davrodpin / mole Goto Github PK
View Code? Open in Web Editor NEWCLI application to create ssh tunnels focused on resiliency and user experience.
Home Page: https://davrodpin.github.io/mole/
License: MIT License
CLI application to create ssh tunnels focused on resiliency and user experience.
Home Page: https://davrodpin.github.io/mole/
License: MIT License
I spent a few hours this evening working through the main functionality for a Local-to-Remote tunnel (as I understand it from reading documentation and the flag shortcuts ticket).
You'll see the UI looks very empty (in terms of OS/web-browser chrome, etc) apart from the functionality to create/start/stop the tunnels. This is a conscious decision as I'm still not sure of how it would/could look yet. (See #71 for my questions about that)
Please have a look. If there's something functionally incorrect, let me know. As I said above, this is basic functionality. There is lots more I know (remote forward, etc.)
Thanks!
master @ 2aeee32
No warning message about options on ssh configuration file should be thrown to the user if they are not used.
The following message was observed even when no ssh configuration file was needed or existed:
WARN[0000] error reading LocalForward configuration from ssh config file. This option will not be used: bad forwarding specification on ssh config file: []
make test-env
mole -v -remote 192.168.33.11:80 -server [email protected]:22122 -key test-env/key
DEBU[0000] cli options options="[local=, remote=192.168.33.11:80, [email protected]:22122, key=test-env/key, verbose=true, help=false, version=false]"
DEBU[0000] using ssh config file from: $HOME/.ssh/config
WARN[0000] error reading LocalForward configuration from ssh config file. This option will not be used: bad forwarding specification on ssh config file: []
DEBU[0000] server: [name=127.0.0.1, address=127.0.0.1:22122, user=mole, key=test-env/key]
DEBU[0000] using ssh config file from: $HOME/.ssh/config
WARN[0000] error reading LocalForward configuration from ssh config file. This option will not be used: bad forwarding specification on ssh config file: []
DEBU[0000] tunnel: [local:127.0.0.1:60831, server:127.0.0.1:22122, remote:192.168.33.11:80]
INFO[0000] listening on local address local_address="127.0.0.1:60831"
So this question is more about usage and may be a small misunderstanding of how this tool should be used. My current use case is to have this tool forward requests to a known host on a separate network from the current network, as if that domain name had existed on the current network. A quick example to demonstrate:
# domain-name:9999 DOES NOT resolve on local
# domain-name:9999 DOES resolve from the SSH server
mole start local \
--source domain-name:999 \
--destination domain-name:9999 \
--server user@jump-server
In this example, domain-name:9999
DOES exist and resolve when requested from the jump server. However, on the local machine, domain-name:9999
does not exist or resolve. Is there a way to have mole directly route these requests as if that domain did exist on the local machine?
When attempted to do this, it errors with ERRO[0000] listen tcp <ip>:9999: bind: can't assign requested address
. Any advice on how this could be possible?
Validate the input given through -remote
flag and fail the application if the address port is not given.
Accepting value on -remote
without port and failing when the client tried to connect to the remote endpoint.
$ make test-env
$ ./mole -v -insecure -local :21112 -remote 192.168.33.11 -server [email protected]:22122 -key test-env/ssh-server/keys/key -keep-alive-interval
2s
DEBU[0000] cli options options="[local=:21112, remote=192.168.33.11, [email protected]:22122, key=test-env/ssh-server/keys/key, verbose=true, help=false, version=false, detach=false]"
DEBU[0000] using ssh config file from: /Users/davidrodrigues/.ssh/config
DEBU[0000] server: [name=127.0.0.1, address=127.0.0.1:22122, user=mole]
DEBU[0000] tunnel: [channels:[[local=127.0.0.1:21112, remote=192.168.33.11]], server:127.0.0.1:22122]
DEBU[0000] new connection established to server server="[name=127.0.0.1, address=127.0.0.1:22122, user=mole]"
INFO[0000] tunnel is ready local="127.0.0.1:21112" remote=192.168.33.11
192.168.33.11:21112
$ curl 127.0.0.1:21112
curl: (56) Recv failure: Connection reset by peer
DEBU[0006] new connection address="127.0.0.1:65460"
ERRO[0006] remote dial error: address 192.168.33.11: missing port in address tunnel="[channels:[[local=127.0.0.1:21112, remote=192.168.33.11]], server:127.0.0.1:22122]"
It will be great if mole could run on Windows operating system, have anyone tried to build it for Windows?
