// setProxyCommand sets the proxy command option. func (c *SSHCommon) setProxyCommand(options *ssh.Options) error { apiServerHost, _, err := net.SplitHostPort(c.apiAddr) if err != nil { return errors.Errorf("failed to get proxy address: %v", err) } juju, err := getJujuExecutable() if err != nil { return errors.Errorf("failed to get juju executable path: %v", err) } // TODO(mjs) 2016-05-09 LP #1579592 - It would be good to check the // host key of the controller machine being used for proxying // here. This isn't too serious as all traffic passing through the // controller host is encrypted and the host key of the ultimate // target host is verified but it would still be better to perform // this extra level of checking. options.SetProxyCommand( juju, "ssh", "--proxy=false", "--no-host-key-checks", "--pty=false", "ubuntu@"+apiServerHost, "-q", "nc %h %p", ) return nil }
func (s *SSHGoCryptoCommandSuite) TestProxyCommand(c *gc.C) { realNetcat, err := exec.LookPath("nc") if err != nil { c.Skip("skipping test, couldn't find netcat: %v") return } netcat := filepath.Join(c.MkDir(), "nc") err = ioutil.WriteFile(netcat, []byte("#!/bin/sh\necho $0 \"$@\" > $0.args && exec "+realNetcat+" \"$@\""), 0755) c.Assert(err, jc.ErrorIsNil) private, _, err := ssh.GenerateKey("test-server") c.Assert(err, jc.ErrorIsNil) key, err := cryptossh.ParsePrivateKey([]byte(private)) client, err := ssh.NewGoCryptoClient(key) c.Assert(err, jc.ErrorIsNil) server := newServer(c) var opts ssh.Options port := server.listener.Addr().(*net.TCPAddr).Port opts.SetProxyCommand(netcat, "-q0", "%h", "%p") opts.SetPort(port) cmd := client.Command("127.0.0.1", testCommand, &opts) server.cfg.PublicKeyCallback = func(_ cryptossh.ConnMetadata, pubkey cryptossh.PublicKey) (*cryptossh.Permissions, error) { return nil, nil } go server.run(c) out, err := cmd.Output() c.Assert(err, jc.ErrorIsNil) c.Assert(string(out), gc.Equals, "abc value\n") // Ensure the proxy command was executed with the appropriate arguments. data, err := ioutil.ReadFile(netcat + ".args") c.Assert(err, jc.ErrorIsNil) c.Assert(string(data), gc.Equals, fmt.Sprintf("%s -q0 127.0.0.1 %v\n", netcat, port)) }
// setProxyCommand sets the proxy command option. func (c *SSHCommon) setProxyCommand(options *ssh.Options) error { apiServerHost, _, err := net.SplitHostPort(c.apiAddr) if err != nil { return fmt.Errorf("failed to get proxy address: %v", err) } juju, err := getJujuExecutable() if err != nil { return fmt.Errorf("failed to get juju executable path: %v", err) } options.SetProxyCommand(juju, "ssh", "--proxy=false", "--pty=false", apiServerHost, "nc", "%h", "%p") return nil }