erik/converge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
186 Commits 1 Branch 0 Tags 5.1 MiB
427ebb2c78
Commit Graph

132 Commits

Author SHA1 Message Date
Erik Brakkee
9456665a6f Preparation for alternative context path. 
The contextpath parameter in converge.go is
temporary and should be removed later. What is needed is autodetectio of the context path for the usage page and passing on the context for rendering.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
b41317c598 Lots of work on making easier interactive documentation, especially to make working with SSH public keys really easy. 
Next step is to do more validation in the UI.
Specifically:
* validate authorized keys
* detection of accidental use of a private key

Then, password based access can be disabled.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
49db7578a7 large parts of the usage is now dynamic. 
Still need to generate instructions for authorized keys. A lot of troubleshooting for the form to cookie persistence.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
62b51a6d09 work in progress: 
* usage page now has more dynamic part where user
  can enter id and publis ssh keys and the server will
  generate the appropriate commmands to execute depending on the local and remote shell.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
830594740b * session will now expire some time after last user 
activity and updated documentation.
* downloads will now download again. Because of hx-boost
  the downloads where rendered in the browser. Now
  disabling hx-boost for the downloads section.
* relative link for sessions page
 2024-09-08 11:16:49 +02:00
Erik Brakkee
a9bd539175 Updated documentation: 
* remote shell usage for linux, cmd, and powershell
* help of wsproxy.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
adee89cc08 Now by default wsproxy uses a specific protocol to establish connections to the server. It does this by adding the ?wsproxy query parameter. 
The server then sends it the protocol version and the client connection info describing whether an agent was found or not. This improves usability for users.

With the --raw option it bypasses this query parameter and wsproxy then works in the old way as a simple stdio-websocket connector. It then still works with converge server but can also be used for simple websocket troubleshooting.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
e141007f0a Now displaying agent number instead of id. 
Passing timezone to server side for rendering of time stamps
Configuration of preferred shells.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
d6fc2e4118 Rendering status as HTML tables. 2024-09-08 11:16:49 +02:00
Erik Brakkee
638dffd143 doing the same thing as before but now rendering the 
status using a template.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
882f97fa17 many small changes 
* removed the Async utility
* now using Ping message to webclient for keep alive instaed of actual content
* added remote shell to AgentInfo
* retry of connections to the agent
* better logging for SynchronizeStreams
 2024-09-08 11:16:49 +02:00
Erik Brakkee
9d460b9cf3 usage fix (agent was renamed by intellij to session) 
Now using embedded timezone database by go so setting the TZ variable will work.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
d6d2d5648c Live updates of the sessions. 
V1 in ascii-art. To be improved.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
100771a7ba restructuring 2024-09-08 11:16:49 +02:00
Erik Brakkee
60d641a1a4 When a duplicate id is requested the server now allocates a new unique id so that the session can be handled anyway. 2024-09-08 11:16:49 +02:00
Erik Brakkee
816e8d8609 refactoring towards being able to send events from Admin to UI (websocket) without exposing connection info but only metadata. 2024-09-08 11:16:49 +02:00
Erik Brakkee
0e8ed86be3 basic htmx with server sending content to the client over a websocket is now working. This only worked when text message where being sent so the websocket handling had to be made configurable with a 'text' boolean field. 2024-09-08 11:16:49 +02:00
Erik Brakkee
f6ea7a56a9 tabbed interface. 2024-09-08 11:16:49 +02:00
Erik Brakkee
e0771c095b split up in separate pages. 2024-09-08 11:16:49 +02:00
Erik Brakkee
80a536c70e docs page now working again. 2024-09-08 11:16:49 +02:00
Erik Brakkee
8fd17ed75d Split up the main page into different parts. 2024-09-08 11:16:49 +02:00
Erik Brakkee
fcfe8a6637 Split up the main page into different parts. 2024-09-08 11:16:49 +02:00
Erik Brakkee
4b05d7e8d8 Now rendering the index.html using the Templ library. 
This is in preparation for:
1. creating a base page
2. using tabs: Home, Using, Downloads, Status
3. htmx
 2024-09-08 11:16:49 +02:00
Erik Brakkee
e01a2bc729 Added pprof to convergeserver and optionally to 
the agent if PPROF_PORT is set.

Fixed issue with converge server not cleaning up goroutines because of blocking channel. Made sure to create channels with > 1 size everywhere it can be done. The blocking behavior of a default channel size is mostly in the way.

