quick proof of concept on how to send a configuration to a remote server

Author: creativeprojects

commands.go

@@ -158,6 +158,14 @@ func getOwnCommands() []ownCommand {
 			needConfiguration: false,
 			hide:              true,
 		},
+		{
+			name:              "send",
+			description:       "send a configuration profile to a remote client",
+			action:            sendProfileCommand,
+			needConfiguration: true,
+			noProfile:         true,
+			hide:              true,
+		},
 	}
 }
 

config/config.go

@@ -701,6 +701,17 @@ func (c *Config) getProfilePath(key string) string {
 	return c.flatKey(constants.SectionConfigurationProfiles, key)
 }
 
+func (c *Config) GetRemote(remoteName string) (*Remote, error) {
+	if c.GetVersion() < Version02 {
+		return nil, ErrNotSupportedInVersion1
+	}
+
+	remote := NewRemote(c, remoteName)
+	err := c.unmarshalKey(c.flatKey(constants.SectionConfigurationRemotes, remoteName), remote)
+
+	return remote, err
+}
+
 // unmarshalConfig returns the decoder config options depending on the configuration version and format
 func (c *Config) unmarshalConfig() viper.DecoderConfigOption {
 	if c.GetVersion() == Version01 {

config/error.go

@@ -3,5 +3,6 @@ package config
 import "errors"
 
 var (
-	ErrNotFound = errors.New("not found")
+	ErrNotFound               = errors.New("not found")
+	ErrNotSupportedInVersion1 = errors.New("not supported in configuration version 1")
 )

config/remote .go

@@ -0,0 +1,20 @@
+package config
+
+type Remote struct {
+	name           string
+	config         *Config
+	Connection     string   `mapstructure:"connection" default:"ssh" description:"Connection type to use to connect to the remote client"`
+	Host           string   `mapstructure:"host" description:"Address of the remote client. Format: <host>:<port>"`
+	Username       string   `mapstructure:"username" description:"User to connect to the remote client"`
+	PrivateKeyPath string   `mapstructure:"private-key" description:"Path to the private key to use for authentication"`
+	KnownHostsPath string   `mapstructure:"known-hosts" description:"Path to the known hosts file"`
+	SendFiles      []string `mapstructure:"send-files" description:"Configuration files to transfer to the remote client"`
+}
+
+func NewRemote(config *Config, name string) *Remote {
+	remote := &Remote{
+		name:   name,
+		config: config,
+	}
+	return remote
+}

constants/section.go

@@ -13,6 +13,7 @@ const (
 	SectionConfigurationMixins      = "mixins"
 	SectionConfigurationMixinUse    = "use"
 	SectionConfigurationSchedule    = "schedule"
+	SectionConfigurationRemotes     = "remotes"
 
 	SectionDefinitionCommon = "common"
 	SectionDefinitionForget = "forget"

send.go

@@ -0,0 +1,30 @@
+package main
+
+import (
+	"fmt"
+	"io"
+
+	"github.com/creativeprojects/resticprofile/ssh"
+)
+
+func sendProfileCommand(w io.Writer, cmdCtx commandContext) error {
+	if len(cmdCtx.flags.resticArgs) < 2 {
+		return fmt.Errorf("missing argument: remote name")
+	}
+	remote, err := cmdCtx.config.GetRemote(cmdCtx.flags.resticArgs[1])
+	if err != nil {
+		return err
+	}
+	cnx := ssh.NewSSH(ssh.Config{
+		Host:           remote.Host,
+		Username:       remote.Username,
+		PrivateKeyPath: remote.PrivateKeyPath,
+		KnownHostsPath: remote.KnownHostsPath,
+	})
+	err = cnx.Connect()
+	if err != nil {
+		return err
+	}
+	defer cnx.Close()
+	return nil
+}

