lordwelch/breakglass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80 Commits 1 Branch 0 Tags
Commit Graph

80 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Timmy Welch
bba58e7a3a Stuff
Some checks failed
Push / CI (push) Has been cancelled
Details 
Implement certificate authentication, certificate requires :gokrazy: principal
Read first line of /etc/passwd for home and shell
Shell uses `-l` to make it a login shell which will run .profile
 2025-02-16 17:53:26 -08:00
Michael Stapelberg
86e60e7477 update to latest gokrazy/internal 
related to https://github.com/gokrazy/gokrazy/issues/191
 2025-01-26 22:46:35 +01:00
Michael Stapelberg
c9528b4abb try to install busybox into a tmpfs /bin (with fallback) 
This code path requires gokrazy/tools at this commit or newer:
37e2f95c5c

And gokrazy/serial-breakglass at this commit or newer:
bf9bc19235

Afterwards, with an ~/.ssh/config entry like this:

    Host scan2drive
        ProxyCommand breakglass -proxy %h

…using Emacs TRAMP should just work:

    emacs /ssh:scan2drive:/perm/keep/index.md
 2024-12-31 09:53:25 +01:00
dependabot[bot]
6c59aaaf28
Bump golang.org/x/crypto from 0.17.0 to 0.31.0 (#20) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.17.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.17.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-12-12 08:22:41 +01:00
Michael Stapelberg
0327ae332c breakglass: enable -enable_banner by default 
The banner is useful and recognizeable.
I think it should be turned on by default.
 2024-06-09 22:11:23 +02:00
Brad Fitzpatrick
09eeab3321
Support getting public keys from AWS EC2 metadata (#18) 
Updates gokrazy/gokrazy#265

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2024-06-04 19:01:21 +02:00
Michael Stapelberg
44b3fe64f1 remove ssh-rsa warning 
bradfitz confirmed ssh-rsa keys work again.

fixes https://github.com/gokrazy/breakglass/issues/11
 2024-05-29 19:59:05 +02:00
dependabot[bot]
eacd5a447e
Bump golang.org/x/crypto from 0.6.0 to 0.17.0 (#17) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.6.0 to 0.17.0.
- [Commits](https://github.com/golang/crypto/compare/v0.6.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-12-19 08:51:47 +01:00
Michael Stapelberg
e771a5894b pull in latest gokrazy/gokrazy for ifaddr change 2023-08-12 11:30:49 +02:00
Michael Stapelberg
158f63b4af go get -u 2023-02-25 16:20:58 +01:00
dependabot[bot]
c70a6e787c
Bump golang.org/x/crypto from 0.0.0-20211215153901-e495a2d5b3d3 to 0.1.0 (#16) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.0.0-20211215153901-e495a2d5b3d3 to 0.1.0.
- [Release notes](https://github.com/golang/crypto/releases)
- [Commits](https://github.com/golang/crypto/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-25 16:19:12 +01:00
dependabot[bot]
cf2a123ac3
Bump golang.org/x/sys from 0.0.0-20211216021012-1d35b9e2eb4e to 0.1.0 (#15) 
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.0.0-20211216021012-1d35b9e2eb4e to 0.1.0.
- [Release notes](https://github.com/golang/sys/releases)
- [Commits](https://github.com/golang/sys/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-02-25 16:17:59 +01:00
Michael Stapelberg
3d152bbe1b use config.NewStruct() 
related to https://github.com/gokrazy/tools/issues/43
 2023-01-17 19:06:35 +01:00
Michael Stapelberg
12997053e4 fix: ensure config.Struct.Update is set in compatibility branch 2023-01-16 18:03:30 +01:00
Michael Stapelberg
d90cafaa81 breakglass: leave a TODO for removing -tls and -gokrazy_url 
both are obsolete thanks to breakglass reading the instance config
 2023-01-15 17:28:26 +01:00
Michael Stapelberg
503c6819b2 breakglass: use httpclient.For() for host-specific fallback 2023-01-15 17:06:07 +01:00
Michael Stapelberg
1b4a9122b5 instance config: fix fallback to host-specific config 2023-01-15 13:46:02 +01:00
Michael Stapelberg
994987ee06 breakglass: read instance config 2023-01-15 13:36:50 +01:00
Michael Stapelberg
d886921190 pull in latest github.com/gokrazy/internal 2023-01-15 13:36:42 +01:00
Michael Stapelberg
95ac9a06f8 README: update gokrazy instructions 2023-01-14 10:28:44 +01:00
Michael Stapelberg
2c1eed342d banner: build timestamp: read port from http-port.txt 
This fixes the banner on devices that use a non-standard HTTP port
 2022-11-08 21:51:53 +01:00
Michael Stapelberg
3d820b07fa ensure $HOME directory exists 2022-09-18 21:18:12 +02:00
Michael Stapelberg
de86d50573 go.mod: update to language version go 1.18, tidy 2022-08-07 10:42:48 +02:00
Michael Stapelberg
a9de5a1ae9 gofmt with Go 1.19 2022-08-07 10:18:05 +02:00
Michael Stapelberg
1e0db24f0e GitHub Actions: bump to Go 1.19 2022-08-07 10:10:23 +02:00
Michael Stapelberg
ccc003f8ea pull in latest gokrazy/internal 
related to https://github.com/gokrazy/gokrazy/issues/131
 2022-07-09 19:26:39 +02:00
Michael Stapelberg
c857ec6218 turn banner (printed before auth) into MOTD (printed after login) 
This means the message will be printed only once when using the breakglass
command line tool (which first copies over a tarball, then logs in).

