Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Define a specific ssh config file #916

Open
matheorism opened this issue Oct 30, 2023 · 2 comments
Open

[Feature]: Define a specific ssh config file #916

matheorism opened this issue Oct 30, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@matheorism
Copy link

matheorism commented Oct 30, 2023
edited
Loading

Suzieq version

0.21.0

Install Type

None

Feature type

New component

Use case

The aim is to not populate the default ssh_config file, and on this file, we define configuration for each site. It deals with SSH parameters and ProxyCommand that will take care of our transport layer and get the socket.

Proposed functionality/solution

Perhaps this could be defined in the credentials.yaml as a key-value option

ssh_config: /path/to/ssh_config_file

- namespace: testing
  devices:
  - hostname: leaf01
    password: my-password
    username: vagrant
  - hostname: leaf02
    keyfile: /path/to/private/key
    ssh_config: /path/to/ssh_config_file  <----
    username: vagrant
  - hostname: leaf03
    keyfile: /path/to/private/key
    username: vagrant
    key-passphrase: my-passphrase
  - address: 10.0.0.1
    username: vagrant
    password: my-password

External dependencies

No response

Additional Context
@matheorism matheorism added the enhancement New feature or request label Oct 30, 2023
@51qwerty
Copy link

+1 for this enhancement.

This enhancement would be a good improvement as ssh security mechanisms or session monitoring software platforms can be handled outside of suzieq within the systems ssh_config and define the proxy method without having to manipuate or change the core poller of suzieq.

Some examples of software companies may use to secure linux, windows, and other systems:

  • Secure Privacy
  • Kognitio
  • goteleport
  • Osano
  • etc

These types of solutions often have a client that are installed on the system that handles SSH and the client connects through the server for session control and monitoring and is often part of a zero trust strategy.

@ddutt
Copy link
Member

ddutt commented Jan 26, 2025

So, you're saying you don't want to use a single ssh_config file which you can specify BTW via --ssh-config-file command line option to the poller, but want a separate one you specify in the devices section? You don't have to mess with your existing ssh config file, but you can create a new one for use with suzieq and populate it exactly as you want.

The benefits of not having breakup the ssh_config file is that you can keep all your sources together, and not have to break them up per device-section, which is what you'll need to do to use multiple ssh_config files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ddutt @matheorism @51qwerty