Known issue: Killing the SSH client will lead to the server side process not being terminated and some goroutines still running in the agent. This would require additional investigation to solve. The remote processes are still being cleaned up ok (at least on linux) when the agent exits.

This should not be an issue at all since the agent is a short-lived process and when running in a containerized environment with containers running on demand the cleanup will definitely work.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
788050df32 Unique ids for clients generated by converge server and made available to the ssh session through a net.Conn extension that passes the ID to the SSH session through the LocalAddr(). 2024-09-08 11:16:49 +02:00
Erik Brakkee
9d0675b2f2 initialization of username, password on client (from server) and initialization of agentinfo on server is now done as soon as the agent registered and not through a side channel. 
Making use of some simple utilities for GOB to make it easy to send objects over the line.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
ada34495ef GOB channel for easily and asynchronously using GOB on a single network connection, also dealing with timeouts and errors in a good way. 
Protocol version is now checked when the agent connects to the converge server.

Next up: sending connection metadata and username password from server to agent and sending environment information back to the server. This means then that the side channel will only be used for expiry time messages and session type with the client id passed in so the converge server can than correlate the results back to the correct channel.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
d3cbf8388f Lots of refactoring. 
Now hijacking the ssh connection setup in the listener to exchange some information before passing the connection on to the SSH server.

