Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for connecting to an external system via an SSH tunnel #1020

Merged
merged 44 commits into from
Apr 6, 2021
Merged

Add support for connecting to an external system via an SSH tunnel #1020

merged 44 commits into from
Apr 6, 2021

Conversation

dguggemos
Copy link
Contributor

This PR fixes #985. It extends the managed connections with support for establishing a local port forwarding to an external system, e.g. a broker, via an SSH connection. Ditto takes care of creating the tunnel and using it transparently to connect to the actual endpoint when the functionality is enabled in the connection's configuration.

VadimGue and others added 30 commits March 4, 2021 15:15
@VadimGue
eclipse-ditto#985: Add model for ssh tunnel
6e4aa51 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@VadimGue
eclipse-ditto#985: Fix test error
5a71c07 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@VadimGue
eclipse-ditto#985: Formatting
bdf16ca 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@VadimGue
eclipse-ditto#985: Add test for new credential types
e2af8c3 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@VadimGue
Merge branch 'master' into feature/support-ssh-over-connection
335009b
@VadimGue
Merge remote-tracking branch 'origin/master' into feature/support-ssh…
2a4fbe7 
…-over-connection
@dguggemos
eclipse-ditto#985 Add support to establish a connection via an ssh tu…
08004b2 
…nnel. Ssh tunnel management is done in new SshTunnelActor. The tunnel is controlled (open/close) with the existing state machine in BaseClientActor. Add connecting via tunnel for existing protocols (except Kafka, which requires multiple connections to bottstrap server and zookeeper).

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
Merge branch 'master' into feature/support-ssh-over-connection
a89d18f 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@VadimGue
eclipse-ditto#985: Fix extraction of known hosts
2effbd9 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@dguggemos
eclipse-ditto#985 fix handling of error on initial mqtt connection, e…
6a1a5b5 
…stablish ssh tunnel when testing a connection

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 review addition of ssh tunnel to connection model, …
6e7a701 
…add username to ssh public key credentials

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 apply public key credentials for ssh tunnel
41f0fef 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 simplify fingerprint verification
cc80346 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 fix loading of public key and move context informat…
4d1b7f8 
…ion for parsing errors to ExceptionMapper

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 fix KafkaClientActorTest
1a5c8c2 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 add validation of ssh tunnel configuration
4ecb547 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 add javadoc, more logging
a534c07 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 set supported client side user auth method
685e9df 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 set exclusive public key/password identity on ssh s…
40ffaee 
…ession (no default fallbacks)

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 rename SshPublicKeyCredentials
fa60833 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 use default mqtt connect and socket timeout
970dc9d 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 limit supported ssh client authentication methods g…
dce01a4 
…lobally

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 provide exception class name if exception message i…
ae095b6 
…s null in connectivity error responses

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 add some javadoc, remove TODO
f9e0203 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 document ssh tunneling feature
d34a43d 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 move tunneling doc to separate section and refer to…
4cb49fb 
… it from basic section

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 reject ssh tunneling for kafka connections
2b49516 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 add reference to SSH RFC and hint about possible pe…
79f6477 
…rformance impact of using ssh tunneling

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 fix message format of connection logs
5703e35 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@VadimGue
eclipse-ditto#985 add comment
0de15d1 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
VadimGue and others added 12 commits March 29, 2021 13:28
@VadimGue
Merge branch 'master' into feature/support-ssh-over-connection
60095fa 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@dguggemos
eclipse-ditto#985 add missing javadoc, remove debug log statements
cc4d81d 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 add missing javadoc
b451b3b 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
Merge branch 'master' into feature/support-ssh-over-connection
d8db4b7 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@VadimGue
Fix formatting of blogpost
136765b 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@dguggemos
eclipse-ditto#985 minor documentation fixes
28896ff 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 improve exception message if tunnel actor is starte…
77aefe0 
…d without required configuration, restart tunnel actor in case of an unexpected failure

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 also validate ssh host, extract HostValidator inter…
29d4133 
…face to improve testability

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@dguggemos
eclipse-ditto#985 add note about security considerations when using s…
e6795ab 
…sh tunneling

Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@VadimGue
eclipse-ditto#985 Fix copyright header
6818a55 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@dguggemos
Merge branch 'master' into feature/support-ssh-over-connection
566f65a 
Signed-off-by: Dominik Guggemos <dominik.guggemos@bosch.io>
@VadimGue
eclipse-ditto#985 Add blog post for SSH tunnel for managed connections
6428711 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@VadimGue
eclipse-ditto#985 Add @SInCE tag
c825dd7 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@VadimGue
eclipse-ditto#985 Add blog findings
9b4ff3f 
Signed-off-by: Vadim Guenther <vadim.guenther@bosch.io>
@VadimGue
Copy link
Contributor

VadimGue commented Apr 6, 2021

@thjaeckle i added the @since tags

@thjaeckle thjaeckle added this to the 2.0.0 milestone Apr 6, 2021
@thjaeckle thjaeckle merged commit c7742f1 into eclipse-ditto:master Apr 6, 2021
@thjaeckle thjaeckle deleted the feature/support-ssh-over-connection branch April 6, 2021 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thjaeckle thjaeckle thjaeckle left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0.0-M2
Development

Successfully merging this pull request may close these issues.

Support managed connection via SSH tunnel
3 participants
@dguggemos @VadimGue @thjaeckle