Page MenuHomeVyOS Platform
Create Task
Maniphest T2651

Generate CLI abstraction for options passed to CURL and SSH client
Resolved (N/A)PublicFEATURE REQUEST
Actions

Description

There are numerous way why supporting a CLI based representation which in the end will make it up into /etc/curlrc

As mentioned in the subtasks users have found that there are missing features which tend to break operation in certain environments.

  • Use source interace for all calls curl is involved to force traffic on a given interface
  • disable SSH host key checking when e.g. uploading files via commit-archive
  • Use source interface in DNS lookups (imagine split-horizon DNS deployments)

All should be manifested in a new CLI node under system

system {
    options { 
        # I do not want to lock in on curl for this node
        http-client {
            source-interface eth0
            source-address 1.1.1.1
        }
        ssh-client {
            source-address 1.1.1.1
            private-key {
                name foo {
                    key sdfklasjdhfjks=
                    type rsa
                }
            }
        }
    }
}

I do not know if it's possible to preload SSH keys or not in curl - need to check. Another idea would be a no-host-key-validation option to disable it.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Related Objects
Search...

Event Timeline

c-po created this task.Jun 25 2020, 3:38 PM
c-po added subtasks: T2615: Provide an explicit option for server fingerprint in commit archive, and make insecure the default, T2596: Allow specifying source IP for 'add system image'.
c-po triaged this task as Normal priority.Jun 25 2020, 3:47 PM
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)
dmbaturin added a subscriber: dmbaturin.Jun 25 2020, 3:52 PM

I think this is a good idea. Maybe separate the protocols, http-client and ssh-client?

c-po updated the task description. (Show Details)Jun 25 2020, 3:53 PM
pasik added a subscriber: pasik.Jun 25 2020, 8:35 PM
c-po mentioned this in T2690: Add VRF support to the add system image command.Jul 7 2020, 5:11 PM
c-po updated the task description. (Show Details)
Viacheslav added a subscriber: Viacheslav.Jul 7 2020, 5:55 PM
c-po mentioned this in T2596: Allow specifying source IP for 'add system image'.Jul 15 2020, 6:59 PM
c-po closed subtask T2596: Allow specifying source IP for 'add system image' as Resolved.
c-po claimed this task.Aug 4 2020, 12:53 PM
c-po updated the task description. (Show Details)

SSH only supports "source-address" via its BindAddress option

c-po renamed this task from Generate CLI abstraction for options passed to CURL to Generate CLI abstraction for options passed to CURL and SSH client.Aug 4 2020, 8:33 PM
mpueschel added a subscriber: mpueschel.Sep 21 2020, 12:13 PM
Viacheslav mentioned this in T3378: commit-archive source-address broken for IPv6 addresses.Mar 2 2021, 11:52 AM
Viacheslav added a subtask: T3378: commit-archive source-address broken for IPv6 addresses.
Viacheslav removed a subtask: T3378: commit-archive source-address broken for IPv6 addresses.May 20 2021, 7:58 AM
erkin set Issue type to Feature (new functionality).Aug 29 2021, 2:03 PM
erkin added a parent task: T3356: Script for remote file transfers.
erkin removed a subscriber: Active contributors.
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Nov 6 2021, 11:24 AM
erkin closed subtask T2615: Provide an explicit option for server fingerprint in commit archive, and make insecure the default as Resolved.Dec 16 2021, 4:18 PM
erkin closed this task as Resolved N/A.Dec 16 2021, 4:32 PM
erkin added a subscriber: erkin.

This is no longer relevant now that curl has been almost entirely removed from the interface. Source addresses and such can be set for commit-archive, and authentication variables are set individually for each session.

syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.Aug 30 2022, 2:17 PM
c-po changed the status of subtask T4922: Add ssh-client source-interface CLI option from Open to In progress.Jan 8 2023, 8:11 AM
c-po closed subtask T4922: Add ssh-client source-interface CLI option as Resolved.Jan 9 2023, 9:19 AM