Next step is to do the full exchange of required information and to make it easy some simple Read and Write methods with timeouts are needed that use gob.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
4d660a6805 Updated deployment with username and password settings. 
index.html template now also uses the configured password.
 2024-09-08 11:16:49 +02:00
Erik Brakkee
f5ebb6c37b user security best practice of having no default passwords. 2024-09-08 11:16:48 +02:00
Erik Brakkee
8eba25575e password of converge now configurable through 
CONVERGE_USERNAME and CONVERGE_PASSWORD environment
variables.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
eb4195d0e9 good url validation. 2024-09-08 11:16:48 +02:00
Erik Brakkee
9b8023496c Some cleanup in the agent code. 
Now supporting authorized SSH keys in the
.authorized_keys file.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
d839583f7b communication between agent and server. Removed the flags libray for command-line parsing. 
Heartbeat mechanism from client to server over the custom connection for sending events to guarantee that the connectoin stays up.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
40e8d56429 removed read and write dead lines. Appears to be still working. 2024-09-08 11:16:48 +02:00
Erik Brakkee
6f4929301d status update now reported to the server. More robustness needed. 2024-09-08 11:16:48 +02:00
Erik Brakkee
ffeca2a533 First version with basic communication from agent to server working. 2024-09-08 11:16:48 +02:00
Erik Brakkee
f5fb7c5ed2 direct communication channel now setup between agent and converge server 2024-09-08 11:16:48 +02:00
Erik Brakkee
ff9adfeb24 Extraction of communication setup in separate entity with client and related server code close together to make the setup easier to understand. 2024-09-08 11:16:48 +02:00
Erik Brakkee
7351fdaf9c welcome message for users now specific for windows and linux 
monitoring of hold file changes and messaging to users to provide more
  interactivity
 2024-09-08 11:16:48 +02:00
Erik Brakkee
9b2e8709fb added fsnotify example, to check bahavior on windows. 2024-09-08 11:16:48 +02:00
Erik Brakkee
2dae10d093 added insecure flag to allow invalid certificates. 2024-09-08 11:16:48 +02:00
Erik Brakkee
5c0e3401f4 command-line argument parsing with error handling for all commands that are referred to on the docs page. 2024-09-08 11:16:48 +02:00
Erik Brakkee
815f1fa927 converge now uses flags for the command-line parsing. 2024-09-08 11:16:48 +02:00
Erik Brakkee
6e2ed858e4 fileserver now uses go template language. 
updated docs for windows.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
38869b5faa moved fileserver to separate file. 2024-09-08 11:16:48 +02:00
Erik Brakkee
2f9cead5c3 eliminated unused setWindowSize files. 2024-09-08 11:16:48 +02:00
Erik Brakkee
8c44943a48 * fixes for windows 
* detect kill ssh session
* include sftp session in the count of ssh sessions
* log session type in the agent
 2024-09-08 11:16:48 +02:00
Erik Brakkee
5c36843166 list of shells to try in windows. 2024-09-08 11:16:48 +02:00
Erik Brakkee
1e422dd698 refactoring to support both windows and linux with totally different Pty code. 2024-09-08 11:16:48 +02:00
Erik Brakkee
2f40f86294 cross compilation on windows working. 
pty.Start() is not supported on windows
 2024-09-08 11:16:48 +02:00
Erik Brakkee
cb00c5e4eb renamed cidebug module to converge 2024-09-08 11:16:48 +02:00
Erik Brakkee
f459d12bea agent now giving the exact commands to run to use it from the client 
side.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
9fc0241d08 lots of work to make it actually work. 
Icluding the server keep alive interval.
Fix where expiry duration was added twice.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
aa46ed7b5c Lots of work on docuemtation. The docs page now shows the correct 
installation dependent URLs. For now using ServerALiveInterval
to avoid disconnects.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
19c728938a updated docs for new proxycommand. 2024-09-08 11:16:48 +02:00
Erik Brakkee
7ee5658cbc added proxycomamnd to be used directly by ssh 2024-09-08 11:16:48 +02:00
Erik Brakkee
f5bc8d7b74 redirect all non-matched urls to the docs. 2024-09-08 11:16:48 +02:00
Erik Brakkee
91cc99fdfe now with online downloads and docs. 2024-09-08 11:16:48 +02:00
Erik Brakkee
dedbc39144 now serving files from a downloads directory so that the executables 
can be downloaded from a ci job
 2024-09-08 11:16:48 +02:00
Erik Brakkee
85caa6cb5a simple session management solution with a .hold file and messages to the 
user with better formatting.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
e945e7453b basic session management is now implemented. 2024-09-08 11:16:48 +02:00
Erik Brakkee
ed922a235f agent now uses a fixed host key using the go embed package. 
Printing welcome message when user logs in.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
1d2a047dfc lots of restructuring. 
Experimensts with websockets over yamux failed. Now going to use a
second connection to the server from the agent.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
3e6ec05877 moved websocket utils to separate package to allow use by the agent. 2024-09-08 11:16:48 +02:00
Erik Brakkee
6857eb6ff9 generating key automatically on the agent side. Should be done later at the rendez-vous server since there will be many agents running on different servers 2024-09-08 11:16:48 +02:00
Erik Brakkee
571ca2ca9e easy switching between different service types. 
Working now with ssh as well.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
783a8db7a6 structuring into packages 2024-09-08 11:16:48 +02:00
Erik Brakkee
41403476c6 working server 
* administration appears coorect
* multiple clients for one agent
* logging of active connections
* simple echo server on the agent.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
ff71dbac52 agent is now setting up ws connection to server. 
Next: adding multiplexing and listening on a socket.
 2024-09-08 11:16:48 +02:00
Erik Brakkee
72d128998b First agent version, passing in external listener fo ssh so it can be used later with yamux as well. 2024-09-08 11:16:48 +02:00
Erik Brakkee
ad7314ca5a cleanup now works. Clients and agents can connect and disconnect at will. 2024-09-08 11:16:48 +02:00
Erik Brakkee
feb4639c7d dynamic publicId now working with single connection to agent. Cleanup is not working yet. 2024-09-08 11:16:48 +02:00
Erik Brakkee
e48f405fcc rendezvous mechanism with fixed id is now working. 2024-09-08 11:16:48 +02:00
Erik Brakkee
0fe6824522 first rendez vous: 
1. two websocket clients connecting: one as agent and one as client
2. bidirectional communication between the two
 2024-09-08 11:16:48 +02:00
Erik Brakkee
58ee5d7e85 further generalizatio of synchronizing two streams of data. 2024-09-08 11:16:48 +02:00
Erik Brakkee
c5f31f660c now using in wstotcp as well. 2024-09-08 11:16:48 +02:00
Erik Brakkee
6b9dc2bfbe moved websocket wrapper to iowrappers package. 2024-09-08 11:16:48 +02:00
Erik Brakkee
a6a0f287dc generalizing websocket connection to reader/writer. 2024-09-08 11:16:48 +02:00
Erik Brakkee
7b2523630a ssh client -> tcptows -> wstotcp -> sshserver works. 2024-09-08 11:16:48 +02:00
Erik Brakkee
25e9e944b2 added makefile for building. 2024-09-08 11:16:48 +02:00
Erik Brakkee
5951a1b705 restructuring. 2024-09-08 11:16:48 +02:00