Also switch to fancy ASCII art while we’re at it :)
 2022-07-09 18:38:32 +02:00
Michael Stapelberg
c21964dfd8 breakglass: support -tls flag, use -update logic for -gokrazy_url 
fixes https://github.com/gokrazy/breakglass/issues/13
 2022-04-30 21:27:18 +02:00
Michael Stapelberg
48c5124500 unpack tar files copied via sftp subsystem, too (not just older scp) 
For compatibility with OpenSSH ≥ 9
 2022-04-17 15:32:45 +02:00
Michael Stapelberg
7dbbe9b4b3 fix subsystem invocation: send exit code afterwards 
This fixes scp(1) with OpenSSH ≥ 9.
 2022-04-17 15:23:09 +02:00
Michael Stapelberg
097a6f87d6 pull in latest github.com/pkg/sftp 2022-04-17 15:23:03 +02:00
Michael Stapelberg
ef69007a43 use renameio to avoid “text file busy” errors 
Before this commit, extracting a breakglass would fail when /tmp/breakglass*/sh
was busy because it was being run in a separate connection.
 2022-04-09 00:11:47 +02:00
Michael Stapelberg
564a0eceaf explicitly set TMPDIR 
programs such as podman will otherwise default to /var/tmp
(see https://github.com/containers/podman/pull/5412/files)

related to https://github.com/gokrazy/gokrazy/issues/124
 2022-04-03 23:05:12 +02:00
Michael Stapelberg
5a97592967 include /usr/local/bin in $PATH 
related to https://github.com/gokrazy/gokrazy/issues/124
 2022-04-03 23:05:02 +02:00
Michael Stapelberg
629a19f92d breakglass command: add -proxy flag for easier ProxyCommand usage 
Now you can use the following in your ~/.ssh/config for example:

Host scan2drive-backup
	Hostname scan2drive.lan
	IdentityFile ~/.ssh/id_ed25519_scan2drivebackup
	ProxyCommand breakglass -proxy scan2drive.lan
 2022-03-31 19:52:53 +02:00
Michael Stapelberg
087335e682 PATH: add /user so that programs installed with gokrazy are found 2022-03-31 19:36:56 +02:00
Michael Stapelberg
0a14bc7f0c set HOME=/perm/home for persistent configs in interactive usage 
As a welcome side effect, this enables persistent shell history by default!
 2022-03-31 19:36:44 +02:00
Michael Stapelberg
0ee50d0171 breakglass: read host-specific http-port.txt 2022-03-26 19:42:52 +01:00
Michael Stapelberg
7131bc5abe GitHub Actions: bump to Go 1.18 2022-03-20 16:01:31 +01:00
Christian Heusel
f41ca45656 add an optional banner to greet the user 2022-03-07 08:56:23 +01:00
Christian Heusel
ae89d9b070 Add a warning for ssh-rsa keys in authorized keys 
https://github.com/gokrazy/breakglass/issues/11
 2022-03-07 08:56:23 +01:00
Christian Heusel
0fd4350464 make the port configurable for development 2022-03-07 08:56:23 +01:00
Christian Heusel
26c3398fb8
Document that RSA keys do not work (#12) 
See issue gokrazy/breakglass#11 for further discussion
 2022-03-04 22:23:08 +01:00
Christian Heusel
63f8dd47bf
Correct minor typo (#10) 2022-03-03 08:14:22 +01:00
Michael Stapelberg
9d823f94f0 README: explicitly mention both packages 2022-01-03 11:40:57 +01:00
Michael Stapelberg
ae8e20729e README: line-wrap 2022-01-03 11:40:21 +01:00
Michael Stapelberg
77705dbe49 update README to use package config for authorized keys 
Now that the host key is created automatically, this allows using breakglass
without ever creating or modifying a permanent partition.
 2022-01-03 11:39:01 +01:00
andig
9bea6256b0
Create host key if not found (#8) 2021-12-19 18:50:16 +01:00
Michael Stapelberg
339c9ce56c GitHub Actions: trigger on all branches 2021-11-28 16:00:38 +01:00
Michael Stapelberg
83d59cddd7 recommend ed25519 host keys 
Newer OpenSSH versions seem to have problems with (some?) older ssh-rsa keys,
so I figured we could switch to ed25519 and avoid any confusion regarding
ssh-rsa support.
 2021-11-28 15:58:55 +01:00