Merge pull request #88 from SentriusLLC/copilot/fix-87

Implement SSH Server proxy with dynamic HostSystem integration, comprehensive testing, and production roadmap

Author: phrocker

.local.env

@@ -1,8 +1,9 @@
-SENTRIUS_VERSION=1.1.341
+SENTRIUS_VERSION=1.1.345
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42
 SENTRIUS_AI_AGENT_VERSION=1.1.263
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
-AGENTPROXY_VERSION=1.0.85
+AGENTPROXY_VERSION=1.0.85
+SSHPROXY_VERSION=1.0.40

.local.env.bak

@@ -1,8 +1,9 @@
-SENTRIUS_VERSION=1.1.341
+SENTRIUS_VERSION=1.1.345
 SENTRIUS_SSH_VERSION=1.1.41
 SENTRIUS_KEYCLOAK_VERSION=1.1.53
 SENTRIUS_AGENT_VERSION=1.1.42
 SENTRIUS_AI_AGENT_VERSION=1.1.263
 LLMPROXY_VERSION=1.0.78
 LAUNCHER_VERSION=1.0.82
-AGENTPROXY_VERSION=1.0.85
+AGENTPROXY_VERSION=1.0.85
+SSHPROXY_VERSION=1.0.40

api/src/main/java/io/sentrius/sso/websocket/AuditSocketHandler.java

@@ -8,8 +8,10 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
+import io.sentrius.sso.core.integrations.ssh.DataWebSession;
 import io.sentrius.sso.core.services.security.CryptoService;
 import io.sentrius.sso.core.services.terminal.SessionTrackingService;
+import io.sentrius.sso.core.services.SshListenerService;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
@@ -43,7 +45,7 @@ public void afterConnectionEstablished(WebSocketSession session) throws Exceptio
                 // Store the WebSocket session using the session ID from the query parameter
                 sessions.put(sessionId, session);
                 log.trace("*AUDITING New connection established, session ID: " + sessionId);
-                sshListenerService.startAuditingSession(sessionId, session);
+                sshListenerService.startAuditingSession(sessionId, new DataWebSession(session));
             } else {
                 log.trace("Session ID not found in query parameters.");
                 session.close(); // Close the session if no valid session ID is provided

api/src/main/java/io/sentrius/sso/websocket/ChatListenerService.java

@@ -19,6 +19,7 @@
 import io.sentrius.sso.core.services.security.IntegrationSecurityTokenService;
 import io.sentrius.sso.core.services.terminal.SessionTrackingService;
 import io.sentrius.sso.core.utils.JsonUtil;
+import io.sentrius.sso.core.services.SshListenerService;
 import io.sentrius.sso.genai.ChatConversation;
 import io.sentrius.sso.genai.GenerativeAPI;
 import io.sentrius.sso.genai.GeneratorConfiguration;

api/src/main/java/io/sentrius/sso/websocket/TerminalWSHandler.java

@@ -3,10 +3,12 @@
 
 import io.sentrius.sso.automation.auditing.Trigger;
 import io.sentrius.sso.automation.auditing.TriggerAction;
+import io.sentrius.sso.core.integrations.ssh.DataWebSession;
 import io.sentrius.sso.core.model.chat.ChatLog;
 import io.sentrius.sso.core.services.ChatService;
 import io.sentrius.sso.core.services.metadata.TerminalSessionMetadataService;
 import io.sentrius.sso.core.services.security.CryptoService;
+import io.sentrius.sso.core.services.SshListenerService;
 import io.sentrius.sso.core.utils.StringUtils;
 import io.sentrius.sso.protobuf.Session;
 import io.sentrius.sso.core.services.terminal.SessionTrackingService;
@@ -57,7 +59,7 @@ public void afterConnectionEstablished(WebSocketSession session) throws Exceptio
                 // Store the WebSocket session using the session ID from the query parameter
                 sessions.put(sessionId, session);
                 log.debug("New connection established, session ID: " + sessionId);
-                sshListenerService.startListeningToSshServer(sessionId, session);
+                sshListenerService.startListeningToSshServer(sessionId, new DataWebSession(session));
             } else {
                 log.trace("Session ID not found in query parameters.");
                 session.close(); // Close the session if no valid session ID is provided

api/src/main/resources/db/migration/V19__alter_hostsystems.sql

@@ -0,0 +1,3 @@
+ALTER TABLE host_systems
+    ADD COLUMN proxied_ssh_server BOOLEAN DEFAULT FALSE,
+ADD COLUMN proxied_ssh_port INTEGER DEFAULT 0;

api/src/main/resources/db/migration/V20__alter_hostgroups.sql

@@ -0,0 +1,2 @@
+ALTER TABLE host_groups
+ADD COLUMN proxied_ssh_port INTEGER DEFAULT 0;

core/src/main/java/io/sentrius/sso/core/dto/HostGroupDTO.java

@@ -18,6 +18,8 @@ public class HostGroupDTO {
     private String displayName;
     private String description;
     private int hostCount = 0;
+    @Builder.Default
+    private int proxiedSSHPort = 0;
     private ProfileConfiguration configuration;
     List<UserDTO> users = new ArrayList<>();
 

dataplane/src/main/java/io/sentrius/sso/automation/auditing/BaseAccessTokenAuditor.java

@@ -7,11 +7,7 @@
 import io.sentrius.sso.core.model.users.User;
 
 public abstract class BaseAccessTokenAuditor {
-/*
-  protected final Long userId;
-  protected final Long sessionId;
 
-  protected final Long systemId;*/
   protected final HostSystem system;
   protected final SessionLog session;
   protected final User user;

dataplane/src/main/java/io/sentrius/sso/core/integrations/ssh/DataSession.java

@@ -0,0 +1,13 @@
+package io.sentrius.sso.core.integrations.ssh;
+
+import java.io.IOException;
+import org.springframework.web.socket.WebSocketMessage;
+
+public interface DataSession {
+
+    String getId();
+
+    boolean isOpen();
+
+    void sendMessage(WebSocketMessage<?> message) throws IOException;
+}