ssh/config.go

@@ -0,0 +1,42 @@
+package ssh
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+type Config struct {
+	Host           string
+	Username       string
+	PrivateKeyPath string
+	KnownHostsPath string
+}
+
+func (c *Config) Validate() error {
+	if c.Host == "" {
+		return fmt.Errorf("host is required")
+	}
+	if c.Username == "" {
+		return fmt.Errorf("username is required")
+	}
+	if c.PrivateKeyPath == "" {
+		home, err := os.UserHomeDir()
+		if err != nil {
+			return fmt.Errorf("unable to get current user home directory: %w", err)
+		}
+		c.PrivateKeyPath = filepath.Join(home, ".ssh/id_rsa") // we can go through all the default name for each key type
+	}
+	if c.KnownHostsPath == "" {
+		home, err := os.UserHomeDir()
+		if err != nil {
+			return fmt.Errorf("unable to get current user home directory: %w", err)
+		}
+		c.KnownHostsPath = filepath.Join(home, ".ssh/known_hosts")
+	}
+	if !strings.Contains(c.Host, ":") {
+		c.Host = c.Host + ":22"
+	}
+	return nil
+}

ssh/ssh.go

@@ -0,0 +1,112 @@
+package ssh
+
+import (
+	"bytes"
+	"fmt"
+	"log"
+	"net"
+	"net/http"
+	"os"
+
+	"github.com/creativeprojects/clog"
+	"golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/knownhosts"
+)
+
+const startPort = 10001
+
+type SSH struct {
+	config Config
+	port   int
+	client *ssh.Client
+	tunnel net.Listener
+}
+
+func NewSSH(config Config) *SSH {
+	return &SSH{
+		config: config,
+		port:   startPort,
+	}
+}
+
+func (s *SSH) Connect() error {
+	err := s.config.Validate()
+	if err != nil {
+		return err
+	}
+	hostKeyCallback, err := knownhosts.New(s.config.KnownHostsPath)
+	if err != nil {
+		return fmt.Errorf("cannot load host keys from known_hosts: %w", err)
+	}
+	key, err := os.ReadFile(s.config.PrivateKeyPath)
+	if err != nil {
+		return fmt.Errorf("unable to read private key: %w", err)
+	}
+
+	// Create the Signer for this private key.
+	signer, err := ssh.ParsePrivateKey(key)
+	if err != nil {
+		return fmt.Errorf("unable to parse private key: %w", err)
+	}
+
+	config := &ssh.ClientConfig{
+		User: s.config.Username,
+		Auth: []ssh.AuthMethod{
+			// Use the PublicKeys method for remote authentication.
+			ssh.PublicKeys(signer),
+		},
+		HostKeyCallback: hostKeyCallback,
+	}
+
+	// Connect to the remote server and perform the SSH handshake.
+	s.client, err = ssh.Dial("tcp", s.config.Host, config)
+	if err != nil {
+		return fmt.Errorf("unable to connect: %w", err)
+	}
+
+	// Request the remote side to open a local port
+	s.tunnel, err = s.client.Listen("tcp", fmt.Sprintf("localhost:%d", s.port))
+	if err != nil {
+		log.Fatal("unable to register tcp forward: ", err)
+	}
+
+	go func() {
+		// Serve HTTP with your SSH server acting as a reverse proxy.
+		http.Serve(s.tunnel, http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+			fmt.Fprintf(resp, "Hello world!\n")
+		}))
+	}()
+
+	// Each ClientConn can support multiple interactive sessions,
+	// represented by a Session.
+	session, err := s.client.NewSession()
+	if err != nil {
+		log.Fatal("Failed to create session: ", err)
+	}
+	defer session.Close()
+
+	// Once a Session is created, we can execute a single command on
+	// the remote side using the Run method.
+	var b bytes.Buffer
+	session.Stdout = &b
+	if err := session.Run(fmt.Sprintf("curl http://localhost:%d", s.port)); err != nil {
+		log.Fatal("Failed to run: " + err.Error())
+	}
+	fmt.Println(b.String())
+	return nil
+}
+
+func (s *SSH) Close() {
+	if s.tunnel != nil {
+		err := s.tunnel.Close()
+		if err != nil {
+			clog.Warningf("unable to close tunnel: %s", err)
+		}
+	}
+	if s.client != nil {
+		err := s.client.Close()
+		if err != nil {
+			clog.Warningf("unable to close ssh connection: %s", err)
+		}
+	}
+}