search

aker-gateway / Aker

SSH bastion/jump host/jumpserver
Other
567 stars 81 forks source link

Assume Port 22 for SSH #22

Open supertylerc opened 7 years ago

supertylerc commented 7 years ago

In the interest of simplifying the aker.ini configuration, I'd like for Aker to assume that the SSH port to use is 22. Example of how the config file could look:

[supertylerc]
hosts = 10.0.0.1,,admin
    192.168.0.1,2222,admin

Above, we would use port 22 to connect to 10.0.0.1 and port 2222 to connect to 192.168.0.1.

I think that this has a few implications, too. First, the default port should be configurable at the General level. Example:

[General]
ssh_port = 2222

[supertylerc]
hosts = 10.0.0.1,,admin
    192.168.0.1,22,admin

Given the above, any host which does not have a more specific SSH port specified should use port 2222. If ssh_port is not set, then Aker should use port 22. Specifically, Aker would use port 2222 to connect to 10.0.0.1 and port 22 to connect to 192.168.0.1.

As can be see in the examples above, "blank" spots are used to skip a value. This mechanism should preserve the current code splitting on ,.

supertylerc commented 7 years ago

Note that if #20, #21, and this issue are all implemented, we could end up with the following as an aker.ini config for a company with five employees and 10 hosts:

[General]
log_level = DEBUG
hosts = server1
    db1
    web1
    web2
    vanilla.candles.example.com
    hamburgers.food.example.com
    slb1.partner.example.com,,shareduser
    slb2.partner.example.com,2200
    hypervisor1
    hypervisor2

[supertylerc]
enabled = True

[susan]
enabled = True

[bob]
enabled = True

[alex]
enabled = True

[alice]
enabled = True

The equivalent configuration for what currently exists would look something like this:

[General]
log_level = DEBUG

[supertylerc]
enabled = True
hosts = server1
    db1,22,supertylerc
    web1,22,supertylerc
    web2,22,supertylerc
    vanilla.candles.example.com,22,supertylerc
    hamburgers.food.example.com,22,supertylerc
    slb1.partner.example.com,22,shareduser
    slb2.partner.example.com,2200,supertylerc
    hypervisor1,22,supertylerc
    hypervisor2,22,supertylerc

[susan]
enabled = True
hosts = server1,22,susan
    db1,22,susan
    web1,22,susan
    web2,22,susan
    vanilla.candles.example.com,22,susan
    hamburgers.food.example.com,22,susan
    slb1.partner.example.com,22,susan
    slb2.partner.example.com,2200,susan
    hypervisor1,22,susan
    hypervisor2,22,susan

[bob]
enabled = True
hosts = server1,22,bob
    db1,22,bob
    web1,22,bob
    web2,22,bob
    vanilla.candles.example.com,22,bob
    hamburgers.food.example.com,22,bob
    slb1.partner.example.com,22,shareduser
    slb2.partner.example.com,2200,bob
    hypervisor1,22,bob
    hypervisor2,22,bob

[alex]
enabled = True
hosts = server1,22,alex
    db1,22,alex
    web1,22,alex
    web2,22,alex
    vanilla.candles.example.com,22,alex
    hamburgers.food.example.com,22,alex
    slb1.partner.example.com,22,shareduser
    slb2.partner.example.com,2200,alex
    hypervisor1,22,alex
    hypervisor2,22,alex

[alice]
enabled = True
hosts = server1,22,alice
    db1,22,alice
    web1,22,alice
    web2,22,alice
    vanilla.candles.example.com,22,alice
    hamburgers.food.example.com,22,alice
    slb1.partner.example.com,22,shareduser
    slb2.partner.example.com,2200,alice
    hypervisor1,22,alice
    hypervisor2,22,alice
anazmy commented 7 years ago

Since integration with FreeIPA, I need to check on extending the ldap schema (used in FreeIPA) to handle different this situation