diff --git a/.github/workflows/linux_ci.yml b/.github/workflows/linux_ci.yml index 411a2eede..70d54d71b 100644 --- a/.github/workflows/linux_ci.yml +++ b/.github/workflows/linux_ci.yml @@ -62,9 +62,29 @@ jobs: run: | mkdir -p ~/.ssh/ echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config - sudo apt-get update - sudo DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -y curl zip unzip tar libssl-dev libcurl4-openssl-dev libunwind-dev git cmake ninja-build gdb protobuf-compiler libsodium-dev libgflags-dev libprotobuf-dev libutempter-dev g++ - auth_header="$(git config --local --get http.https://github.com/.extraheader)" + apt-get update + DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -y rsyslog curl zip unzip tar libssl-dev libcurl4-openssl-dev libunwind-dev git cmake ninja-build gdb protobuf-compiler libsodium-dev libgflags-dev libprotobuf-dev libutempter-dev g++ net-tools lsof + echo "KEYGEN" + netstat -nlp | grep :22 + sed -i '/imklog/s/^/#/' /etc/rsyslog.conf + echo "LogLevel DEBUG3" >> /etc/ssh/sshd_config + #echo "Port 2222" >> /etc/ssh/sshd_config + service rsyslog restart + service ssh restart + cat /var/log/auth.log + cat /etc/ssh/sshd_config + ssh-keygen -t rsa -f ~/.ssh/id_rsa -P "" -N "" + echo "KEYGEN" + cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys + echo "KEYGEN" + cat ~/.ssh/id_rsa.pub >> ~/.ssh/known_hosts + echo "KEYGEN" + chown $USER:$USER ~/{.,.ssh/,.ssh/authorized_keys,.ssh/known_hosts} + chmod 600 ~/.ssh/authorized_keys + chmod go-w ~/ + echo "KEYGEN" + ssh -vvvvvvv -o "StrictHostKeyChecking no" -o 'PreferredAuthentications=publickey' -p 2222 localhost "echo foobar" # Fails if we can't ssh into localhost without a password + if [[ -z "${ACT}" ]]; then auth_header="$(git config --local --get http.https://github.com/.extraheader)"; fi git submodule sync --recursive git submodule update --init --force --recursive @@ -95,6 +115,9 @@ jobs: make -j`nproc` TSAN_OPTIONS="suppressions=../test/test_tsan.suppression" ./et-test popd + + ./test/system_tests/connect_with_jumphost.sh + rm -Rf build msan_linux: @@ -109,7 +132,7 @@ jobs: echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config sudo apt-get update sudo DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -y curl zip unzip tar libssl-dev libcurl4-openssl-dev libunwind-dev git cmake ninja-build gdb protobuf-compiler libsodium-dev libgflags-dev libprotobuf-dev libutempter-dev g++ - auth_header="$(git config --local --get http.https://github.com/.extraheader)" + if [[ -z "${ACT}" ]]; then auth_header="$(git config --local --get http.https://github.com/.extraheader)"; fi git submodule sync --recursive git submodule update --init --force --recursive @@ -154,7 +177,7 @@ jobs: echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config sudo apt-get update sudo DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -y curl zip unzip tar libssl-dev libcurl4-openssl-dev libunwind-dev git cmake ninja-build gdb protobuf-compiler libsodium-dev libgflags-dev libprotobuf-dev libutempter-dev g++ - auth_header="$(git config --local --get http.https://github.com/.extraheader)" + if [[ -z "${ACT}" ]]; then auth_header="$(git config --local --get http.https://github.com/.extraheader)"; fi git submodule sync --recursive git submodule update --init --force --recursive @@ -199,7 +222,7 @@ jobs: echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config sudo apt-get update sudo DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -y curl zip unzip tar libssl-dev libcurl4-openssl-dev libunwind-dev git cmake ninja-build gdb protobuf-compiler libsodium-dev libgflags-dev libprotobuf-dev libutempter-dev g++ lcov - auth_header="$(git config --local --get http.https://github.com/.extraheader)" + if [[ -z "${ACT}" ]]; then auth_header="$(git config --local --get http.https://github.com/.extraheader)"; fi git submodule sync --recursive git submodule update --init --force --recursive diff --git a/src/terminal/SshSetupHandler.cpp b/src/terminal/SshSetupHandler.cpp index 03027ed32..ae926b614 100644 --- a/src/terminal/SshSetupHandler.cpp +++ b/src/terminal/SshSetupHandler.cpp @@ -27,7 +27,7 @@ string genCommand(const string& passkey, const string& id, string SshSetupHandler::SetupSsh(const string& user, const string& host, const string& host_alias, int port, - const string& jumphost, int jport, bool kill, + const string& jumphost, const string& jServerFifo, bool kill, int vlevel, const string& cmd_prefix, const string& serverFifo, const