The update alias
command would update the given flags of a pre-existing alias configuration
$ cat $HOME/.mole/example.toml
type = "local"
verbose = false
insecure = false
detach = false
source = [":8081"]
destination = ["172.17.0.100:80"]
server = "[email protected]:22122"
key = "test-env/ssh-server/keys/key"
keep-alive-interval = "10s"
connection-retries = 3
wait-and-retry = "3s"
ssh-agent = ""
timeout = "3s"
$ mole update alias example --key "path/to/new/key"
alias example updated with success
$ cat $HOME/.mole/example.toml
type = "local"
verbose = false
insecure = false
detach = false
source = [":8081"]
destination = ["172.17.0.100:80"]
server = "[email protected]:22122"
key = "path/to/new/key"
keep-alive-interval = "10s"
connection-retries = 3
wait-and-retry = "3s"
ssh-agent = ""
timeout = "3s"
The way to provide longhand cli arguments to mole has changed to use double dashes, --
, since 49efce0 and the examples used in documentation files need to be updated.
Requests to localhost:3389 should be forward to remote:8888,
localhost:3389 can't be reached, and
ERRO[0002] error generating ssh client config: ssh: cannot decode encrypted private keys tunnel="[local:127.0.0.1:3389, server:my.Server.I.P:myServerPort, remote:127.0.0.1:8888]"
jupyter lab
, this will run the jupyter on port 8888.Host myServer
Hostname my.Server.I.P
Port myServerPort
User user
IdentityFile ~/.ssh/id_rsa
mole -v -local :3389 -remote :8888 -server myServer
.http://localhost:3389/
in a browser.The ssh-agent is running and I added the ssh key into the macOS keychain by ssh-add -K ~/.ssh/id_rsa
. After the error, I remove it from the keychain by ssh-add -d ~/.ssh/id_rsa
, but no luck. I also killed the ssh-agent process, still the same error.
Before mole, I use this ssh command: ssh -N -p myServerPort [email protected] -L localhost:3389:localhost:8888
and it works fine.
Got error
runtime: bad pointer in frame github.com/konsorten/go-windows-terminal-sequences.EnableVirtualTerminalProcessing at 0xc0000674e8: 0x50
fatal error: invalid pointer found on stack
v.0.2.0
The app should fail and raise an error message if both -remote
and -server
options were not provided
The app accepts the command and adds an entry on $HOME/.mole.conf
$ cat $HOME/.mole.conf
cat: /Users/<user>/.mole.conf: No such file or directory
$ mole -alias example1
$ cat $HOME/.mole.conf
[tunnels]
[tunnels.example]
local = ""
remote = ""
server = ""
key = ""
verbose = false
help = false
version = false
The project should have a shell script that, once executed, would detect the system architecture then download the proper binary then install it.
How to find OS name and architecture:
$ uname -sm
Darwin x86_64
$ uname -sm
Linux x86_64
The installation process would look like to:
$ bash <(curl -fsSL https://raw.githubusercontent.com/davrodpin/mole/master/tools/install)
When I run mole -start <alias>
it panics with:
$ mole -start nightly
The key provided is secured by a password. Please provide it below:
Password:
panic: non-positive interval for NewTicker
goroutine 9 [running]:
time.NewTicker(0x0, 0x0)
/usr/local/Cellar/go/1.13/libexec/src/time/tick.go:23 +0x147
github.com/davrodpin/mole/tunnel.(*Tunnel).keepAlive(0xc0000e0200)
/Users/james/go/src/github.com/davrodpin/mole/tunnel/tunnel.go:300 +0x44
created by github.com/davrodpin/mole/tunnel.(*Tunnel).dial
/Users/james/go/src/github.com/davrodpin/mole/tunnel/tunnel.go:290 +0x23f
Unclear what version I'm running:
$ mole --version
mole unversioned
I originally installed with go get -u ...
