feat: add ssh and rsync commands

coadler · coadler · commit 11302b388238 · 2024-08-21T19:16:33.000Z
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 dist
+test
diff --git a/README.md b/README.md
@@ -1 +1,3 @@
-# wush - secure shells and file transfers behind nat
+# wush - wireguard powered shells and file transfers behind nat
+
+[![Go Reference](https://pkg.go.dev/badge/github.com/coder/wush.svg)](https://pkg.go.dev/github.com/coder/wush)
diff --git a/cmd/wush/main.go b/cmd/wush/main.go
@@ -8,9 +8,10 @@ import (
 )
 
 func main() {
-	cmd := sendCmd()
+	cmd := sshCmd()
 	cmd.Children = []*serpent.Command{
 		receiveCmd(),
+		rsyncCmd(),
 	}
 	err := cmd.Invoke().WithOS().Run()
 	if err != nil {
diff --git a/cmd/wush/rsync.go b/cmd/wush/rsync.go
@@ -0,0 +1,118 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"log/slog"
+	"net/netip"
+	"os/exec"
+	"strings"
+
+	"github.com/charmbracelet/huh"
+
+	"github.com/coder/serpent"
+	"github.com/coder/wush/cliui"
+	"github.com/coder/wush/overlay"
+	"github.com/coder/wush/tsserver"
+)
+
+func rsyncCmd() *serpent.Command {
+	var (
+		authID             string
+		overlayTransport   string
+		stunAddrOverride   string
+		stunAddrOverrideIP netip.Addr
+		sshStdio           bool
+	)
+	return &serpent.Command{
+		Use: "rsync",
+		Long: "Runs rsync to transfer files to a " + cliui.Code("wush") + " peer. " +
+			"Use " + cliui.Code("wush receive") + " on the computer you would like to connect to.",
+		Handler: func(inv *serpent.Invocation) error {
+			ctx := inv.Context()
+			logger := slog.New(slog.NewTextHandler(io.Discard, nil))
+
+			if authID == "" {
+				err := huh.NewInput().
+					Title("Enter your Auth ID:").
+					Value(&authID).
+					Run()
+				if err != nil {
+					return fmt.Errorf("get auth id: %w", err)
+				}
+			}
+
+			dm, err := tsserver.DERPMapTailscale(ctx)
+			if err != nil {
+				return err
+			}
+
+			if stunAddrOverride != "" {
+				stunAddrOverrideIP, err = netip.ParseAddr(stunAddrOverride)
+				if err != nil {
+					return fmt.Errorf("parse stun addr override: %w", err)
+				}
+			}
+
+			send := overlay.NewSendOverlay(logger, dm)
+			send.STUNIPOverride = stunAddrOverrideIP
+
+			err = send.Auth.Parse(authID)
+			if err != nil {
+				return fmt.Errorf("parse auth key: %w", err)
+			}
+
+			fmt.Println("Auth information:")
+			stunStr := send.Auth.ReceiverStunAddr.String()
+			if !send.Auth.ReceiverStunAddr.IsValid() {
+				stunStr = "Disabled"
+			}
+			fmt.Println("\t> Server overlay STUN address:", cliui.Code(stunStr))
+			derpStr := "Disabled"
+			if send.Auth.ReceiverDERPRegionID > 0 {
+				derpStr = dm.Regions[int(send.Auth.ReceiverDERPRegionID)].RegionName
+			}
+			fmt.Println("\t> Server overlay DERP home:   ", cliui.Code(derpStr))
+			fmt.Println("\t> Server overlay public key:  ", cliui.Code(send.Auth.ReceiverPublicKey.ShortString()))
+			fmt.Println("\t> Server overlay auth key:    ", cliui.Code(send.Auth.OverlayPrivateKey.Public().ShortString()))
+
+			args := []string{
+				"-c",
+				"rsync --progress --stats -avz --human-readable " + fmt.Sprintf("-e=\"wush --auth-id %s --stdio --\" ", send.Auth.AuthKey()) + strings.Join(inv.Args, " "),
+			}
+			fmt.Println("Running: rsync", args)
+			cmd := exec.CommandContext(ctx, "sh", args...)
+			cmd.Stdin = inv.Stdin
+			cmd.Stdout = inv.Stdout
+			cmd.Stderr = inv.Stderr
+
+			return cmd.Run()
+		},
+		Options: []serpent.Option{
+			{
+				Flag:        "auth-id",
+				Env:         "WUSH_AUTH_ID",
+				Description: "The auth id returned by " + cliui.Code("wush receive") + ". If not provided, it will be asked for on startup.",
+				Default:     "",
+				Value:       serpent.StringOf(&authID),
+			},
+			{
+				Flag:        "overlay-transport",
+				Description: "The transport to use on the overlay. The overlay is used to exchange Wireguard nodes between peers. In DERP mode, nodes are exchanged over public Tailscale DERPs, while STUN mode sends nodes directly over UDP.",
+				Default:     "derp",
+				Value:       serpent.EnumOf(&overlayTransport, "derp", "stun"),
+			},
+			{
+				Flag:    "stun-ip-override",
+				Default: "",
+				Value:   serpent.StringOf(&stunAddrOverride),
+			},
+			{
+				Flag:        "stdio",
+				Description: "Run SSH over stdin/stdout. This allows wush to be used as a transport for other programs, like rsync or regular ssh.",
+				Default:     "false",
+				Value:       serpent.BoolOf(&sshStdio),
+			},
+		},
+	}
+}
diff --git a/cmd/wush/ssh.go b/cmd/wush/ssh.go
@@ -7,36 +7,33 @@ import (
 	"io"
 	"log/slog"
 	"net/netip"
-	"os"
 	"time"
 
