Introduce long-lived SSH proxy for Machine ID #42592
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
espadolini
reviewed
Jun 7, 2024
espadolini
approved these changes
Jun 11, 2024
public-teleport-github-review-bot
bot
removed the request for review
from GavinFrazar
Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com>
…vitational/teleport into strideynet/tbot-long-lived-ssh-proxy
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
@strideynet See the table below for backport results.
|
This was referenced Jun 11, 2024
strideynet
added a commit
that referenced
this pull request
Jun 11, 2024
* Skeleton out SSHProxyService * Skeleton out actual service implementation * Simple unit tests for yaml/validation * Add main config file unit test * Crudely copy in the connection handle code * Copy in basic setup code * Add rudimentary "dial cycler" * Tidy up handling of listener closure * Add basic prometheus metrics * Add ssh proxy command connect * Fix crashes * Make session resumption enabled by default * Use `utils.ProxyConn` * last few changes before i convert to socks5 * Rename socket * Add support for loading proxy templates * Tidy up logging * rename to multiplexer * Fix up a few bits * Generate artifacts on initial start * Support specifying command and subcommand * Add identity generation and renewal to ssh multiplexer * Tidy up code post-identity generation * Tidy up logging for connection multiplexing/proxying * Americanize spellings * Info( -> InfoContext( * stash * Replace low-level cycler with higher-level but broken cycler * Remove reference to grpcClientConnInterfaceCloser * minor tweaks and fixes to the cycler * Fix lone tab in the ssh_config template * Better metrics * Fix ineff assign * Simplify config for custom muxcommand * Start wrtiign test * Fix broken fdpass * Potentially flaky but working test * Switch to NULL delimited * Tidy up tests * Remove commented out code * Drain buffer after the conn resumption has been enabled * Change socket name to `v1.sock` * Switch away from JSON * Switch to ProxyCommand style config for overrides * Switch to `filepath` * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Update lib/tbot/ssh/ssh.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Absolute paths * Remove unused dep * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> * Update lib/tbot/ssh/ssh.go Co-authored-by: Tim Buckley <tim@goteleport.com> * Drain buffer as part of proxying goroutine * Fix missing godoc * Missing godoc * Add test for connection cycler * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Simpler buffer draining * Fix race in test * More generous time outs --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Co-authored-by: Tim Buckley <tim@goteleport.com>
strideynet
added a commit
that referenced
this pull request
Jun 11, 2024
* Skeleton out SSHProxyService * Skeleton out actual service implementation * Simple unit tests for yaml/validation * Add main config file unit test * Crudely copy in the connection handle code * Copy in basic setup code * Add rudimentary "dial cycler" * Tidy up handling of listener closure * Add basic prometheus metrics * Add ssh proxy command connect * Fix crashes * Make session resumption enabled by default * Use `utils.ProxyConn` * last few changes before i convert to socks5 * Rename socket * Add support for loading proxy templates * Tidy up logging * rename to multiplexer * Fix up a few bits * Generate artifacts on initial start * Support specifying command and subcommand * Add identity generation and renewal to ssh multiplexer * Tidy up code post-identity generation * Tidy up logging for connection multiplexing/proxying * Americanize spellings * Info( -> InfoContext( * stash * Replace low-level cycler with higher-level but broken cycler * Remove reference to grpcClientConnInterfaceCloser * minor tweaks and fixes to the cycler * Fix lone tab in the ssh_config template * Better metrics * Fix ineff assign * Simplify config for custom muxcommand * Start wrtiign test * Fix broken fdpass * Potentially flaky but working test * Switch to NULL delimited * Tidy up tests * Remove commented out code * Drain buffer after the conn resumption has been enabled * Change socket name to `v1.sock` * Switch away from JSON * Switch to ProxyCommand style config for overrides * Switch to `filepath` * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Update lib/tbot/ssh/ssh.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Absolute paths * Remove unused dep * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> * Update lib/tbot/ssh/ssh.go Co-authored-by: Tim Buckley <tim@goteleport.com> * Drain buffer as part of proxying goroutine * Fix missing godoc * Missing godoc * Add test for connection cycler * Update lib/tbot/service_ssh_multiplexer.go Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> * Simpler buffer draining * Fix race in test * More generous time outs --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Co-authored-by: Tim Buckley <tim@goteleport.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 12, 2024