0.5.0, also tested 0.4
Tunnel should be set up.
When launching mole
, it crashes and outputs:
ERRO[0000] error generating ssh client config: extra data in encoded key tunnel="[channels:[[local=127.0.0.1:8080, remote=127.0.0.1:8080]], server:IP:22]"
mole -v -local :8080 -remote :8080 -server someserver
Output:
DEBU[0000] cli options options="[local=:8080, remote=:8080, server=someserver, key=, verbose=true, help=false, version=false, detach=false, insecure=false, keep-alive-interval=10s, timeout=3s, connection-retries=3, retry-wait=3s]"
DEBU[0000] using ssh config file from: /home/username/.ssh/config
DEBU[0000] server: [name=someserver, address=123.123.123.123:22, user=username]
DEBU[0000] tunnel: [channels:[[local=127.0.0.1:8080, remote=127.0.0.1:8080]], server:123.123.123.123:22]
ERRO[0000] error generating ssh client config: extra data in encoded key tunnel="[channels:[[local=127.0.0.1:8080, remote=127.0.0.1:8080]], server:123.123.123.123:22]"
mole compiled from a5252a4
$ go env
GOARCH="amd64"
GOBIN=""
GOCACHE="$HOME/Library/Caches/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"
GOPATH="$HOME/dev/gowork"
GOPROXY=""
GORACE=""
GOROOT="/usr/local/Cellar/go/1.11.1/libexec"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.11.1/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/k1/lbj19n2j2ms3xhwx4g30hv480000gp/T/go-build820219202=/tmp/go-build -gno-record-gcc-switches -fno-common"
$ sw_vers
ProductName: Mac OS X
ProductVersion: 10.13.6
BuildVersion: 17G65
The app should provide the reason for failing its execution when the user is providing the wrong flags or combination of flags
The app is showing the usage with no error message, as follows:
$ mole -remote :443
usage:
mole [-v] [-local [<host>]:<port>] -remote [<host>]:<port> -server [<user>@]<host>[:<port>] [-key <key_path>]
mole -alias <alias_name> [-v] [-local [<host>]:<port>] -remote [<host>]:<port> -server [<user>@]<host>[:<port>] [-key <key_path>]
mole -alias <alias_name> -delete
mole -start <alias_name>
mole -help
mole -version
-alias string
Create a tunnel alias
-delete
delete a tunnel alias (must be used with -alias)
-help
list all options available
-key string
(optional) Set server authentication key file path
-local value
(optional) Set local endpoint address: [<host>]:<port>
-remote value
set remote endpoint address: [<host>]:<port>
-server value
set server address: [<user>@]<host>[:<port>]
-start string
Start a tunnel using a given alias
-v (optional) Increase log verbosity
-version
display the mole version
mole 0.4.0 installed through brew
MacOS Mojave 10.14.6 (18G95)
mole should use the existing key-agent socket SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.xXxxxX/Listeners
asks for key-password
Add a new command to output all running detached application instances and their configuration.
If no instance id is provided, the command outputs all active instances.
$ mole start alias test-env
INFO[0000] execute "mole stop test-env" if you like to stop it at any time
$ mole show instance test-env
test-env:
configuration:
verbose: true
insecure: true
detach: true
source: :21112, :21113
destination: 192.168.33.11:80, 192.168.33.11:8080
server: [email protected]:22122
key: test-env/ssh-server/keys/key
keep alive interval: 2s
connection retries: 3
wait and retry: 3s
ssh agent:
timeout: 3s
Implement a new command, mole show logs
that will output the log of any mole session, including the ones running on foreground.
The --tail
option will make it to tail the end of the output.
$ mole show logs my-alias
<log output>
...
$ mole show logs b3339a0b --tail
<log output>
Interesting tool @davrodpin!
I'd expect a tool for managing SSH tunnels to support reverse (ssh -R
) and dynamic (ssh -D
) tunnels.