 	"github.com/charmbracelet/huh"
-	"github.com/mattn/go-isatty"
-	"golang.org/x/crypto/ssh"
-	"golang.org/x/term"
-	"golang.org/x/xerrors"
 	"tailscale.com/client/tailscale"
 	"tailscale.com/net/netns"
 	"tailscale.com/tailcfg"
 
-	"github.com/coder/coder/v2/pty"
 	"github.com/coder/serpent"
 	"github.com/coder/wush/cliui"
 	"github.com/coder/wush/overlay"
 	"github.com/coder/wush/tsserver"
 	xssh "github.com/coder/wush/xssh"
 )
 
-func sendCmd() *serpent.Command {
+func sshCmd() *serpent.Command {
 	var (
 		authID             string
 		waitP2P            bool
 		overlayTransport   string
 		stunAddrOverride   string
 		stunAddrOverrideIP netip.Addr
+		sshStdio           bool
 	)
 	return &serpent.Command{
-		Use: "send",
+		Use: "wush",
+		Long: "Opens an SSH connection to a " + cliui.Code("wush") + " peer. " +
+			"Use " + cliui.Code("wush receive") + " on the computer you would like to connect to.",
 		Handler: func(inv *serpent.Invocation) error {
 			ctx := inv.Context()
 			logger := slog.New(slog.NewTextHandler(io.Discard, nil))
@@ -71,19 +68,21 @@ func sendCmd() *serpent.Command {
 				return fmt.Errorf("parse auth key: %w", err)
 			}
 
-			fmt.Println("Auth information:")
-			stunStr := send.Auth.ReceiverStunAddr.String()
-			if !send.Auth.ReceiverStunAddr.IsValid() {
-				stunStr = "Disabled"
-			}
-			fmt.Println("\t> Server overlay STUN address:", cliui.Code(stunStr))
-			derpStr := "Disabled"
-			if send.Auth.ReceiverDERPRegionID > 0 {
-				derpStr = dm.Regions[int(send.Auth.ReceiverDERPRegionID)].RegionName
+			if !sshStdio {
+				fmt.Println("Auth information:")
+				stunStr := send.Auth.ReceiverStunAddr.String()
+				if !send.Auth.ReceiverStunAddr.IsValid() {
+					stunStr = "Disabled"
+				}
+				fmt.Println("\t> Server overlay STUN address:", cliui.Code(stunStr))
+				derpStr := "Disabled"
+				if send.Auth.ReceiverDERPRegionID > 0 {
+					derpStr = dm.Regions[int(send.Auth.ReceiverDERPRegionID)].RegionName
+				}
+				fmt.Println("\t> Server overlay DERP home:   ", cliui.Code(derpStr))
+				fmt.Println("\t> Server overlay public key:  ", cliui.Code(send.Auth.ReceiverPublicKey.ShortString()))
+				fmt.Println("\t> Server overlay auth key:    ", cliui.Code(send.Auth.OverlayPrivateKey.Public().ShortString()))
 			}
-			fmt.Println("\t> Server overlay DERP home:   ", cliui.Code(derpStr))
-			fmt.Println("\t> Server overlay public key:  ", cliui.Code(send.Auth.ReceiverPublicKey.ShortString()))
-			fmt.Println("\t> Server overlay auth key:    ", cliui.Code(send.Auth.OverlayPrivateKey.Public().ShortString()))
 
 			s, err := tsserver.NewServer(ctx, logger, send)
 			if err != nil {
@@ -112,9 +111,9 @@ func sendCmd() *serpent.Command {
 			ts.Logf = func(string, ...any) {}
 			ts.UserLogf = func(string, ...any) {}
 
