[Docs]: Multiplex SSH session to jumphost

[FloLaco]

Change Type

Addition

Area

Functionality/features

Proposed Changes

Since suzieq nor asyncssh does not support multiplexing ssh session, I've found a way to do it. I'll try to put all configuration needed here for work for other persons interested.

• You need to have a ssh config file with DynamicForward and ProxyCommand option :

host  jumpserver
   IdentityFile   /home/suzieq/parquet/ssh_cred_conf/id_rsa
   IdentitiesOnly   yes
   user   your_username
   hostname   IP_of_your_jumpserver
   Protocol  2
   Port  22
   StrictHostKeyChecking   no
   DynamicForward 127.0.0.1:2226

host * !jumpserver
   Protocol  2
   StrictHostKeyChecking  no
   ProxyCommand nc -X 5 -x 127.0.0.1:2226 %h %p

• You need the netcat openbsd binary. If you use the official docker image of suzieq, you need to create a custom image :

  
  FROM ddutt/suzieq:0.19.1

USER root RUN apt-get update \ && apt-get install -y \ netcat-openbsd

USER suzieq

- When starting the poller, you need to provide the ssh config file with the `--ssh-config-file` option
- As we are opening a proxy socks session to the jumphost, we have to do it "manually" (= not via python).
If you use the official docker image of suzieq, you can add a `entrypoint.sh` file which start the jumpserver session and then start `suzieq` : 

entrypoint.sh 

! /bin/bash

ssh jumpserver -F /home/suzieq/parquet/ssh_cred_conf/config -N & sq-poller --no-coalescer -I $1 -c parquet/suzieq.cfg.yml --ssh-config-file /home/suzieq/parquet/ssh_cred_conf/config

- Don't use the jumpserver option in the `suzieq` inventory
Sufficient config : 

devices:

• name: devices-without-jump-hosts transport: ssh ignore-known-hosts: true port: 22

- PR https://github.com/netenglabs/suzieq/pull/812 should be merged