Reverse tunnels could be implemented by a -reverse
flag that causes ssh to be spawned with -R
instead of -L
.
Dynamic tunnels could be implemented by a -dynamic
flag with makes mole not need(in fact should error if it is present) the -remote
flag.
How could you use this without the CLI functionality.
Like hardcode the variables for username , host, remote and local ports, private key as a byte array.
And then build it with these hard coded variables.
SSH config file supports an option, LocalForward
that specifies a local port to be forwarded to a remote machine over the ssh connection established to the given server.
Making mole
to use that option would help users that are already using it on their ssh config file to:
LocalForward
), and in the mole
aliases file (i.e. local
and remote
)mole
easier to use since there -local
and -remote
options would be requiredFrom https://www.ssh.com/ssh/config/:
LocalForward
Specifies that a TCP port on the local machine be forwarded over the secure channel to the specified
host and port from the remote machine. The first argument must be [bind_address:]port and the
second argument must be host:port.
1.0.1
tunnel port
time="2020-09-12T12:10:35+07:00" level=error msg="error generating ssh client config: error while parsing 'known_hosts' file: C:\Users\meoti\.ssh\known_hosts: knownhosts: C:\Users\meoti\.ssh\known_hosts:21: illegal base64 data at input byte 140" tunnel="[channels:[[source=127.0.0.1:5432, destination=127.0.0.1:5432]], server:xx.xx.xx.xx:22]"
start command: mole start local --source :5432 --source :6379 --destination :5432 --destination :6379 --server server
on windows 10, and git bash (https://git-scm.com/downloads)
$ mole -version
mole 0.2.0
In my ~/.ssh/config
i have a server named ucd_f23
. Mole seems to split the name and use only ucd
as the server name. It should not.
$ mole -v -local :8000 -remote 192.168.12.49:5001 -server root@ucd_f23
DEBU[0000] cli options options="[local=:8000, remote=192.168.12.49:5001, server=root@ucd, key=, verbose=true, help=false, version=false]"
DEBU[0000] using ssh config file from: /home/nicolas/.ssh/config
DEBU[0000] server: [name=ucd, address=ucd:22, user=root, key=/home/nicolas/.ssh/id_nicolas]
DEBU[0000] tunnel: [local:127.0.0.1:8000, server:ucd:22, remote:192.168.12.49:5001]
INFO[0000] listening on local address local_address="127.0.0.1:8000"
DEBU[0046] new connection address="127.0.0.1:40046"
DEBU[0046] known_hosts file used: /home/nicolas/.ssh/known_hosts
ERRO[0046] server dial error: dial tcp: lookup ucd on 192.168.40.1:53: no such host tunnel="[local:127.0.0.1:8000, server:ucd:22, remote:192.168.12.49:5001]"
~/.ssh/config
:Host ucd_f23
Hostname 1.2.3.4
IdentityFile ~/.ssh/id_key
ProxyJump jump.example.net
mole -v -local :8000 -remote 192.168.12.49:5001 -server root@ucd_f23
The mole add alias --help
command shows the usage with local
tunnel type only.
It rather should [tunnel_type]
since the user can create an alias for both local and remote port forwarding.
Once that is done, the long description should have a reference to the accepted values for tunnel type
(i.e. local and remote) and a brief description what they are.
Hi @davrodpin thanks for Mole. I found it via this webpage.
I'm currently using it to access home services I don't want to expose to the Internet via web interface.
Would you consider a UI for Mole? I'm happy to help you with providing some design mockups. (Sorry my coding skills are abysmal)
It would be helpful to be able to control the tunnels via the desktop.
What do you think?
New CLI flag to configure the client timeout while trying to establish a connection with the ssh server.
