search

pry0cc / axiom

The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, ffuf, masscan, nuclei, meg and many more!
MIT License
4.06k stars 645 forks source link

problem in generate_sshconfig() #285

Closed itsgudenuf closed 3 years ago

itsgudenuf commented 3 years ago

Just started with Axiom today after watching the NahamCon video this morning. So everything is fresh....

I already had servers running at Digital Ocean, and both have Floating IPs. This causes the following error... /home/kali/.axiom/.sshconfig: line 9: Bad configuration option: XXX.XXX.XXX.XXX /home/kali/.axiom/.sshconfig: line 15: Bad configuration option: XXX.XXX.XXX.XXX /home/kali/.axiom/.sshconfig: terminating, 2 bad configuration options

Looking into the functions.sh generate_sshconfig() I found the problem...

for name in $(echo "$droplets" | jq -r '.[].name')
    do 
        ip=$(echo "$droplets" | jq -r ".[] | select(.name==\"$name\") | .networks.v4[] | select(.type==\"public\") | .ip_address")
        echo -e "Host $name\n\tHostName $ip\n\tUser op\n\tPort 2266\n" >> $AXIOM_PATH/.sshconfig.new
    echo -e "ServerAliveInterval 60" >> $AXIOM_PATH/.sshconfig.new
    echo -e "Host *\n\tControlMaster auto\n\tControlPath  ~/.ssh/sockets/%r@%h-%p\n\tControlPersist 600" >> $AXIOM_PATH/.sshconfig.new
done

Specifically it's the following line:

ip=$(echo "$droplets" | jq -r ".[] | select(.name==\"$name\") | .networks.v4[] | select(.type==\"public\") | .ip_address")

When I look at the output of jq prior to the .ipaddress selector I see the following on droplets with a Floating IP

{
  "ip_address": "xXx.XxX.xXx.162",
  "netmask": "255.255.240.0",
  "gateway": "xXx.XxX.xXx.1",
  "type": "public"
}
{
  "ip_address": "xYx.YxYxYx.123",
  "netmask": "255.255.252.0",
  "gateway": "xYx.YxY.xYx.1",
  "type": "public"
}

changing the network selector from:

.networks.v4[]

to 

.networks.v4[1]

appears to correct the problem.

To make the code block cleaner I also moved the "Host *" information out of the for loop.

Here's the working function looks like now...

generate_sshconfig() {
    droplets="$(instances)"
    echo -n "" > $AXIOM_PATH/.sshconfig.new

    echo -e "Host *\n\tControlMaster auto\n\tControlPath  ~/.ssh/sockets/%r@%h-%p\n\tControlPersist 600" >> $AXIOM_PATH/.sshconfig.new
    echo -e "\tServerAliveInterval 60\n" >> $AXIOM_PATH/.sshconfig.new

    for name in $(echo "$droplets" | jq -r '.[].name')
    do 
        ip=$(echo "$droplets" | jq -r ".[] | select(.name==\"$name\") | .networks.v4[1] | select(.type==\"public\") | .ip_address")
        echo -e "Host $name\n\tHostName $ip\n\tUser op\n\tPort 2266\n" >> $AXIOM_PATH/.sshconfig.new

    done
    mv $AXIOM_PATH/.sshconfig.new $AXIOM_PATH/.sshconfig

    if [ "$key" != "null" ]
    then
        gen_app_sshconfig
    fi
}

I'm sorry I don't know how to make PRs and submit the change. I will learn though... This is a great framework!

0xtavian commented 3 years ago

@bwlinux wow thank you so much! im def going to dig into this later today. To make a pull request first fork the repo and make your changes then navigate here and submit your request. https://github.com/pry0cc/axiom/pulls. If yoy dont get around to making the request nw. i'll take care of it hopefully later today. :) Cheers!

itsgudenuf commented 3 years ago

@0xtavian please check the pull request #286. I think I managed to do it.

I've got a few more coming...

0xtavian commented 3 years ago

merged! Thanks again. Im adding the cleanup to the ssh config to the other provides are well. Going to close this issue but feel free to open a new one or reopen this one if u run into issues

KrE80r commented 3 years ago

pull request #286 broke the opposite case - sort of - where there are other non-axiom droplets "without" floating IP. The generated sshconfig has no IP added to the HostName part for non-axiom droplets

itsgudenuf commented 3 years ago

That's really strange @KrE80r . I thought I tested for that.

Are you saying it looks something like this??

Host *
        ControlMaster auto
        ControlPath  ~/.ssh/sockets/%r@%h-%p
        ControlPersist 600
        ServerAliveInterval 60

Host Test01
        HostName 
        User op
        Port 2266

Host Test02
        HostName 
        User op
        Port 2266
0xtavian commented 3 years ago

@KrE80r i dont think that is the case. If you are having trouble with DO its most likely because of https://github.com/pry0cc/axiom/issues/272#issuecomment-821017660

KrE80r commented 3 years ago

That's really strange @KrE80r . I thought I tested for that.

Are you saying it looks something like this??


Host *
        ControlMaster auto
        ControlPath  ~/.ssh/sockets/%r@%h-%p
        ControlPersist 600
        ServerAliveInterval 60

Host Test01
        HostName 
        User op
        Port 2266

Host Test02
        HostName 
        User op
        Port 2266
``

Indeed but only the non-axiom droplet is missing the IP.

KrE80r commented 3 years ago

@KrE80r i dont think that is the case. If you are having trouble with DO its most likely because of #272 (comment)

issue #272 pops-up later. Here are more details

itsgudenuf commented 3 years ago

@KrE80r could you trying something to make sure it works for both of us.

Change that line to the following:

ip=$(echo "$droplets" | jq -r ".[] | select(.name==\"$name\") | .networks.v4[] | select(.type==\"public\") | .ip_address " | head -1)

I think the problem is related to jq using a 0 or 1 based array index. The 'head -1' should insure we just take the first line returned regardless.

Could you also run the following: 

$ doctl version
doctl version 1.45.0-release
Git commit hash: 5fc8b1a
release 1.59.0 is available, check it out! 

$ jq -V                                                                                                                           2 ⨯
jq-1.6