Page MenuHomeVyOS Platform

Generate CLI abstraction for options passed to CURL and SSH client
Not ApplicablePublicFEATURE REQUEST

Description

There are numerous way why supporting a CLI based representation which in the end will make it up into /etc/curlrc

As mentioned in the subtasks users have found that there are missing features which tend to break operation in certain environments.

  • Use source interace for all calls curl is involved to force traffic on a given interface
  • disable SSH host key checking when e.g. uploading files via commit-archive
  • Use source interface in DNS lookups (imagine split-horizon DNS deployments)

All should be manifested in a new CLI node under system

system {
    options { 
        # I do not want to lock in on curl for this node
        http-client {
            source-interface eth0
            source-address 1.1.1.1
        }
        ssh-client {
            source-address 1.1.1.1
            private-key {
                name foo {
                    key sdfklasjdhfjks=
                    type rsa
                }
            }
        }
    }
}

I do not know if it's possible to preload SSH keys or not in curl - need to check. Another idea would be a no-host-key-validation option to disable it.

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Feature (new functionality)

Event Timeline

c-po triaged this task as Normal priority.Jun 25 2020, 3:47 PM
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)

I think this is a good idea. Maybe separate the protocols, http-client and ssh-client?

c-po updated the task description. (Show Details)

SSH only supports "source-address" via its BindAddress option

c-po renamed this task from Generate CLI abstraction for options passed to CURL to Generate CLI abstraction for options passed to CURL and SSH client.Aug 4 2020, 8:33 PM
erkin set Issue type to Feature (new functionality).Aug 29 2021, 2:03 PM
erkin removed a subscriber: Global Notifications.
erkin closed this task as Not Applicable.Dec 16 2021, 4:32 PM
erkin subscribed.

This is no longer relevant now that curl has been almost entirely removed from the interface. Source addresses and such can be set for commit-archive, and authentication variables are set individually for each session.