Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

Command line interface to the c-bastion

Project Description

About

This is the command line interface to the *c-bastion* jump host. It allows you to upload an ssh-key-file and create a user on the jump-host, so that you can log into it. It requires an initial connection to auth-server to obtain an (open-id-connect) access token.

The basic flow is as follows:

+-----------------+  +-----------------+  +-----------------+
|                 |  |                 |  |                 |
|    developer    |  |    jump host    |  |   auth server   |
|                 |  |                 |  |                 |
+--------+--------+  +--------+--------+  +--------+--------+
         |                    |                    |
         +----------------------------------------->
         | request token      |                    |
         <-----------------------------------------+
         | receive token      |                    |
         |                    |                    |
         +-------------------->                    |
         | upload key         +-------------------->
         |                    | validate token     |
         |                    <--------------------+
         <--------------------+                    |
         | upload OK          |                    |
         |                    |                    |
         +-------------------->                    |
         | ssh log in         |                    |
         |                    |                    |
         |                    |                    |
         |                    |                    |
         +                    +                    +

Where developer is your local machine (desktop, laptop, etc..) auth server is the auth-server and jump host is the jump host. cbas takes care of obtaining the token and uploading the ssh-key.

Install

Use the Python standards, for example:

$ pip install cbas

Quickstart

  1. Install the software.

  2. Ask one of your colleagues for the auth-host, client-secret and jump-host parameters.

  3. Then run the following to upload your key:

    $ cbas -a <AUTH-host> -s <CLIENT-SECRET> -h <JUMP-HOST> upload
    ...
    
  4. Then you should be able to login, using:

    $ ssh <JUMP-HOST>
    ...
    

Usage

$ cbas --help
Usage: cbas [OPTIONS] COMMAND [ARGS]...

Options:
  -v, --verbose                   Activate verbose mode.
  -c, --config <config_path>      Path to config file. Default: '~/.cbas'.
  -u, --username <username>       Username. Default: the logged in user.
  -k, --ssh-key-file <key-file>   SSH Identity to use. Default:
                                  '~/.ssh/id_rsa.pub'.
  -p, --password-provider <provider>
                                  Password provider. Default: 'prompt'.
  -s, --client-secret <secret>    Special client secret, ask mum.
  -a, --auth-host <host>          Auth-server host.
  -h, --jump-host <host>          Jump host to connect with.
  --version                       Print version and exit.
  --help                          Show this message and exit.

Commands:
  delete  Delete user.
  dry_run Dry run, sanitize all config only.
  upload  Upload ssh-key and create user.

Options

verbose
This switch activates verbose output, useful in case you are debugging
config
The path to the config file. Note, since we are using the yamlreader package, this could also be a directory with multiple config files. Also, the config is in YAML syntax, see below.
username
The username when communicating with the auth-server. Note that the returned token contains the authenticated username which is subsequently sent to the jump-host. Thus you will not be able to create arbitrary users on the jump-host
ssh-key-file
Path to the public ssh-key-file. This will be uploaded to the jump-host.
password-provider
Where to get the password from. Valid values are prompt and keyring (and testing). prompt will always ask for a password, whereas keyring will ask exactly once and then store the password in the system keyring.
auth-host
The hostname of the auth-server. E.g auth-server.example. (Note that, by default this will use https:// as scheme and /oauth/token as endpoint. However, explict urls, e.g. http://auth-server.example and explicit endpoints e.g. auth-server.example/special/id/auth are tolerated.)
client-secret
A special client secret string needed when communicating with the auth-server.
jump-host
The hostname of the jump-host. E.g. jump-host.example. (Note that, by default this will use https://. However, explict urls, e.g. http://jump-host.example are tolerated.)
version
Display version number and exit.
help
Display help and exit.

Subcommands

upload
Upload ssh-key-file and create user.
dry_run
Sanitize and aggregate all options from config-file and command-line. Don’t connect to anything.
delete
Delete your user again. For example: if you uploaded the wrong ssh-key-file.

Config-File

cbas is equipped with a powerful configuration mechanism. All relevant parameters that can be supplied on the command-line can also be supplied in the config-file, for example:

username: acid_burn
ssh-key-file: ~/.ssh/mykey_rsa.pub
auth-host auth-server.example
client-secret: mysupersecret
password-provider: keyring
jump-host: jump-host.example

Please note that, any parameters supplied on the command line will take precedence over those supplied via the config-file. If in doubt, try using the --verbose switch.

License

Copyright 2016 Immobilien Scout GmbH

Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Release History

Release History

This version
History Node

156

History Node

154

History Node

150

History Node

142

History Node

136

History Node

133

History Node

131

History Node

130

History Node

128

History Node

127

History Node

125

History Node

120

History Node

119

History Node

118

History Node

117

History Node

116

History Node

115

History Node

113

History Node

112

History Node

109

History Node

108

History Node

106

History Node

100

History Node

97

History Node

96

History Node

95

History Node

94

History Node

92

History Node

88

History Node

86

History Node

85

History Node

82

History Node

81

History Node

80

History Node

79

History Node

77

History Node

1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
cbas-156.tar.gz (7.0 kB) Copy SHA256 Checksum SHA256 Source Jul 21, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting