/cli-transparent-tunnel

run cli through ssl tunnel

Primary LanguageGo

cli-transparent-tunnel

Introduction

SSH tunneling is a great method of transporting arbitrary networking data over an encrypted SSH connection. It can be used to add

  • encryption to legacy applications.
  • access network servers behind an ssh bastion server
  • and more ..

To do so, we need to create an SSH tunnel and point the local client to the tunnel's local port.

for examples, running psql command through a ssl tunnel

# open a tunnel in a one terminal 
# make sure 3307 is not in use
>> ssh -N -L 5432:my-bastion-server:5432 -p 22 <>USER>@<IP> 

## run psql command in another terminal 
>> psql -U username -h 127.0.0.1 -P 5432 -p password -f commands.sql

I found it a bit tedious and a bit complicated for scenarios such as CI etc .

ctt allows you to prefix any supported command, the tool will preform all the heavy lifting of creating the tunnel and adjusting the cli with the proper host and port.

>> ctt --tunnel-config psql-us psql -U username -p password -f commands.sql  

psql -h 127.0.0.1 -P 65152 -U username -p password -f commands.sql

How

ctt has 2 config files, one for tunnel configurations, and other for command config

e.g:

cli-config

commands-configuration:
  redis-cli:
    path: /usr/local/bin/redis-cli
    flags:
      host:
        - -h
      port:
        - -p
      sni:
        - --sni
  psql:
    path: /usr/local/bin/psql
    flags:
      host:
        - --host
        - -h
      port:
        - -p
        - --port
  kubectl:
    path: /usr/local/bin/kubectl
    flags:
      address:
        - --server
        - -s
      sni:
        - --tls-server-name
  oc:
    path: /usr/local/bin/oc
    flags:
      address:
        - --server
        - -s
      sni:
        - --tls-server-name

In theory, ctt should support any cli that allows passing endpoint using a flag.

tunnel-config

configurations:
  redis-cli:
    - ssh-tunnel-server: my-user@eu-bastion:22
      name: redis-eu
      origin-server: redis:6379
  psql:
    - ssh-tunnel-server: my-user@us-bastion:22
      origin-server: postgres:5432
      name: psql-us
  kubectl:
    - ssh-tunnel-server: my-user@us-bastion:22
      origin-server: k8s:443
      name: k8s-us
  oc:
    - ssh-tunnel-server: my-user@us-bastion:22
      origin-server: k8s:443
      name: oc-conf
ssh-config:
  key-path: ~/ssh/id_rsa

Installation

>> brew tap odedpriva/ctt
>> brew install ctt

Usage

NAME:
   ctt - make a command run through an ssh tunnel

USAGE:
   ctt [global options] command [command options] [arguments...]

COMMANDS:
   setup
   tunnel
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --debug     debug mode (default: false)
   --help, -h  show help (default: false)

tunnel

NAME:
   ctt tunnel

USAGE:
   ctt tunnel [command options] command-to-tunnel [command-to-tunnel-options]

OPTIONS:
   --tunnel-config value  tunnel config name

Setup

TODO ..