lordwelch/breakglass
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52 Commits 1 Branch 0 Tags
Commit Graph

52 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Stapelberg
48c5124500 unpack tar files copied via sftp subsystem, too (not just older scp) 
For compatibility with OpenSSH ≥ 9
 2022-04-17 15:32:45 +02:00
Michael Stapelberg
7dbbe9b4b3 fix subsystem invocation: send exit code afterwards 
This fixes scp(1) with OpenSSH ≥ 9.
 2022-04-17 15:23:09 +02:00
Michael Stapelberg
097a6f87d6 pull in latest github.com/pkg/sftp 2022-04-17 15:23:03 +02:00
Michael Stapelberg
ef69007a43 use renameio to avoid “text file busy” errors 
Before this commit, extracting a breakglass would fail when /tmp/breakglass*/sh
was busy because it was being run in a separate connection.
 2022-04-09 00:11:47 +02:00
Michael Stapelberg
564a0eceaf explicitly set TMPDIR 
programs such as podman will otherwise default to /var/tmp
(see https://github.com/containers/podman/pull/5412/files)

related to https://github.com/gokrazy/gokrazy/issues/124
 2022-04-03 23:05:12 +02:00
Michael Stapelberg
5a97592967 include /usr/local/bin in $PATH 
related to https://github.com/gokrazy/gokrazy/issues/124
 2022-04-03 23:05:02 +02:00
Michael Stapelberg
629a19f92d breakglass command: add -proxy flag for easier ProxyCommand usage 
Now you can use the following in your ~/.ssh/config for example:

Host scan2drive-backup
	Hostname scan2drive.lan
	IdentityFile ~/.ssh/id_ed25519_scan2drivebackup
	ProxyCommand breakglass -proxy scan2drive.lan
 2022-03-31 19:52:53 +02:00
Michael Stapelberg
087335e682 PATH: add /user so that programs installed with gokrazy are found 2022-03-31 19:36:56 +02:00
Michael Stapelberg
0a14bc7f0c set HOME=/perm/home for persistent configs in interactive usage 
As a welcome side effect, this enables persistent shell history by default!
 2022-03-31 19:36:44 +02:00
Michael Stapelberg
0ee50d0171 breakglass: read host-specific http-port.txt 2022-03-26 19:42:52 +01:00
Michael Stapelberg
7131bc5abe GitHub Actions: bump to Go 1.18 2022-03-20 16:01:31 +01:00
Christian Heusel
f41ca45656 add an optional banner to greet the user 2022-03-07 08:56:23 +01:00
Christian Heusel
ae89d9b070 Add a warning for ssh-rsa keys in authorized keys 
https://github.com/gokrazy/breakglass/issues/11
 2022-03-07 08:56:23 +01:00
Christian Heusel
0fd4350464 make the port configurable for development 2022-03-07 08:56:23 +01:00
Christian Heusel
26c3398fb8
Document that RSA keys do not work (#12) 
See issue gokrazy/breakglass#11 for further discussion
 2022-03-04 22:23:08 +01:00
Christian Heusel
63f8dd47bf
Correct minor typo (#10) 2022-03-03 08:14:22 +01:00
Michael Stapelberg
9d823f94f0 README: explicitly mention both packages 2022-01-03 11:40:57 +01:00
Michael Stapelberg
ae8e20729e README: line-wrap 2022-01-03 11:40:21 +01:00
Michael Stapelberg
77705dbe49 update README to use package config for authorized keys 
Now that the host key is created automatically, this allows using breakglass
without ever creating or modifying a permanent partition.
 2022-01-03 11:39:01 +01:00
andig
9bea6256b0
Create host key if not found (#8) 2021-12-19 18:50:16 +01:00
Michael Stapelberg
339c9ce56c GitHub Actions: trigger on all branches 2021-11-28 16:00:38 +01:00
Michael Stapelberg
83d59cddd7 recommend ed25519 host keys 
Newer OpenSSH versions seem to have problems with (some?) older ssh-rsa keys,
so I figured we could switch to ed25519 and avoid any confusion regarding
ssh-rsa support.
 2021-11-28 15:58:55 +01:00
Michael Stapelberg
21a04c8c8b pull in latest golang.org/x/crypto 2021-11-28 12:03:48 +01:00
Michael Stapelberg
d06342049c add GitHub Actions config 2021-10-24 18:19:34 +02:00
Michael Stapelberg
0c9f029ca2 upgrade to latest gokrazy/... packages 2021-10-24 18:19:06 +02:00
Michael Stapelberg
33834ea6fa allow overwriting the gokrazy URL prefix 
The special syntax :1080 means “use the default, but force port to 1080”,
which is useful when you are running the gokrazy web interface on a different
port because you need port 80 for your web appliance.
 2021-10-24 18:10:37 +02:00
Michael Stapelberg
9eab5f8b0d add -prepare and -ssh_config flags for usage in SSH ProxyCommand 
E.g.:

