SHH combines the github.com/gliderlabs/ssh library with NsJail to provide a temporary shell that Netsoc members can use to access the CLI without needing to install it on their own machines. NsJail is a very lightweight "containerisation" or process isolation tool, perfect for creating a limited environment for running the Netsoc CLI. shhd uses an SSH library in order to implement iamd-based authentication (either via password or optional SSH public key).
A Helm chart is provided for deployment (from our charts repo).
A Docker Compose file is provided that will build shhd from source. Hot-reload is not provided however; you'll need to
docker-compose up --build to rebuild with changes. The SSH server will be accessible on localhost:2222 (e.g.
ssh my-user@localhost -p 2222). Set configuration options in
config.yaml in the repo root (see
for all values).
This repo makes use of the
docs.yaml GitHub Actions workflows as
described in the IAM documentation.
- When upgrading Go, be sure to update both
go.modand the base image in the
- Whenever the CLI is updated, the
NETSOC_CLI_VERSIONvariable should be updated accordingly, along with
build.yamlworkflow. The sample applies for the upstream NsJail image.
- New releases should be made in the same manner as for IAM (the release.yaml workflow)