std::vector& ssh_options) { @@ -72,6 +72,9 @@ string SshSetupHandler::SetupSsh(const string& user, const string& host, ssh_args.push_back(SSH_SCRIPT_DST); + std::string ssh_concat; + for (const auto &piece : ssh_args) ssh_concat += piece + " "; + VLOG(1) << "Trying ssh with args: " << ssh_concat << endl; auto sshBuffer = SubprocessToStringInteractive("ssh", ssh_args); try { @@ -107,8 +110,11 @@ string SshSetupHandler::SetupSsh(const string& user, const string& host, if (!jumphost.empty()) { /* If jumphost is set, we need to pass dst host and port to jumphost * and connect to jumphost here */ - string cmdoptions{"--verbose=" + std::to_string(vlevel)}; - string jump_cmdoptions = cmdoptions + " --jump --dsthost=" + host + + string jump_cmdoptions{"--verbose=" + std::to_string(vlevel)}; + if (!jServerFifo.empty()) { + jump_cmdoptions += " --serverfifo=" + jServerFifo; + } + jump_cmdoptions = jump_cmdoptions + " --jump --dsthost=" + host + " --dstport=" + to_string(port); string SSH_SCRIPT_JUMP = genCommand(passkey, id, clientTerm, user, kill, cmd_prefix, jump_cmdoptions); diff --git a/src/terminal/SshSetupHandler.hpp b/src/terminal/SshSetupHandler.hpp index 5bc0ddb8d..e8c5f6b84 100644 --- a/src/terminal/SshSetupHandler.hpp +++ b/src/terminal/SshSetupHandler.hpp @@ -8,7 +8,8 @@ class SshSetupHandler { public: static string SetupSsh(const string &user, const string &host, const string &host_alias, int port, - const string &jumphost, int jport, bool kill, + const string &jumphost, + const string& jServerFifo, bool kill, int vlevel, const string &etterminal_path, const string &serverFifo, const std::vector &ssh_options); diff --git a/src/terminal/TerminalClientMain.cpp b/src/terminal/TerminalClientMain.cpp index eba509c92..4d3d53acc 100644 --- a/src/terminal/TerminalClientMain.cpp +++ b/src/terminal/TerminalClientMain.cpp @@ -82,6 +82,8 @@ int main(int argc, char** argv) { cxxopts::value()) // ("jport", "Jumphost machine port", cxxopts::value()->default_value("2022")) // + ("jserverfifo", "If set, communicate to jumphost on the matching fifo name", + cxxopts::value()->default_value("")) // ("x,kill-other-sessions", "kill all old sessions belonging to the user") // ("macserver", @@ -294,6 +296,11 @@ int main(int argc, char** argv) { } int jport = result["jport"].as(); + string jServerFifo = ""; + if (result["jserverfifo"].as() != "") { + jServerFifo = result["jserverfifo"].as(); + } + string serverFifo = ""; if (result["serverfifo"].as() != "") { serverFifo = result["serverfifo"].as(); @@ -310,7 +317,7 @@ int main(int argc, char** argv) { etterminal_path = result["terminal-path"].as(); } string idpasskeypair = SshSetupHandler::SetupSsh( - username, destinationHost, host_alias, destinationPort, jumphost, jport, + username, destinationHost, host_alias, destinationPort, jumphost, jServerFifo, result.count("x") > 0, result["verbose"].as(), etterminal_path, serverFifo, ssh_options); diff --git a/test/system_tests/connect_with_jumphost.sh b/test/system_tests/connect_with_jumphost.sh new file mode 100755 index 000000000..b4d5a1d60 --- /dev/null +++ b/test/system_tests/connect_with_jumphost.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -x +set -e + +ssh -o 'PreferredAuthentications=publickey' localhost "echo" || exit 1 # Fails if we can't ssh into localhost without a password + +# Bypass host check +ssh -o "StrictHostKeyChecking no" localhost echo "Bypassing host check 1" +ssh -o "StrictHostKeyChecking no" 127.0.0.1 echo "Bypassing host check 2" + +mkdir -p /tmp/et_test_logs/connect_with_jumphost/1 +build/etserver --port 9900 --serverfifo=/tmp/etserver.idpasskey.fifo1 -l /tmp/et_test_logs/connect_with_jumphost/1 & +first_server_pid=$! + +mkdir -p /tmp/et_test_logs/connect_with_jumphost/2 +build/etserver --port 9901 --serverfifo=/tmp/etserver.idpasskey.fifo2 -l /tmp/et_test_logs/connect_with_jumphost/2 & +second_server_pid=$! +sleep 3 + +# Make sure servers are working +build/et -c "echo 'Hello World 1!'" --serverfifo=/tmp/etserver.idpasskey.fifo1 --logtostdout localhost:9900 +build/et -c "echo 'Hello World 2!'" --serverfifo=/tmp/etserver.idpasskey.fifo2 --logtostdout localhost:9901 + +build/et -c "echo 'Hello World 3!'" --serverfifo=/tmp/etserver.idpasskey.fifo2 --logtostdout --jumphost localhost --jport 9900 --jserverfifo=/tmp/etserver.idpasskey.fifo1 127.0.0.1:9901 # We can't use 'localhost' for both the jumphost and the destination because ssh doesn't support keeping them the same. + +kill -9 $first_server_pid +kill -9 $second_server_pid