Host router7
	ProxyCommand /bin/sh -c 'breakglass -prepare_only -ssh_config=/dev/null -debug_tarball_pattern=$HOME/gokrazy/debug-\${GOARCH}.tar %h; /usr/bin/nc %h %p'
 2021-09-19 19:12:47 +02:00
Michael Stapelberg
b54c2f919e SSH: wire up SFTP subsystem 2021-06-06 13:54:30 +02:00
andig
1a4768ba69
Add port forwarding (-forward flag) (#7) 2021-01-18 09:46:20 +01:00
Michael Stapelberg
efff2172ee breakglass: use internal/config to read HTTP password 2020-05-27 18:38:58 +02:00
Michael Stapelberg
942ef7f559 README: update to use breakglass tool 2020-05-25 09:45:45 +02:00
Michael Stapelberg
8157f8ee60 add breakglass SSH wrapper tool (for convenience) 2020-05-25 09:31:54 +02:00
Michael Stapelberg
6a8318bdb5 pick up shell from github.com/gokrazy/serial-busybox if present 
This allows users to use breakglass without having to upload their own shell (as
a fallback).
 2020-05-25 08:58:37 +02:00
Michael Stapelberg
00ea9a7166 link to README section “installation” when keys are missing 2020-04-08 14:29:10 +02:00
Michael Stapelberg
3bc0b09635 README: ssh: any type works 2019-09-28 11:07:43 +02:00
Michael Stapelberg
f51c367b88 README: ssh: use a clearer example in the installation instructions 2019-09-28 11:07:07 +02:00
Michael Stapelberg
ae96dda1f3 declare a Go module 2019-03-21 09:37:16 +01:00
Michael Stapelberg
1cd81ed58b parse SSH keys line-wise, skip empty/comments 
fixes #3
 2019-03-21 09:36:40 +01:00
Michael Stapelberg
d3f89caa0a README: use sdx to prevent mistakes 2019-02-07 14:41:23 +01:00
Anisse Astier
9d10c020d8 ssh: fix shell payload string length (#2) 
Using ssh.Unmarshal since commit c11ed6a015a8da means the "shell" payload should be propely formatted, with a specified string length. Otherwise, when attempting to connect, you'll see this message in the gokrazy stderr:
ssh: parse error in message type 0

that's because in x/crypto/ssh, the parseString() method expects a length before the string. If length is 0, there will be remaining unparsed data, and an error.
 2018-12-28 16:20:43 +01:00
Michael Stapelberg
05fda29dea scp: don’t error out on directories in the tarball 2018-12-15 14:47:34 +01:00
Michael Stapelberg
c11ed6a015 use ssh.Unmarshal 
Thanks to Merovius for the hint.
 2018-10-29 18:42:56 +01:00
Axel Wagner
77088e03a7 Forward correct exit status to client (#1) 2018-10-25 12:49:32 +02:00
Michael Stapelberg
a1fd5f6920 ensure processes are killed when client disconnects 2018-07-22 23:04:18 +02:00
Michael Stapelberg
05c84e7002 ssh: run commands through sh -c if sh is present 2018-06-23 16:14:33 +02:00
Michael Stapelberg
b99b39b334 include the breakglass mountpoint in $PATH 
That way, users don’t need to use the ./ prefix all the time.
 2018-06-23 15:45:50 +02:00
Michael Stapelberg
a8f85f5027 ssh: default to starting "sh" on shell requests instead of erroring 
This may still result in an error if sh is not present, but in case sh *is*
present, it results in the user just getting a shell without having to use
e.g. ssh -t gokrazy ./busybox sh
 2018-06-23 15:44:41 +02:00
Michael Stapelberg
0d8462cfe7 ssh: send exit-status request for successful commands 
The crypto/ssh client library requires this.
 2018-06-23 15:42:41 +02:00
Michael Stapelberg
6184621747 exec: answer request once command is running 2018-06-11 23:18:11 +02:00
Michael Stapelberg
ae93fa3cab exec: write stderr to SSH stderr channel, not stdout 2018-06-11 23:17:46 +02:00