Skip to content

feature: read force-command from client certificate #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feature: read force-command from client certificate #56

wants to merge 1 commit into from
+18,499 −2

Conversation

@cyrilst
Copy link
Contributor

@cyrilst cyrilst commented Oct 23, 2025

No description provided.

@cyrilst cyrilst self-assigned this Oct 23, 2025
@cyrilst cyrilst force-pushed the sshcertificate branch 2 times, most recently from a4c999a to dd119da Compare October 23, 2025 14:24
@github-actions
Copy link

github-actions bot commented Oct 23, 2025
edited
Loading

File Coverage
All files 20%
cmd/sshproxy-dumpd/sshproxy-dumpd.go 0%
cmd/sshproxy-replay/sshproxy-replay.go 0%
cmd/sshproxy/commands.go 0%
cmd/sshproxy/recorder.go 0%
cmd/sshproxy/sshproxy.go 31%
cmd/sshproxyctl/sshproxyctl.go 0%
pkg/nodesets/nodesets.go 35%
pkg/record/record.go 0%
pkg/utils/config.go 100%
pkg/utils/configv1.go 100%
pkg/utils/etcd.go 0%
pkg/utils/logging.go 58%
pkg/utils/route.go 10%
pkg/utils/utils.go 92%

Minimum allowed coverage is 0%

Generated by 🐒 cobertura-action against 39f762e

@cyrilst cyrilst force-pushed the sshcertificate branch 2 times, most recently from 7149b30 to 13c8e82 Compare October 31, 2025 13:54
@cyrilst cyrilst marked this pull request as ready for review November 3, 2025 14:23
od-cea
od-cea reviewed Nov 5, 2025
View reviewed changes
Copy link
Member

@od-cea od-cea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good to me but I found typos and may be we can test an invalid certificate ?

cmd/sshproxy/sshproxy.go
// The file contains a publickey
pubKey, _, _, _, err := ssh.ParseAuthorizedKey(key)
if err == nil {
// The pubilckey is parsed
Copy link
Member

@od-cea od-cea Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typos in publickey ;-)

cmd/sshproxy/sshproxy_test.go
"",
" ",
[]string{},
}, {
Copy link
Member

@od-cea od-cea Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we test here a public key with an invalid certificate ?

doc/sshproxy.txt
If the SSH server sets the 'SSH_USER_AUTH' environment variable (see
'ExposeAuthInfo' in openssh's 'sshd_config'), 'sshproxy' uses it to get the
'force-command' directive of the client's signed ssh public key. If a
'force-command' is found, it is used as an argement to the 'ssh' command
Copy link
Member

@od-cea od-cea Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo on argument ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@od-cea od-cea od-cea left review comments

@t-valette t-valette Awaiting requested review from t-valette

@fdiakh fdiakh Awaiting requested review from fdiakh

Assignees

@cyrilst cyrilst

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cyrilst @od-cea