add proxy/bastion for connection

[lilyLuLiu]

#9

[adrianriobo]

same as before

[adrianriobo]

I think the if [[ -n "${PROXY_HOST}" && -n "${PROXY_USERNAME}" ]]; then should have its own if...

As one thing is the proxy settings which would be added on the scp part, also here I am just seeing the proxy host and username but it probably would require a private key.

The second part is the if for the target host, if it uses a private key it directly uses the scp -i option if not and it will connect though a pass it uses the sshpass.

But as you see in both cases if we set proxy those settings should be there

[adrianriobo]

Same as before

[adrianriobo]

Only see PROXY_USERNAME and PROXY_HOST, still missing PROXY_PRIVATE_KEY

Unfortunately do not see an easy option (i.e for target host -i) to set the private key for proxy, it seems you would need to create a config file: ~/.ssh/config

And template it with the envs:

Host proxy_host
    HostName proxy_host
    User proxy_user
    IdentityFile /path/to/private_key_for_proxy

Host target_host
    HostName target_host
    User target_user
    IdentityFile /path/to/private_key_for_target
    ProxyJump proxy_host

[adrianriobo]

When you add the private key, I would ask you to test this and comment on the test is successful here 🙏

If you want for testing this without the testing farm stuff as that may complicate things we can use mapt (ask me for this) to spin an airgap machine that will output all the details for both bastion (proxy) and target host so you can use them for testing this.

[lilyLuLiu]

@adrianriobo , I designed that deliverset offers two options for SSH connection:
(1) provide an SSH Config file: proxy can only be used this way.
(2) provide target username and password/key.
What do you think?

[adrianriobo]

I am fine with it, but still if user pass an private key for target host and a private key for proxy you probably would need to compose the conf file no?