search

adrianriobo / deliverest

Base container to acting as a delivery container for multi arch and multi platform
0 stars 4 forks source link

add proxy/bastion for connection #48

Open lilyLuLiu opened 4 days ago

lilyLuLiu commented 4 days ago

https://github.com/adrianriobo/deliverest/issues/9

adrianriobo commented 3 days ago

Only see PROXY_USERNAME and PROXY_HOST, still missing PROXY_PRIVATE_KEY

Unfortunately do not see an easy option (i.e for target host -i) to set the private key for proxy, it seems you would need to create a config file: ~/.ssh/config

And template it with the envs:

Host proxy_host
    HostName proxy_host
    User proxy_user
    IdentityFile /path/to/private_key_for_proxy

Host target_host
    HostName target_host
    User target_user
    IdentityFile /path/to/private_key_for_target
    ProxyJump proxy_host
adrianriobo commented 3 days ago

When you add the private key, I would ask you to test this and comment on the test is successful here :pray:

If you want for testing this without the testing farm stuff as that may complicate things we can use mapt (ask me for this) to spin an airgap machine that will output all the details for both bastion (proxy) and target host so you can use them for testing this.

lilyLuLiu commented 2 days ago

@adrianriobo , I designed that deliverset offers two options for SSH connection: (1) provide an SSH Config file: proxy can only be used this way.
(2) provide target username and password/key. What do you think?

adrianriobo commented 1 day ago

I am fine with it, but still if user pass an private key for target host and a private key for proxy you probably would need to compose the conf file no?