Potential Solution
Along with the addition of a new cli flag, the following code would need to be changed to use the given timeout value:
Line 239 in 8f08748
hi !
introductionar words :
for mass deployment it is a no-go to use private keys /wo passphrases.
since mole has no feature to collect the passphrase from the user from console (commandline-args or config-files are NO good idea) the only possibility (on windows) is to start pageant with '-c "mole.exe ..."' but ...
for that reason mole would have to use xanzy/ssh-agent instead of golang.org/x/crypto/ssh/agent
SCENARIO :
"mole add alias ccc ... ... --deferred-passphrase"
"mole start alias ccc --passphrase-from-console" or
"mole start alias ccc --passphrase-from-stdin" or
"mole start alias ccc --passphrase supersecret"
OR WITH RPC :
"mole start alias ccc ... ... --defer-connect --rpc"
"mole misc rpc ask_private_key_passphrase_from_console" or
"mole misc rpc ask_private_key_passphrase_from_stdin" or
"mole misc rpc specify_private_key_passphrase supersecret"
"mole misc rpc connect"
at least please comment if passphrase handling will be managed somehow sometime and/or
if golang.org/x/crypto/ssh/agent is possible
thank you very much
wolfgang
Latest commit (843dce7)
First try running on Windows 10 under cygwin I created an alias which I then try to use.
mole -alias ldlc_minishift -remote 192.168.99.100:8443 -server [email protected] -key $(cygpath -m ~/.ssh/id_rsa)
mole -start ldlc_minishift
I expect connect to succeed.
mole fails to find known_hosts file because of horrible Windows pathnames!
time="2018-10-22T18:59:30+02:00" level=info msg="listening on local address"
local_address="127.0.0.1:28302"
time="2018-10-22T19:02:19+02:00" level=error msg="error generating ssh client config: error while parsing 'known_hosts' file: C:\tools\cygwin\home\windo\.ssh\known_hosts: open C:\tools\cygwin\home\windo\.ssh\known_hosts: The system cannot find the path specified." tunnel="[local:127.0.0.1:28302, server:192.168.0.40:22, remote:192.168.99.100:8443]"
2.On Windows/Cygwin: Start with that alias, for example
mole -start ldlc_minishift
Obviously this is a work-around for a Windows pathname problem but the --ignore-known-hosts option could be useful more generally.
A work around for the specific Windows pathname problem is welcome.
0.4.0
Mole
is failing with valid arguments given
$ mole -insecure -local :21112 -local :21113 -remote 192.168.33.11:80 -remote 192.168.33.11:8080 -server [email protected]:22122 -key test-env/ssh-server/keys/key
ERRO[0000] error processing server options: error accessing 127.0.0.1: open /Users/mole/.ssh/config: no such file or directory
None of the arguments given depend on the ssh config file, so there is no need for the file to be required.
$ ls /Users/mole/.ssh/config
ls: /Users/mole/.ssh/config: No such file or directory
$ mole -version
mole 0.4.0
$ mole -insecure -local :21112 -local :21113 -remote 192.168.33.11:80 -remote 192.168.33.11:8080 -server [email protected]:22122 -key test-env/ssh-server/keys/key
ERRO[0000] error processing server options: error accessing 127.0.0.1: open /Users/mole/.ssh/config: no such file or directory
master @ 099b47a
I can't skip host key validation with -insecure
using an alias created with the right flag.
The insecure mode should be respected when creating an alias passing -insecure
$ ./mole -alias test -v -insecure -local :21112 -remote 192.168.33.11:8080 -server [email protected]:22122 -key test-env/ssh-server/keys/key
$ ./mole -start test
DEBU[0000] cli options options="[local=:21112, remote=192.168.33.11:8080, [email protected]:22122, key=test-env/ssh-server/keys/key, verbose=true, help=false, version=false, detach=false, insecure=false]"
DEBU[0000] using ssh config file from: /Users/mole/.ssh/config
DEBU[0000] server: [name=127.0.0.1, address=127.0.0.1:22122, user=mole]
DEBU[0000] tunnel: [channels:[[local=127.0.0.1:21112, remote=192.168.33.11:8080]], server:127.0.0.1:22122]
DEBU[0000] known_hosts file used: /Users/mole/.ssh/known_hosts
ERRO[0000] server dial error: ssh: handshake failed: knownhosts: key mismatch tunnel="[channels:[[local=127.0.0.1:21112, remote=192.168.33.11:8080]], server:127.0.0.1:22122]"
$ cat /Users/davidrodrigues/.mole.conf
[tunnels]
[tunnels.test]
local = [":21112"]
remote = ["192.168.33.11:8080"]
server = "[email protected]:22122"
key = "test-env/ssh-server/keys/key"
verbose = true
help = false
version = false
detach = false
Add a -detach
argument to the CLI to flag the application must be detached from the current terminal and run in background. User should be able to redirect stdout
and stdin
to log files for auditing purposes
N.A.
