stoggi / sshrimp Goto Github PK
View Code? Open in Web Editor NEW🦐SSH Certificate Authority in a Lambda (on the barbie)
License: MIT License
🦐SSH Certificate Authority in a Lambda (on the barbie)
License: MIT License
Hi @stoggi ! , i was testing the agent with ssh-add
exporting the environment variable export SSH_AUTH_SOCK=/tmp/sshrimp.sock
. I found an panic error when you delete de identities and then you want get a certificate again.
Replay error:
export SSH_AUTH_SOCK=/tmp/sshrimp.sock
ssh-add -L
to list and authenticate for first timessh-add -D
to delete de identitiesssh-add -L
to get a new one and see errorI believe that the error is in aws-oidc provider when tries to register again the handler for /
or /auth/callback
. It's using the Default Server Mux.
Do you know any solution about this? I could develop the fix. Maybe could be solved using mux server in order to up a new server mux for each of them.
In the other hand, i dont know why the error its happened because you shutdown the server after each authentication
Thanks you for support !
panic: http: multiple registrations for /
goroutine 1 [running]:
net/http.(*ServeMux).Handle(0x1d994a0, 0x172f915, 0x1, 0x1977c40, 0xc0002d8340)
/usr/local/Cellar/go/1.14.5/libexec/src/net/http/server.go:2432 +0x2b6
net/http.(*ServeMux).HandleFunc(...)
/usr/local/Cellar/go/1.14.5/libexec/src/net/http/server.go:2469
net/http.HandleFunc(...)
/usr/local/Cellar/go/1.14.5/libexec/src/net/http/server.go:2481
github.com/stoggi/aws-oidc/provider.ProviderConfig.Authenticate(0xc000026280, 0x48, 0xc000028b80, 0x18, 0xc000028b00, 0x1b, 0x101, 0xc00012eec0, 0x4, 0x4, ...)
/Users/lcalisi/go/pkg/mod/github.com/stoggi/[email protected]/provider/provider.go:169 +0xc8d
github.com/stoggi/sshrimp/internal/sshrimpagent.(*sshrimpAgent).List(0xc000170680, 0xc00002ac44, 0x1, 0xc00045db10, 0x109fb42, 0xc000170380)
/Users/lcalisi/alfred-ssh-agent-poc/internal/sshrimpagent/sshrimpagent.go:72 +0xdb
golang.org/x/crypto/ssh/agent.(*server).processRequest(0xc00045dd28, 0xc00002ac44, 0x1, 0x1, 0xc00045dca0, 0x1071d87, 0xc000486060, 0xc00002ac44)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:145 +0x5ec
golang.org/x/crypto/ssh/agent.(*server).processRequestBytes(0xc00045dd28, 0xc00002ac44, 0x1, 0x1, 0x1, 0x1, 0x1)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:30 +0x67
golang.org/x/crypto/ssh/agent.ServeAgent(0x1988920, 0xc000170680, 0x2f41008, 0xc000486060, 0xc000486060, 0xc000020050)
Hi @stoggi, i am triying to up sshrimp
but i have some problems. I managed to configure Google OpenID and i got the message Signed in successfully, return to cli app
, but after it, the agent crash
sshrimp-agent: listening on /tmp/sshrimp.sock
2020/12/18 00:10:19 <nil>
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x13e73e6]
goroutine 1 [running]:
golang.org/x/crypto/ssh.(*Certificate).Type(0x0, 0xc00006ae40, 0xc0003ee100)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/certs.go:494 +0x26
github.com/stoggi/sshrimp/internal/sshrimpagent.(*sshrimpAgent).List(0xc0001fc700, 0xc000096004, 0x1, 0xc00020f9e0, 0x1091e22, 0xc00008e080)
/Users/lcalisi/sshrimp/internal/sshrimpagent/sshrimpagent.go:87 +0x18e
golang.org/x/crypto/ssh/agent.(*server).processRequest(0xc00020fbf8, 0xc000096004, 0x1, 0x1, 0xc00020fb70, 0x10719a7, 0xc000094000, 0xc000096004)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:145 +0x5ec
golang.org/x/crypto/ssh/agent.(*server).processRequestBytes(0xc00020fbf8, 0xc000096004, 0x1, 0x1, 0x1, 0x1, 0x1)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:30 +0x67
golang.org/x/crypto/ssh/agent.ServeAgent(0x1875c00, 0xc0001fc700, 0x2d15008, 0xc000094000, 0xc000094000, 0x0)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:557 +0x1c6
main.launchAgent(0xc0002c65a0, 0xc0001fc100, 0x0, 0x0)
/Users/lcalisi/sshrimp/cmd/sshrimp-agent/main.go:88 +0x537
main.main()
/Users/lcalisi/sshrimp/cmd/sshrimp-agent/main.go:37 +0x4a5
How i need to config the OpenID? Additionally, i have another question, how i could get aws credentials to invoke shrimp lambda function through OpenID? Do i need use the aws-oidc
?
My sshrimp.toml
looks:
[Agent]
ProviderURL = "https://accounts.google.com"
ClientID = "CLIENT_ID"
ClientSecret = "CLIENT_SECRET"
BrowserCommand = ["open", "-a", "Google Chrome", "{}"]
Socket = "/tmp/sshrimp.sock"
[CertificateAuthority]
AccountID = AWS_ACCOUNT_ID
Regions = ["us-east-1"]
FunctionName = "sshrimp"
KeyAlias = "alias/sshrimp"
ForceCommandRegex = "^$"
SourceAddressRegex = "^$"
UsernameRegex = "^(.*)@example\\.com$"
UsernameClaim = "email"
ValidAfterOffset = "-5m"
ValidBeforeOffset = "+12h"
Extensions = ["no-x11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-pty", "permit-user-rc"]
Hi @stoggi , it is possible get ssh connection data in the agent?
For example.. if i make a connection like ssh ubuntu@host
, is it possible that the agent receives this data? if true, maybe we can sign specific certificates for each host and maybe forcing commands o other features.
Thanks you!
Defect Description
When building sshrimp with mage, user is prompted first to provide an AWS Account ID (12 digit number), and then select an AWS Region from a list, using arrow keys and the Enter key.
During this second step, after moving the 'carat' cursor to an AWS Region in the list and typing the Enter key, the following message is returned (in red text), and the user is unable to proceed.
X Sorry, your reply was invalid: Value is required
Repro steps
▶ mage --version
Mage Build Tool v1.10.0-2-g50f568e
Build Date: 2020-11-04T16:16:07-07:00
Commit: 50f568e
built with: go1.15.3
▶ mage
? AWS Account ID: 000000000000
X Sorry, your reply was invalid: Value is required
? AWS Region: [Use arrows to move, enter to select, type to filter, ? for more help]
> [ ] ap-east-1
[ ] ap-northeast-1
[ ] ap-northeast-2
[ ] ap-south-1
[ ] ap-southeast-1
[ ] ap-southeast-2
[ ] ca-central-1
[ ] eu-central-1
[ ] eu-north-1
[ ] eu-west-1
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.