that can be used to reach the node? For such a proxy, a lot of info could be given: hostname and port of proxy (multiple ports could be possible). Type of the proxy (assumed SSH for the rest of this explanation, but could be SOCKS proxy or other as well). What is the username on the proxy? Login type (anonymous access, password or key based)? If password auth, what password is used? If private key based, what private key is used (2 possible options: key of SFA user, or same key(s) as for login to node)? Does the SSH proxy allow port forwarding (to the target node)? Does it allow interactive login? Is netcat installed on the proxy? Is SSH installed on the proxy? Is agent forwarding allowed? (is the proxy reachable over ipv4/ipv6 public internet?)

An example (bold text is what could be added):

<services>
  <login authentication="ssh-keys" hostname="n095-12a.wall2.ilabt.iminds.be" port="22" username="ftester" publicipv4="false" publicipv6="true">
       <hostkey>root@n095-12a ssh-rsa AAAAB3NzaC1yc2EAAAAB...OfZrZar0LrUw==</hostkey>
       <proxy type="ssh">
           <login authentication="ssh-keys" hostname="bastion.test.iminds.be" port="22" username="ftester" publicipv4="true" publicipv6="true">
               <hostkey>bastion.test.iminds.be ssh-rsa AAAAB3NzaC1y..csRQ14fB</hostkey>
           </login>
           <authentication_pubkey>ssh-rsa AAAAB3Nza¿ (pubkey from user certificate)</authentication_pubkey>
           <!-- alternatives:
                 <authentication_pubkey>ssh-rsa AAAAB3Nza... (pubkey specified in CreateSliver call for accessing host)</authentication_pubkey>
                 <authentication_password>12345</authentication_password>
           -->
           <features>
                 <port_forwarding>true</port_forwarding>
                 <interactive_login>true</interactive_login>
                 <agent_forwarding>true</agent_forwarding>
                 <software>netcat</software>
                 <software>ssh</software>
           </features>
       </proxy>
   </login>
</services>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions