Ssh commands action: enable ssh-agent and load keys


#1

Hi,

While working with your awesome product I had to resort to some “working-around”.
I’m setting up some utility actions for use by the developers.

For that I am using the ssh key to login to servers and execute commands. On those server i sometime have to login to the next. And I want to use the key I loaded into buddy to go from one server to the next.

I’m doing this all from the phpunit docker because there i can do this:

packages&setup

mkdir -p ~/.ssh
rm -f ~/.ssh/config
echo “ForwardAgent yes” >> ~/.ssh/config
echo “StrictHostKeyChecking no” >> ~/.ssh/config

RUN COMMANDS

eval ssh-agent -s
ssh-add
ssh ${source-user}@${source-server} …

But I’d rather just use the ssh commands action.

  • It’s cleaner
  • I don’t need a mounted pipeline filesystem and connected branch to define these actions.

An option to enable the ssh-agent and load all/selected keys before ssh-ing into a server would make Buddy even more awesome! :slight_smile:

Thanks!


SSH-Gateway / Proxy
#2

An interesting suggestion, @derk_twistedbytes.nl, thanks for that! We’ve added it to our backlog.
Can you share the exact use case for that? When do you want to connect to one server in order to connect to another one?


#3

We are a hosting/consulting company that maintains and manages servers and hosted environments for a range of customers.
One of the things we do is setup servers and add utilities to make the lives of developers easier when interacting with those servers and environments. So we do the lowlevel stuff and make that available by creating a pipeline in buddy. This documents the “interface” to the utilities and make them easy to reach without the need for direct access to the servers.

In that context Buddy is great to use as the place where to find and trigger those actions and utilities by developers and managers. Buddy acts as a panel to trigger those actions.

Some examples:

  • copy database and assets from production server(s) to testing server(s) to make test server have uptodate production data. And this is the one where is need to login to server 1 and a script on that server logs in to server 2.
  • clean caches a server and clean cloudflare caches
  • execute commands on multiple servers in parallel/sequence

Probably not what Buddy was designed for, but its a great tool for that kind of stuff. (Why create your own panel :slight_smile: )


#4

Thanks for your time, Derk.

In fact, it’s one of the ways in which you can use Buddy. We ourselves use it this way.
If you come up with some suggestions how to improve it, just let us know.


#5

just one thing for now, see the multi-line question…
Make the command inputs real bash/shell

  • ssh command -> if start with #!/bin/bash -> not reformat and upload the script and run it
  • docker commands -> if start with #!/bin/bash -> run as bash command and not reformat

#6

thanks, I’ve added it to our backlog!


#7

Is there a planned date for this feature yet? Looking forward to it as we often have to use a jump host and pass the agent via agent forwarding as well.


#8

This is the same issue than we have. Unfortunately we have a bastion configuration as well, I think @derk_twistedbytes.nl knows us ;)…

Is there a working solution without hacking a workaround already?


#9

This is what we do for now.

Add a rsa private key in buddy and make it a variable in the workspace or project or pipeline.
Add the private on your proxy/jump-host.
And allow the ssh to use ssh-agent

Then start a shell command action with this:

eval ssh-agent -s
ssh-add ~/.ssh/id_rsa

Now the key in buddy can be used everywhere as long the server has the public key and ssh-agent allowed.


#10

Hi @derk_twistedbytes.nl

Thanks for your Answer, I already did it that way after I’ve read your first post — unfortunately this solution is pretty uncomfortable, so I asked if there’s a more useful solution with the ssh plugin of course… :slight_smile:


#11

Guys, I’ve upvoted this feature in our backlog, however, it’s too early to give you ETA for now.