mole
should have been installed
Unable to install mole through homebrew
✦ ❯ brew tap davrodpin/homebrew-mole && brew install mole
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 5 taps (weaveworks/tap, buo/cask-upgrade, homebrew/core, homebrew/cask and aws/tap).
==> New Formulae
rustscan
==> Updated Formulae
Updated 41 formulae.
==> New Casks
<redacted>
==> Tapping davrodpin/mole
Cloning into '/usr/local/Homebrew/Library/Taps/davrodpin/homebrew-mole'...
remote: Enumerating objects: 18, done.
remote: Counting objects: 100% (18/18), done.
remote: Compressing objects: 100% (14/14), done.
remote: Total 42 (delta 8), reused 11 (delta 4), pack-reused 24
Unpacking objects: 100% (42/42), 8.52 KiB | 272.00 KiB/s, done.
Tapped 1 formula (68 files, 43.2KB).
Error: Another active Homebrew update process is already in progress.
Please wait for it to finish or terminate it to continue.
==> Installing mole from davrodpin/mole
==> Downloading https://github.com/davrodpin/mole/archive/v1.0.1.tar.gz
==> Downloading from https://codeload.github.com/davrodpin/mole/tar.gz/v1.0.1
##O#- #
==> go build -ldflags -X github.com/davrodpin/mole/cmd.version=1.0.1 github.com/davrodpin/mole
Error: Empty installation
~
✦ ❯
✦ ❯ brew --version
Homebrew 2.5.2
Homebrew/homebrew-core (git revision 67222; last commit 2020-09-22)
Homebrew/homebrew-cask (git revision 1821ab; last commit 2020-09-22)
~
❯ go version
go version go1.15.2 darwin/amd64
~
Lines 367 to 413 in f78f0cc
These four functions seem to have the intention of having identical functionality.
However reconcileHostname
diverges from this pattern by prioritizing resolvedHostname
instead of givenHostname
like the others do.
If this is a mistake, I suggest the following function to replace all four of them:
func reconcileValue(given, resolved string) string {
if given != "" {
return given
}
return resolved
}
App should allow to specify multiple -remote
, so user could access multiple services through the same tunnel, reusing the same connection.
Example:
$ mole -remote host1:3306 -remote host2:80 -remote host2:443 -server my-ssh-server
INFO[0000] listening on local address remote="host1:3306", local_address="127.0.0.1:64723"
INFO[0000] listening on local address remote="host2:80", local_address="127.0.0.1:64724"
INFO[0000] listening on local address remote="host2:443", local_address="127.0.0.1:64725"
If multiple -remote
are specified, then -local
can't be used.
let me know if anyone has another suggestion for how to specified the local port for each host without combining -remote
and -local
in one single flag).
The app could keep sending a keep-alive packet to the ssh server to avoid connection time outs configured on the server side.
Those synthetic, null packets should be sent every 10 seconds
by default, with a flag , -ka-interval
, to allow the user to override this value.
In case the ssh server does not respond to the keep-alive packets, the app should keep trying to send them three (3) times
before giving up and closing the connection. The number of attempts could be overridden by the user using the flag -ka-attempt
.
$ mole -remote :443 -server example -ka-interval "5 seconds" -ka-attempt 10
Related-To: #24
For users familiar with the app, having a shorter version of the flag names could save some time while typing the option.
