Initial release;

Author: f100024

.github/workflows/make-release.yml

@@ -0,0 +1,31 @@
+name: Make release
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.22"
+      
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v5
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,28 @@
+# If you prefer the allow list template instead of the deny list, see community template:
+# https://github.com/github/gitignore/blob/main/community/Golang/Go.AllowList.gitignore
+#
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out
+
+# Dependency directories (remove the comment below to include it)
+# vendor/
+
+# Go workspace file
+go.work
+
+# Project changes
+bin/
+dist/
+sshgut
+*.zip
+config.yaml

.goreleaser.yaml

@@ -0,0 +1,60 @@
+---
+version: 1
+
+before:
+  hooks:
+    - go mod tidy
+    - go test .
+builds:
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - "386"
+      - amd64
+      - arm
+      - arm64
+      - ppc64
+    goarm:
+      - "7"
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    ldflags:
+      - -X main.Version={{ .Version }}
+    flags:
+      - -trimpath
+checksum:
+  name_template: "checksums.txt"
+
+
+archives:
+  - format: tar.gz
+    name_template: >-
+      {{ .ProjectName }}_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    format_overrides:
+      - goos: windows
+        format: zip
+    files:
+      - LICENSE
+      - config.yaml.example
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
+      - "merge conflict"
+      - Merge pull request
+      - Merge branch
+
+release:
+  draft: true
+  replace_existing_draft: true

Changelog.md

@@ -0,0 +1,2 @@
+# 0.1.0 - 1 April 2024
+Initial release

README.md

@@ -0,0 +1,51 @@
+# SSHGUT
+
+The project is used to set up ssh tunnels and is essentially a wrapper around https://github.com/rgzr/sshtun.
+
+
+## Configuration
+Example of the configuration file `config.yaml.example`
+
+```
+---
+remotes:
+  - server: server1 # remote server that should be available on the localhost via `sshServer.host`
+    remotePort: 80  # server's remote port that should be available on `localPort`
+    localPort: 38081 # port on the localhost which
+    localHost: 1.1.1.1 # bind tunnel to ip (default: 127.0.0.1) 
+    sshServer:
+      host: server # SSH server is used to establish connection
+      port: 22 # SSH port of the `host`
+      user: user # SSH user
+      keyPath: id_rsa # path to the ssh key file; allowed values [path to key] or `embedKey` in the second case, the key from the embedKey.ssh file will be added at build time.
+      useKeyPass: false # Passphrase for decryption ssh key, passphrase is prompted at startup
+
+  - server: server2
+    remotePort: 80
+    localPort: 38082
+    sshServer:
+      host: server
+      port: 22
+      user: user
+      keyPath: id_rsa 
+      useKeyPass: false
+
+  - server: server3
+    remotePort: 80
+    localPort: 38083
+    sshServer:
+      host: server
+      port: 22 
+      user: user
+      keyPath: id_rsa
+      useKeyPass: false 
+```
+
+## How to run
+
+Put config.yaml with sshgut and run it or set the path to the configuration file as below:
+```
+$ ./sshgut 
+or
+$ ./sshgut --config your_config.yaml
+```

config.yaml.example

@@ -0,0 +1,32 @@
+---
+remotes:
+  - server: server1 # remote server that should be available on the localhost via `sshServer.host`
+    remotePort: 80  # server's remote port that should be available on `localPort`
+    localPort: 38081 # port on the localhost which
+    localHost: 1.1.1.1 # bind tunnel to ip (default: 127.0.0.1) 
+    sshServer:
+      host: server # SSH server is used to establish connection
+      port: 22 # SSH port of the `host`
+      user: user # SSH user
+      keyPath: id_rsa # path to the ssh key file; allowed values [path to key] or `embedKey` in the second case, the key from the embedKey.ssh file will be added at build time.
+      useKeyPass: false # Passphrase for decryption ssh key, passphrase is prompted at startup
+
+  - server: server2
+    remotePort: 80
+    localPort: 38082
+    sshServer:
+      host: server
+      port: 22
+      user: user
+      keyPath: id_rsa 
+      useKeyPass: false
+
+  - server: server3
+    remotePort: 80
+    localPort: 38083
+    sshServer:
+      host: server
+      port: 22 
+      user: user
+      keyPath: id_rsa
+      useKeyPass: false 

embedKey.ssh

@@ -0,0 +1,21 @@
+module sshgut
+
+go 1.22
+
+require (
+	github.com/alecthomas/kingpin/v2 v2.4.0
+	github.com/rgzr/sshtun v1.0.0
+	github.com/rs/zerolog v1.32.0
+	golang.org/x/term v0.18.0
+	gopkg.in/yaml.v3 v3.0.1
+)
+
+require (
+	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/xhit/go-str2duration/v2 v2.1.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
+)