* Skeleton out SSHProxyService * Skeleton out actual service implementation * Simple unit tests for yaml/validation * Add main config file unit test * Crudely copy in the connection handle code * Copy in basic setup code * Add rudimentary "dial cycler" * Tidy up handling of listener closure * Add basic prometheus metrics * Add ssh proxy command connect * Fix crashes * Make session resumption enabled by default * Use `utils.ProxyConn` * last few changes before i convert to socks5 * Rename socket * Add support for loading proxy templates * Tidy up logging * rename to multiplexer * Fix up a few bits * Generate artifacts on initial start * Support specifying command and subcommand * Add identity generation and renewal to ssh multiplexer * Tidy up code post-identity generation * Tidy up logging for connection multiplexing/proxying * Americanize spellings * Info( -> InfoContext( * stash * Replace low-level cycler with higher-level but broken cycler * Remove reference to grpcClientConnInterfaceCloser * minor tweaks and fixes to the cycler * Fix lone tab in the ssh_config template * Better metrics * Fix ineff assign * Simplify config for custom muxcommand * Start wrtiign test * Fix broken fdpass * Potentially flaky but working test * Switch to NULL delimited * Tidy up tests * Remove commented out code * Drain buffer after the conn resumption has been enabled * Change socket name to `v1.sock` * Switch away from JSON * Switch to ProxyCommand style config for overrides * Switch to `filepath` * Update lib/tbot/service_ssh_multiplexer.go * Update lib/tbot/ssh/ssh.go * Update lib/tbot/service_ssh_multiplexer.go * Absolute paths * Remove unused dep * Update lib/tbot/service_ssh_multiplexer.go * Update lib/tbot/ssh/ssh.go * Drain buffer as part of proxying goroutine * Fix missing godoc * Missing godoc * Add test for connection cycler * Update lib/tbot/service_ssh_multiplexer.go * Simpler buffer draining * Fix race in test * More generous time outs --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Co-authored-by: Tim Buckley <tim@goteleport.com>
github-merge-queue bot
pushed a commit
that referenced
this pull request
Jun 12, 2024
* Skeleton out SSHProxyService * Skeleton out actual service implementation * Simple unit tests for yaml/validation * Add main config file unit test * Crudely copy in the connection handle code * Copy in basic setup code * Add rudimentary "dial cycler" * Tidy up handling of listener closure * Add basic prometheus metrics * Add ssh proxy command connect * Fix crashes * Make session resumption enabled by default * Use `utils.ProxyConn` * last few changes before i convert to socks5 * Rename socket * Add support for loading proxy templates * Tidy up logging * rename to multiplexer * Fix up a few bits * Generate artifacts on initial start * Support specifying command and subcommand * Add identity generation and renewal to ssh multiplexer * Tidy up code post-identity generation * Tidy up logging for connection multiplexing/proxying * Americanize spellings * Info( -> InfoContext( * stash * Replace low-level cycler with higher-level but broken cycler * Remove reference to grpcClientConnInterfaceCloser * minor tweaks and fixes to the cycler * Fix lone tab in the ssh_config template * Better metrics * Fix ineff assign * Simplify config for custom muxcommand * Start wrtiign test * Fix broken fdpass * Potentially flaky but working test * Switch to NULL delimited * Tidy up tests * Remove commented out code * Drain buffer after the conn resumption has been enabled * Change socket name to `v1.sock` * Switch away from JSON * Switch to ProxyCommand style config for overrides * Switch to `filepath` * Update lib/tbot/service_ssh_multiplexer.go * Update lib/tbot/ssh/ssh.go * Update lib/tbot/service_ssh_multiplexer.go * Absolute paths * Remove unused dep * Update lib/tbot/service_ssh_multiplexer.go * Update lib/tbot/ssh/ssh.go * Drain buffer as part of proxying goroutine * Fix missing godoc * Missing godoc * Add test for connection cycler * Update lib/tbot/service_ssh_multiplexer.go * Simpler buffer draining * Fix race in test * More generous time outs --------- Co-authored-by: Edoardo Spadolini <edoardo.spadolini@goteleport.com> Co-authored-by: rosstimothy <39066650+rosstimothy@users.noreply.github.com> Co-authored-by: Tim Buckley <tim@goteleport.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As per #42546
Closes #41977
changelog: Introduces the new Machine ID
ssh-multiplexerservice for significant improvements in SSH performance.