Proposal for mole's flag names supported on version 0.5.0
long | short |
---|---|
-alias | -a |
-aliases | -I |
-connection-retries | -R |
-delete | -d |
-detach | -x |
-help | -h |
-insecure | -i |
-keep-alive-interval | -K |
-key | -k |
-local | -l |
-remote | -r |
-retry-wait | -w |
-server | -s |
-start | -S |
-stop | -o |
-timeout | -t |
-verbose | -v |
-version |
It would be great if there is a way to disable StrictHostKeyChecking
in the SSH config file like below.
Host example
User mole
Hostname 127.0.0.1
Port 22122
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null
IdentityFile test-env/ssh-server/keys/key
My use case is that I deploy a lot of SSH servers where the bastion's IP either keep on changing (due to security) or when working on temporary environments.
It would be great if there is a way to specify the SSH config file i.e. a file other than ~/.ssh/config
. My use case is that I deploy a lot of SSH servers where the bastion's IP either keep on changing (due to security) or when working on temporary environments.
Implement a new flag, -insecure
that will ignore the host key checking while establishing connection to the ssh server.
Potential Solution
Along with the CLI argument parsing, the code would need to skip setting the HostKeyCallback
to ssh.ClientConfig
on tunnel/tunnel.go
Line 238 in 8f08748
New command to install auto completion for bash
and zsh
very similar to what kubectl
does
v1.0.0
Respect the values of the verbose
, insecure
and detach
flags when
Verbose
, insecure
and detach
flags are set to true in the alias but not active when using start alias
make test-env
--verbose
, --insecure
, --detach
mole start local \
--verbose \
--insecure \
--detached \
--source :21112 \
--destination 192.168.33.11:80 \
--server [email protected]:22122 \
--key test-env/ssh-server/keys/key \
--keep-alive-interval 2s
cat ~/.mole/test-env.toml
type = "local"
verbose = true
insecure = true
detach = true
source = [":21112"]
destination = ["192.168.33.11:80"]
server = "[email protected]:22122"
key = "test-env/ssh-server/keys/key"
keep-alive-interval = "2s"
connection-retries = 3
wait-and-retry = "3s"
ssh-agent = ""
timeout = "3s"
mole start alias test-env
INFO[0000] tunnel channel is waiting for connection destination="192.168.33.11:80" source="127.0.0.1:21112"
The feedback below came from a Hacker News discussion:
tjoff
I don't know if it does but I kind of assumed/hoped it did reconnect if a connection drops. But I can't find anything about it so I guess it doesn't.reply | I don't know if it does but I kind of assumed/hoped it did reconnect if a connection drops. But I can't find anything about it so I guess it doesn't.replyearthscienceman 5 hours ago
Uh. I run an autossh program on the host in question. It auto-runs ssh connections when they drop, including tunnels. https://www.everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh/
This might be a good feature to implement, maybe a new optional flag to indicate how many consecutive attempts should be made before giving up.
Iam using windows version of Mole v1.0.1 and failed to logon using my privatekey with --key parameter.
error="ssh: handshake failed: knownhosts: key is unknown"
There isn't problem with my private key because i can logon with that key using putty or another ssh software.
My private key is ssh-rsa 2048
Thanks.
Would be nice if aliases can be loaded off a configuration like ~/.mole/aliases.config
or something.
Definitely can live with the current way of doing things, thought this could be more convenient. If such a thing already exists, do point me towards that
Flags given through CLI while using the start alias <alias_name>
must override the values stored in the alias.
The start alias <alias_name>
does not support any flag to be given through CLI.
$ mole start alias any-alias-with-detach-false --detach
Error: unknown flag: --detach
Usage:
mole start alias [name] [flags]
Flags:
-h, --help help for alias
Version: master
$ go test -race -count=100 ./...
... scrolls up for a loong time. Interestingly removing the go
qualifier from https://github.com/davrodpin/mole/blob/master/tunnel/tunnel.go#L254-L255 just causes the test to hang indefinitely.
Every time a successful check runs, a new coverage report is added under docs/cov
.
To avoid old reports to be kept in the repository, the check should clean up reports older than a week.
Ideally, a single commit should remove the old reports and add the new one.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.