go.mod

@@ -0,0 +1,45 @@
+github.com/alecthomas/kingpin/v2 v2.4.0 h1:f48lwail6p8zpO1bC4TxtqACaGqHYA22qkHjHpqDjYY=
+github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE=
+github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 h1:s6gZFSlWYmbqAuRjVTiNNhvNRfY2Wxp9nhfyel4rklc=
+github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rgzr/sshtun v1.0.0 h1:AnVl8Nt2Y3H3gwG71z0W/EFvuFXZLoU152Ny8CrFViw=
+github.com/rgzr/sshtun v1.0.0/go.mod h1:dPTrgnNDFHTpZ5h0GLcBHYxTfU3djG1jro7OautpCnY=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0=
+github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc=
+github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU=
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
+golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

go.sum

@@ -0,0 +1,152 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	_ "embed"
+	"fmt"
+
+	"os"
+	"sync"
+	"syscall"
+	"time"
+
+	"github.com/alecthomas/kingpin/v2"
+	"github.com/rgzr/sshtun"
+	"github.com/rs/zerolog/log"
+	"golang.org/x/term"
+	"gopkg.in/yaml.v3"
+)
+
+var Version = "0.0.0"
+var wg sync.WaitGroup
+
+//go:embed embedKey.ssh
+var embedKey []byte
+
+var (
+	configPath = kingpin.Flag("config", "Path to the configuration file").Default("config.yaml").ExistingFile()
+)
+
+type SshServer struct {
+	Host       string `yaml:"host"`
+	Port       int    `yaml:"port"`
+	User       string `yaml:"user"`
+	KeyPath    string `yaml:"keyPath"`
+	UseKeyPass bool   `yaml:"useKeyPass"`
+	KeyPass    string `yaml:"keyPass"`
+}
+
+type Remote struct {
+	Server     string    `yaml:"server"`
+	RemotePort int       `yaml:"remotePort"`
+	LocalPort  int       `yaml:"localPort"`
+	LocalHost  string    `yaml:"localHost"`
+	SshServer  SshServer `yaml:"sshServer"`
+}
+
+type YamlConfig struct {
+	Remotes []Remote `yaml:"remotes"`
+}
+
+func (cfg *YamlConfig) getconfig(configPath string) {
+	configData, err := os.ReadFile(configPath)
+	if err != nil {
+		log.Fatal().Str("status", "not started").Msgf("Can not read file: %v", err)
+	}
+	err = yaml.Unmarshal(configData, &cfg)
+	if err != nil {
+		log.Fatal().Str("status", "not started").Msgf("Can not unmarshal yaml config: %v", err)
+	}
+
+	for index, remote := range cfg.Remotes {
+		// Ask passphrase for encrypted ssh key
+		if remote.SshServer.UseKeyPass {
+			fmt.Println("Enter password for encrypted ssh key")
+			bytepw, err := term.ReadPassword(int(syscall.Stdin))
+			if err != nil {
+				log.Fatal().Str("status", "not started").Msgf("Can not read password input: %v", err)
+			}
+			cfg.Remotes[index].SshServer.KeyPass = string(bytepw)
+		}
+	}
+}
+
+func createConnection(sshConfig *SshServer, remoteHostConfig Remote, waitGroup *sync.WaitGroup) {
+	defer waitGroup.Done()
+
+	// We make available remoteHostConfig.Server which uses port remoteHostConfig.RemotePort
+	// on localhost with port remoteHostConfig.LocalPort via sshConfig.Host using user sshConfig.User
+	// and port sshConfig.Port to connect to it.
+	sshTun := sshtun.New(remoteHostConfig.LocalPort, sshConfig.Host, remoteHostConfig.RemotePort)
+	sshTun.SetRemoteHost(remoteHostConfig.Server)
+	sshTun.SetUser(sshConfig.User)
+	sshTun.SetPort(sshConfig.Port)
+
+	// Bind tunnel in the most obvious way and cover cases where `localHost` is not set in the remote config
+	if remoteHostConfig.LocalHost != "" {
+		sshTun.SetLocalHost(remoteHostConfig.LocalHost)
+	} else {
+		remoteHostConfig.LocalHost = "127.0.0.1"
+		sshTun.SetLocalHost(remoteHostConfig.LocalHost)
+	}
+
+	// When using embed key without encryption
+	if sshConfig.KeyPath == "embedKey" && !sshConfig.UseKeyPass && len(embedKey) > 0 {
+		sshTun.SetKeyReader(bytes.NewBuffer(embedKey))
+
+		// When using embed key with encryption
+	} else if sshConfig.KeyPath == "embedKey" && sshConfig.UseKeyPass && len(embedKey) > 0 {
+		sshTun.SetEncryptedKeyReader(bytes.NewBuffer(embedKey), sshConfig.KeyPass)
+
+		// When using encrypted key from disk
+	} else if sshConfig.UseKeyPass {
+		sshTun.SetEncryptedKeyFile(sshConfig.KeyPath, sshConfig.KeyPass)
+
+		// When using ssh key from disk without encryption
+	} else {
+		sshTun.SetKeyFile(sshConfig.KeyPath)
+	}
+
+	// We print each tunneled state to see the connections status
+	sshTun.SetTunneledConnState(func(tun *sshtun.SSHTun, state *sshtun.TunneledConnState) {
+		log.Info().Str("status", "ok").Msgf("%+v", state)
+	})
+
+	// We set a callback to know when the tunnel is ready
+	sshTun.SetConnState(func(tun *sshtun.SSHTun, state sshtun.ConnState) {
+		switch state {
+		case sshtun.StateStarting:
+			log.Info().Str("status", "starting").Msgf("Host %v port %v available on %v:%v",
+				remoteHostConfig.Server, remoteHostConfig.RemotePort, remoteHostConfig.LocalHost, remoteHostConfig.LocalPort)
+		case sshtun.StateStarted:
+			log.Info().Str("status", "started").Msgf("Host %v port %v available on %v:%v",
+				remoteHostConfig.Server, remoteHostConfig.RemotePort, remoteHostConfig.LocalHost, remoteHostConfig.LocalPort)
+		case sshtun.StateStopped:
+			log.Info().Str("status", "stopped").Msgf("Host %v port %v available on %v:%v",
+				remoteHostConfig.Server, remoteHostConfig.RemotePort, remoteHostConfig.LocalHost, remoteHostConfig.LocalPort)
+		}
+	})
+
+	// We start the tunnel (and restart it every time it is stopped)
+	for {
+		if err := sshTun.Start(context.Background()); err != nil {
+			log.Error().Msgf("SSH tunnel error: %v", err)
+			time.Sleep(time.Second)
+		}
+	}
+}
+
+func main() {
+	kingpin.Version(Version)
+	kingpin.Parse()
+
+	cfg := YamlConfig{}
+	cfg.getconfig(*configPath)
+
+	wg.Add(len(cfg.Remotes))
+	for _, remote := range cfg.Remotes {
+		go createConnection(&remote.SshServer, remote, &wg)
+	}
+	wg.Wait()
+}

