feat - implement InsecureIgnoreHostKey on ssh.

debeando · Oct 30, 2024 · f22e9d4 · f22e9d4
1 parent 088dcee
commit f22e9d4
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 14 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -7,4 +7,4 @@ RUN go get -d -v
 RUN go build -o /go/bin/zenit-port-forward main.go
 FROM alpine:latest
 COPY --from=builder /go/bin/zenit-port-forward /zenit-port-forward
-ENTRYPOINT ["/zenit-port-forward"]
+ENTRYPOINT ["/zenit-port-forward"]
diff --git a/README.md b/README.md
@@ -1,3 +1,21 @@
 # DeBeAndo Zenit Port Forward
 
-Port forward over SSH, to allow connect remote server on local or private kubernetes cluster.
+Port forward over SSH, allow connect to remote server over SSH to local or private kubernetes cluster.
+
+## Image Description
+
+This image is maintained by DeBeAndo and will be updated regularly on best-effort basis. The image is based on Alpine Linux and only contains the build result of this repository.
+
+## Run
+
+To run container:
+
+```bash
+docker run --detach \
+	--name zenit-port-forward \
+	--publish 3306:3306 \
+	--env SSH_HOST="<ssh_host>" \
+	--env SSH_KEY="`cat /Users/<username>/.ssh/<private>.pem | base64`" \
+	--env REMOTE_HOST="<mysql_host>" \
+	debeando/zenit-port-forward
+```
diff --git a/main.go b/main.go
@@ -1,16 +1,16 @@
 package main
 
 import (
+	"encoding/base64"
 	"fmt"
 	"io"
 	"net"
-	"path/filepath"
+	"os"
 
 	"github.com/debeando/go-common/env"
 	"github.com/debeando/go-common/log"
 
 	"golang.org/x/crypto/ssh"
-	"golang.org/x/crypto/ssh/knownhosts"
 )
 
 var Debug string
@@ -31,39 +31,57 @@ func init() {
 	SSHKey = env.Get("SSH_KEY", "")
 	SSHPort = env.Get("SSH_PORT", "22")
 	SSHUser = env.Get("SSH_USER", "ec2-user")
-}
-
-func main() {
-	knowHost := filepath.Join(env.Get("HOME", ""), ".ssh", "known_hosts")
 
-	knownHostsCallback, err := knownhosts.New(knowHost)
-	if err != nil {
-		log.Error(err.Error())
+	if Debug == "true" {
+		log.SetLevel(log.DebugLevel)
 	}
+}
 
-	signer, err := ssh.ParsePrivateKey([]byte(SSHKey))
+func main() {
+	log.Info("Start DeBeAndo Zenit Port Forward")
+	log.DebugWithFields("Environment Variables", log.Fields{
+		"DEBUG":       Debug,
+		"LOCAL_PORT":  LocalPort,
+		"REMOTE_HOST": RemoteHost,
+		"REMOTE_PORT": RemotePort,
+		"SSH_HOST":    SSHHost,
+		"SSH_KEY":     SSHKey,
+		"SSH_PORT":    SSHPort,
+		"SSH_USER":    SSHUser,
+	})
+
+	key, err := base64.StdEncoding.DecodeString(SSHKey)
+    if err != nil {
+        log.Error(err.Error())
+        os.Exit(2)
+    }
+
+	signer, err := ssh.ParsePrivateKey(key)
 	if err != nil {
 		log.Error(err.Error())
+		os.Exit(3)
 	}
 
 	sshClient := &ssh.ClientConfig{
 		User: SSHUser,
 		Auth: []ssh.AuthMethod{
 			ssh.PublicKeys(signer),
 		},
-		HostKeyCallback:   knownHostsCallback,
+		HostKeyCallback:   ssh.InsecureIgnoreHostKey(),
 		HostKeyAlgorithms: []string{ssh.KeyAlgoED25519},
 	}
 
 	client, err := ssh.Dial("tcp", fmt.Sprintf("%s:%s", SSHHost, SSHPort), sshClient)
 	if err != nil {
 		log.Error(err.Error())
+		os.Exit(4)
 	}
 	defer client.Close()
 
-	listener, err := net.Listen("tcp", fmt.Sprintf("localhost:%s", LocalPort))
+	listener, err := net.Listen("tcp", fmt.Sprintf("0.0.0.0:%s", LocalPort))
 	if err != nil {
 		log.Error(err.Error())
+		os.Exit(5)
 	}
 	defer listener.Close()