stoggi / sshrimp Goto Github PK
View Code? Open in Web Editor NEW🦐SSH Certificate Authority in a Lambda (on the barbie)
License: MIT License
sshrimp's People
Contributors
Stargazers
Watchers
Forkers
backwardn laurentfough lordwelch lpcalisi gazzenger cslauritsen bramtervoort secdragon mkiah bkyoungsshrimp's Issues
panic: http: multiple registrations for /
Hi @stoggi ! , i was testing the agent with ssh-add exporting the environment variable export SSH_AUTH_SOCK=/tmp/sshrimp.sock. I found an panic error when you delete de identities and then you want get a certificate again.
Replay error:
- Start sshrimp-agent
export SSH_AUTH_SOCK=/tmp/sshrimp.sockssh-add -Lto list and authenticate for first time- after get the cert ,
ssh-add -Dto delete de identities ssh-add -Lto get a new one and see error
I believe that the error is in aws-oidc provider when tries to register again the handler for / or /auth/callback. It's using the Default Server Mux.
Do you know any solution about this? I could develop the fix. Maybe could be solved using mux server in order to up a new server mux for each of them.
In the other hand, i dont know why the error its happened because you shutdown the server after each authentication
Thanks you for support !
panic: http: multiple registrations for /
goroutine 1 [running]:
net/http.(*ServeMux).Handle(0x1d994a0, 0x172f915, 0x1, 0x1977c40, 0xc0002d8340)
/usr/local/Cellar/go/1.14.5/libexec/src/net/http/server.go:2432 +0x2b6
net/http.(*ServeMux).HandleFunc(...)
/usr/local/Cellar/go/1.14.5/libexec/src/net/http/server.go:2469
net/http.HandleFunc(...)
/usr/local/Cellar/go/1.14.5/libexec/src/net/http/server.go:2481
github.com/stoggi/aws-oidc/provider.ProviderConfig.Authenticate(0xc000026280, 0x48, 0xc000028b80, 0x18, 0xc000028b00, 0x1b, 0x101, 0xc00012eec0, 0x4, 0x4, ...)
/Users/lcalisi/go/pkg/mod/github.com/stoggi/[email protected]/provider/provider.go:169 +0xc8d
github.com/stoggi/sshrimp/internal/sshrimpagent.(*sshrimpAgent).List(0xc000170680, 0xc00002ac44, 0x1, 0xc00045db10, 0x109fb42, 0xc000170380)
/Users/lcalisi/alfred-ssh-agent-poc/internal/sshrimpagent/sshrimpagent.go:72 +0xdb
golang.org/x/crypto/ssh/agent.(*server).processRequest(0xc00045dd28, 0xc00002ac44, 0x1, 0x1, 0xc00045dca0, 0x1071d87, 0xc000486060, 0xc00002ac44)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:145 +0x5ec
golang.org/x/crypto/ssh/agent.(*server).processRequestBytes(0xc00045dd28, 0xc00002ac44, 0x1, 0x1, 0x1, 0x1, 0x1)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:30 +0x67
golang.org/x/crypto/ssh/agent.ServeAgent(0x1988920, 0xc000170680, 0x2f41008, 0xc000486060, 0xc000486060, 0xc000020050)
OpenID Fails
Hi @stoggi, i am triying to up sshrimp but i have some problems. I managed to configure Google OpenID and i got the message Signed in successfully, return to cli app, but after it, the agent crash
sshrimp-agent: listening on /tmp/sshrimp.sock
2020/12/18 00:10:19 <nil>
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x13e73e6]
goroutine 1 [running]:
golang.org/x/crypto/ssh.(*Certificate).Type(0x0, 0xc00006ae40, 0xc0003ee100)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/certs.go:494 +0x26
github.com/stoggi/sshrimp/internal/sshrimpagent.(*sshrimpAgent).List(0xc0001fc700, 0xc000096004, 0x1, 0xc00020f9e0, 0x1091e22, 0xc00008e080)
/Users/lcalisi/sshrimp/internal/sshrimpagent/sshrimpagent.go:87 +0x18e
golang.org/x/crypto/ssh/agent.(*server).processRequest(0xc00020fbf8, 0xc000096004, 0x1, 0x1, 0xc00020fb70, 0x10719a7, 0xc000094000, 0xc000096004)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:145 +0x5ec
golang.org/x/crypto/ssh/agent.(*server).processRequestBytes(0xc00020fbf8, 0xc000096004, 0x1, 0x1, 0x1, 0x1, 0x1)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:30 +0x67
golang.org/x/crypto/ssh/agent.ServeAgent(0x1875c00, 0xc0001fc700, 0x2d15008, 0xc000094000, 0xc000094000, 0x0)
/Users/lcalisi/go/pkg/mod/golang.org/x/[email protected]/ssh/agent/server.go:557 +0x1c6
main.launchAgent(0xc0002c65a0, 0xc0001fc100, 0x0, 0x0)
/Users/lcalisi/sshrimp/cmd/sshrimp-agent/main.go:88 +0x537
main.main()
/Users/lcalisi/sshrimp/cmd/sshrimp-agent/main.go:37 +0x4a5How i need to config the OpenID? Additionally, i have another question, how i could get aws credentials to invoke shrimp lambda function through OpenID? Do i need use the aws-oidc ?
My sshrimp.toml looks:
[Agent]
ProviderURL = "https://accounts.google.com"
ClientID = "CLIENT_ID"
ClientSecret = "CLIENT_SECRET"
BrowserCommand = ["open", "-a", "Google Chrome", "{}"]
Socket = "/tmp/sshrimp.sock"
[CertificateAuthority]
AccountID = AWS_ACCOUNT_ID
Regions = ["us-east-1"]
FunctionName = "sshrimp"
KeyAlias = "alias/sshrimp"
ForceCommandRegex = "^$"
SourceAddressRegex = "^$"
UsernameRegex = "^(.*)@example\\.com$"
UsernameClaim = "email"
ValidAfterOffset = "-5m"
ValidBeforeOffset = "+12h"
Extensions = ["no-x11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-pty", "permit-user-rc"]
Read Unix Socket
Hi @stoggi , it is possible get ssh connection data in the agent?
For example.. if i make a connection like ssh ubuntu@host, is it possible that the agent receives this data? if true, maybe we can sign specific certificates for each host and maybe forcing commands o other features.
Thanks you!
mage error: AWS Region: "Sorry, your reply was invalid: Value is required"
Defect Description
When building sshrimp with mage, user is prompted first to provide an AWS Account ID (12 digit number), and then select an AWS Region from a list, using arrow keys and the Enter key.
During this second step, after moving the 'carat' cursor to an AWS Region in the list and typing the Enter key, the following message is returned (in red text), and the user is unable to proceed.
X Sorry, your reply was invalid: Value is required
Repro steps
- Follow instructions under Quickstart
-
- Installed mage
▶ mage --version
Mage Build Tool v1.10.0-2-g50f568e
Build Date: 2020-11-04T16:16:07-07:00
Commit: 50f568e
built with: go1.15.3
-
- run mage
▶ mage
? AWS Account ID: 000000000000
X Sorry, your reply was invalid: Value is required
? AWS Region: [Use arrows to move, enter to select, type to filter, ? for more help]
> [ ] ap-east-1
[ ] ap-northeast-1
[ ] ap-northeast-2
[ ] ap-south-1
[ ] ap-southeast-1
[ ] ap-southeast-2
[ ] ca-central-1
[ ] eu-central-1
[ ] eu-north-1
[ ] eu-west-1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.