main.go

@@ -0,0 +1,50 @@
+package main
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestGetConfig(t *testing.T) {
+	configPath := "test/test_config.yaml"
+	cfg := YamlConfig{}
+	cfg.getconfig(configPath)
+
+	expectedConfig := YamlConfig{
+		Remotes: []Remote{
+			{
+				Server:     "1.1.1.1",
+				RemotePort: 22,
+				LocalPort:  1339,
+				LocalHost:  "127.0.0.1",
+				SshServer: SshServer{
+					Host:       "55.55.55.55",
+					Port:       22022,
+					User:       "user1",
+					KeyPath:    "ssh-key-1",
+					UseKeyPass: false,
+					KeyPass:    "",
+				},
+			},
+			{
+				Server:     "2.2.2.2",
+				RemotePort: 23,
+				LocalPort:  1340,
+				LocalHost:  "127.0.0.2",
+				SshServer: SshServer{
+					Host:       "66.66.66.66",
+					Port:       1339,
+					User:       "user2",
+					KeyPath:    "embedKey",
+					UseKeyPass: false,
+					KeyPass:    "",
+				},
+			},
+		},
+	}
+
+	if !reflect.DeepEqual(expectedConfig, cfg) {
+		t.Fatal()
+	}
+
+}

main_test.go

@@ -0,0 +1,23 @@
+---
+remotes:
+  - server: 1.1.1.1
+    remotePort: 22
+    localPort: 1339
+    localHost: 127.0.0.1
+    sshServer:
+      host: 55.55.55.55
+      port: 22022
+      user: user1
+      keyPath: ssh-key-1
+      useKeyPass: false   
+
+  - server: 2.2.2.2
+    remotePort: 23
+    localPort: 1340
+    localHost: 127.0.0.2
+    sshServer:
+      host: 66.66.66.66
+      port: 1339
+      user: user2
+      keyPath: embedKey
+      useKeyPass: false