Initial commit

.github/workflows/build.yml

@@ -0,0 +1,39 @@
+name: Build
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.13
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Get cache
+      uses: actions/cache@v2
+      with:
+        path: ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+
+    - name: Get dependencies
+      run: go get -v -t -d ./...
+
+    - name: Build
+      run: go build -v .
+
+    - name: Test
+      run: go test -v .

.github/workflows/release.yml

@@ -0,0 +1,39 @@
+name: Release
+
+on:
+  release:
+    types: [created]
+
+jobs:
+
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: ^1.13
+
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Get cache
+      uses: actions/cache@v2
+      with:
+        path: ~/go/pkg/mod
+        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-
+
+    - name: Get dependencies
+      run: go get -v -t -d ./...
+
+    - name: Build packages
+      run: ./scripts/build-release.sh "${GITHUB_REF#refs/tags/}"
+
+    - name: Upload assets
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: ./scripts/upload-release.sh "${GITHUB_REF#refs/tags/}"

.gitignore

@@ -0,0 +1,8 @@
+# Build products
+lazyssh
+
+# Configuration
+*.hcl
+
+# Release builds
+lazyssh-*

README.md

@@ -0,0 +1,96 @@
+# LazySSH
+
+LazySSH is an SSH server that acts as a jump host only, and dynamically starts
+temporary virtual machines.
+
+If you find yourself briefly starting a virtual machine just to SSH into it and
+try something out, LazySSH is an attempt to automate that flow via just the
+`ssh` command. LazySSH starts the machine for you when you connect, and shuts
+it down (some time after) you disconnect.
+
+Another possible use is to have LazySSH sit in front of a build server to start
+specific types of machines for your build. (Think different CPU architectures
+or operating systems.)
+
+**Important**: LazySSH is a young piece of code. If you're going to use it to
+create resources that cost money (like AWS EC2 instances), keep a close eye on
+usage. If, for example, you put your laptop to sleep at the wrong time, or
+LazySSH crashes for whatever reason, it may leave resources running.
+
+**Important**: The security of LazySSH has not been tested in any way, so it's
+probably best to run it in a closed setting. (Not facing the public internet or
+otherwise firewalled.) The SSH server implementation is based on
+[golang.org/x/crypto].
+
+License: AGPL v3
+
+[golang.org/x/crypto]: https://pkg.go.dev/golang.org/x/crypto
+
+## Usage
+
+Grab a binary from the [releases page]. If you instead want to build LazySSH
+yourself, you need at least Go 1.13, then just `go build`.
+
+[releases page]: https://github.com/stephank/lazyssh/releases
+
+You need to generate an SSH host key and client key. The host key is what the
+server uses to identify itself, while the client key is what you connect with.
+
+```sh
+# Both of these also generate a .pub file with the public half of the key pair.
+ssh-keygen -t ed25519 -f lazyssh_host_key
+ssh-keygen -t ed25519 -f lazyssh_client_key
+```
+
+Now create a `config.hcl` file that looks like:
+
+```hcl
+server {
+  # Set this to the contents of lazyssh_host_key generated above.
+  host_key = <<-EOF
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    [...]
+    -----END OPENSSH PRIVATE KEY-----
+  EOF
+
+  # Set this to the contents of lazyssh_client_key.pub generated above.
+  authorized_key = <<-EOF
+    ssh-ed25519 [...]
+  EOF
+}
+```
+
+The `server` block is followed by one or more `target` blocks. Here are the
+types of targets currently supported, and links to the documentation:
+
+- [AWS EC2](./doc/providers/aws_ec2.md)
+- [VirtualBox](./doc/providers/virtualbox.md)
+- [Dummy forwarding](./doc/providers/forward.md)
+
+Once your config is ready, you can start the server:
+
+```sh
+./lazyssh -config ./config.hcl
+```
+
+You usually need an entry for LazySSH in your `~/.ssh/config`, because the
+`ssh` command otherwise doesn't make all options available for jump-hosts. Here
+is a sample config:
+
+```
+Host lazyssh
+  Hostname localhost
+  Port 7922
+  User jump
+  PreferredAuthentications publickey
+  IdentityFile ~/path/to/lazyssh_client_key
+  IdentitiesOnly yes
+```
+
+Now you should be ready to go:
+
+```sh
+ssh -J lazyssh user@mytarget
+```
+
+For more details, see [the included documentation](./doc/index.md).

TODO.md

@@ -0,0 +1,73 @@
+# LazySSH to-do
+
+This file lists a bunch of things the original author (stephank) thought would
+be good improvements.
+
+I'm not necessarily working on these. If you want to pick something up, pull
+requests are welcome, of course. If you'd like to indicate you're working on
+something to avoid conflict, create an issue for it.
+
+## General
+
+- A code review by someone more experienced in Go would be appreciated. I'm not
+  sure how this would work, but I'm happy to discuss it in issues (Or if you're
+  bold, a pull request.)
+
+- Launchd agent plist
+
+- Systemd service unit
+
+- Socket activation
+
+- Nix package and NixOS module
+
+- Multiple authorized keys.
+
+- Persist state so any kind of interruption can recover management of an
+  instance. (We'd still interrupt all connections, but can hopefully prevent
+  accidental waste of resources this way.)
+
+- Figure out some way to provide meaningful feedback to clients while doing
+  work. This appears to be a difficult problem, because the OpenSSH client
+  doesn't print debug messages sent by the server unless using `-v`. The only
+  other opportunity appears to be the pre-auth banner, which is not useful for
+  us. Maybe someone else has a clever idea?
+
+- Figure out ways to cleanly interrupt machine startup. Maybe this is a
+  per-provider thing.
+
+- There may be additional `TODO` comments in code.
+
+## More providers
+
+- Google Cloud Compute
+
+- DigitalOcean Droplets
+
+- Hetzner Cloud
+
+- Scaleway
+
+- Vultr
+
+- Others?
+
+- It'd be interesting if there was some generic (but still friendly) way we
+  could bridge with Terraform providers or Packer builders. I haven't looked
+  into it, because it didn't seem useful to spend time on, given the very basic
+  requirements I started out with.
+
+## AWS EC2
+
+- Connect more `RunInstances` options to config.
+
+- Some way to select an AMI based on filter criteria, like Terraform and Packer
+  allow. (ie. 'Automatically select the _latest_ Debian AMI')
+
+- Maybe add support for spot instances? I've never worked with them.
+
+- Optionally help with connectivity by creating a security group for the user.
+
+## VirtualBox
+
+- Create new temporary machines from an OVA.