-			fmt.Println("Bringing Wireguard up..")
+			// fmt.Println("Bringing Wireguard up..")
 			ts.Up(ctx)
-			fmt.Println("Wireguard is ready!")
+			// fmt.Println("Wireguard is ready!")
 
 			lc, err := ts.LocalClient()
 			if err != nil {
@@ -133,87 +132,13 @@ func sendCmd() *serpent.Command {
 				}
 			}
 
-			conn, err := ts.Dial(ctx, "tcp", ip.String()+":3")
-			if err != nil {
-				return err
-			}
-
-			sshConn, channels, requests, err := ssh.NewClientConn(conn, "localhost:22", &ssh.ClientConfig{
-				HostKeyCallback: ssh.InsecureIgnoreHostKey(),
-			})
-			if err != nil {
-				return err
-			}
-
-			sshClient := ssh.NewClient(sshConn, channels, requests)
-			sshSession, err := sshClient.NewSession()
-			if err != nil {
-				return err
-			}
-
-			stdinFile, validIn := inv.Stdin.(*os.File)
-			stdoutFile, validOut := inv.Stdout.(*os.File)
-			if validIn && validOut && isatty.IsTerminal(stdinFile.Fd()) && isatty.IsTerminal(stdoutFile.Fd()) {
-				inState, err := pty.MakeInputRaw(stdinFile.Fd())
-				if err != nil {
-					return err
-				}
-				defer func() {
-					_ = pty.RestoreTerminal(stdinFile.Fd(), inState)
-				}()
-				outState, err := pty.MakeOutputRaw(stdoutFile.Fd())
-				if err != nil {
-					return err
-				}
-				defer func() {
-					_ = pty.RestoreTerminal(stdoutFile.Fd(), outState)
-				}()
-
-				windowChange := xssh.ListenWindowSize(ctx)
-				go func() {
-					for {
-						select {
-						case <-ctx.Done():
-							return
-						case <-windowChange:
-						}
-						width, height, err := term.GetSize(int(stdoutFile.Fd()))
-						if err != nil {
-							continue
-						}
-						_ = sshSession.WindowChange(height, width)
-					}
-				}()
-			}
-
-			err = sshSession.RequestPty("xterm-256color", 128, 128, ssh.TerminalModes{})
-			if err != nil {
-				return xerrors.Errorf("request pty: %w", err)
-			}
-
-			sshSession.Stdin = inv.Stdin
-			sshSession.Stdout = inv.Stdout
-			sshSession.Stderr = inv.Stderr
-
-			err = sshSession.Shell()
-			if err != nil {
-				return xerrors.Errorf("start shell: %w", err)
-			}
-
-			if validOut {
-				// Set initial window size.
-				width, height, err := term.GetSize(int(stdoutFile.Fd()))
-				if err == nil {
-					_ = sshSession.WindowChange(height, width)
-				}
-			}
-
-			return sshSession.Wait()
+			return xssh.TailnetSSH(ctx, inv, ts, ip.String()+":3", sshStdio)
 		},
 		Options: []serpent.Option{
 			{
 				Flag:        "auth-id",
-				Description: "The auth id returned by `wush receive`. If not provided, it will be asked for on startup.",
+				Env:         "WUSH_AUTH_ID",
+				Description: "The auth id returned by " + cliui.Code("wush receive") + ". If not provided, it will be asked for on startup.",
 				Default:     "",
 				Value:       serpent.StringOf(&authID),
 			},
@@ -228,6 +153,12 @@ func sendCmd() *serpent.Command {
 				Default: "",
 				Value:   serpent.StringOf(&stunAddrOverride),
 			},
+			{
+				Flag:        "stdio",
+				Description: "Run SSH over stdin/stdout. This allows wush to be used as a transport for other programs, like rsync or regular ssh.",
+				Default:     "false",
+				Value:       serpent.BoolOf(&sshStdio),
+			},
 		},
 	}
 }
@@ -248,11 +179,11 @@ func waitUntilHasPeerHasIP(ctx context.Context, lc *tailscale.LocalClient) (neti
 
 		peers := stat.Peers()
 		if len(peers) == 0 {
-			fmt.Println("No peer yet")
+			// fmt.Println("No peer yet")
 			continue
 		}
 
-		fmt.Println("Received peer")
+		// fmt.Println("Received peer")
 
 		peer, ok := stat.Peer[peers[0]]
 		if !ok {
@@ -265,7 +196,7 @@ func waitUntilHasPeerHasIP(ctx context.Context, lc *tailscale.LocalClient) (neti
 			continue
 		}
 
-		fmt.Println("Peer active with relay", cliui.Code(peer.Relay))
+		// fmt.Println("Peer active with relay", cliui.Code(peer.Relay))
 
 		if len(peer.TailscaleIPs) == 0 {
 			fmt.Println("peer has no ips (developer error)")
@@ -302,7 +233,7 @@ func waitUntilHasP2P(ctx context.Context, lc *tailscale.LocalClient) error {
 			continue
 		}
 
-		fmt.Println("Peer active with relay", cliui.Code(peer.Relay))
+		// fmt.Println("Peer active with relay", cliui.Code(peer.Relay))
 
 		if len(peer.TailscaleIPs) == 0 {
 			fmt.Println("peer has no ips (developer error)")
@@ -322,7 +253,7 @@ func waitUntilHasP2P(ctx context.Context, lc *tailscale.LocalClient) error {
 			continue
 		}
 
-		fmt.Println("Peer active over p2p", cliui.Code(pong.Endpoint))
+		// fmt.Println("Peer active over p2p", cliui.Code(pong.Endpoint))
 		return nil
 	}
 }
diff --git a/go.mod b/go.mod
@@ -30,6 +30,7 @@ require (
 	golang.org/x/sys v0.24.0
 	golang.org/x/term v0.22.0
 	golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9
+	gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987
 	tailscale.com v1.70.0
 )
 
@@ -215,7 +216,6 @@ require (
 	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/DataDog/dd-trace-go.v1 v1.64.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987 // indirect
 	nhooyr.io/websocket v1.8.10 // indirect
 	storj.io/drpc v0.0.33 // indirect
 )
diff --git a/overlay/send.go b/overlay/send.go
@@ -259,7 +259,7 @@ func (s *Send) handleNextMessage(msg []byte) (resRaw []byte, _ error) {
 		s.waitIPOnce.Do(func() {
 			close(s.waitIP)
 		})
-		fmt.Println(cliui.Timestamp(time.Now()), "Received IP from peer:", s._ip.String())
+		// fmt.Println("Received IP from peer:", s._ip.String())
 	case messageTypeNodeUpdate:
 		s.in <- &ovMsg.Node
 	}
diff --git a/xssh/client.go b/xssh/client.go
diff --git a/xssh/windowsize_other.go b/xssh/windowsize_other.go
diff --git a/xssh/windowsize_windows.go b/xssh/windowsize_windows.go

Original file line number	Diff line number	Diff line change
`@@ -8,9 +8,10 @@ import (`
`8`	`8`	`)`
`9`	`9`
`10`	`10`	`func main() {`
`11`		`- cmd := sendCmd()`
	`11`	`+ cmd := sshCmd()`
`12`	`12`	`cmd.Children = []*serpent.Command{`
`13`	`13`	`receiveCmd(),`
	`14`	`+ rsyncCmd(),`
`14`	`15`	`}`
`15`	`16`	`err := cmd.Invoke().WithOS().Run()`
`16`	`17`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ require (`
`30`	`30`	`golang.org/x/sys v0.24.0`
`31`	`31`	`golang.org/x/term v0.22.0`
`32`	`32`	`golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9`
	`33`	`+ gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987`
`33`	`34`	`tailscale.com v1.70.0`
`34`	`35`	`)`
`35`	`36`
`@@ -215,7 +216,6 @@ require (`
`215`	`216`	`google.golang.org/protobuf v1.34.2 // indirect`
`216`	`217`	`gopkg.in/DataDog/dd-trace-go.v1 v1.64.0 // indirect`
`217`	`218`	`gopkg.in/yaml.v3 v3.0.1 // indirect`
`218`		`- gvisor.dev/gvisor v0.0.0-20240722211153-64c016c92987 // indirect`
`219`	`219`	`nhooyr.io/websocket v1.8.10 // indirect`
`220`	`220`	`storj.io/drpc v0.0.33 // indirect`
`221`	`221`	`)`
Original file line number	Diff line number	Diff line change
`@@ -259,7 +259,7 @@ func (s *Send) handleNextMessage(msg []byte) (resRaw []byte, _ error) {`
`259`	`259`	`s.waitIPOnce.Do(func() {`
`260`	`260`	`close(s.waitIP)`
`261`	`261`	`})`
`262`		`- fmt.Println(cliui.Timestamp(time.Now()), "Received IP from peer:", s._ip.String())`
	`262`	`+ // fmt.Println("Received IP from peer:", s._ip.String())`
`263`	`263`	`case messageTypeNodeUpdate:`
`264`	`264`	`s.in <- &ovMsg.Node`
`265`	`265`	`}`