Merge pull request #19 from yokawasa/fix-pubkeyacceptedalgorithms-issue

yokawasa · web-flow · commit 163537db43c4 · 2022-08-14T13:47:37.000+09:00
Fix Bad configuration option: pubkeyacceptedalgorithms issue
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,11 +2,16 @@
 
 All notable changes to the "kubectl-plugin-ssh-jump" extension will be documented in this file.
 
-## 0.7.1
+## 0.7.2
 
-- Fix `root@127.0.0.1: Permission denied (publickey)` issue ([#13](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/13)) by adding options like `-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa` which works for newer ssh client scenario
+- Fix `Bad configuration option: pubkeyacceptedalgorithms` issue ([#18](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/18))
+  - Add OpenSSH version check
+  - Add RSA workaround options (`-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa`) introduced in [ssh-jump-0.7.1](https://github.com/yokawasa/kubectl-plugin-ssh-jump/releases/tag/0.7.1) only if the local OpenSSH version >= `8.5`
 
+## 0.7.1
 
+- Fix `root@127.0.0.1: Permission denied (publickey)` issue ([#13](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/13))
+  - Add options like `-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa` which works for newer ssh client (`OpenSSH 8.5+`) scenario
 
 ## 0.7.0
 
diff --git a/README.md b/README.md
@@ -142,6 +142,7 @@ Options:
                                   --skip-agent option is given
   --cleanup-jump                  Clearning up sshjump pod at the end
                                   Defaults to skip cleaning up sshjump pod
+  -v, --verbose                   Run ssh in verbose mode (=ssh -vvv)
   -h, --help                      Show this message
 
 Example:
@@ -200,6 +201,7 @@ Options:
   -P, --port <port>               SSH port for target node SSH server
                                   Defaults to 22
   -a, --args <args>               Args to exec in ssh session
+  --pod-template <file>           Path to custom sshjump pod definition
   --skip-agent                    Skip automatically starting SSH agent and adding 
                                   SSH Identity key into the agent before SSH login
                                   (=> You need to manage SSH agent by yourself)
@@ -217,14 +219,10 @@ Example:
   Scenario2 - You have .pem file but you don't have public key on your side
   $ kubectl ssh-jump -u ec2-user -i ~/.ssh/mykey.pem hostname
 
-  Scenario3 - You want to use a custom sshjump pod definition
-  $ kubectl ssh-jump -u ec2-user -i ~/.ssh/mykey.pem --pod-template ~/myjumppod.yaml hostname
-
 List of destination node...
 Hostname                    Internal-IP
 aks-nodepool1-18558189-0    10.240.0.4
 ...
-
 ```
 
 
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.7.1
+0.7.2
diff --git a/kubectl-ssh-jump b/kubectl-ssh-jump
@@ -42,6 +42,7 @@ Options:
                                   --skip-agent option is given
   --cleanup-jump                  Clearning up sshjump pod at the end
                                   Defaults to skip cleaning up sshjump pod
+  -v, --verbose                   Run ssh in verbose mode (=ssh -vvv)
   -h, --help                      Show this message
 
 Example:
@@ -81,6 +82,10 @@ get_node_list(){
   echo ""
 }
 
+get_openssh_verion_number() {
+  ssh -V 2>&1 | awk -F'[_,]' '{print $2+0}'
+}
+
 cleanup_sshjump_pod(){
   echo "Clearning up SSH Jump host (Pod)..."
   kubectl delete pod sshjump
@@ -197,14 +202,21 @@ run_ssh_node(){
   cat ${pubkey_sshjump} | \
     kubectl exec -i sshjump -- /bin/bash -c "cat > /root/.ssh/authorized_keys"
 
+  # Add default ssh option
+  sshargs="${sshargs} -o StrictHostKeyChecking=no"
+ 
+  # Add RSA workaround options if the local OpenSSH version >= 8.5
+  sshversion=$(get_openssh_verion_number)
+  if [ $(echo "${sshversion} >= 8.5" | bc) -eq 1 ]; then
+    sshargs="${sshargs} -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa"
+  fi
+
   if [ "${destnode}" = "sshjump" ]; then
-    ssh ${sshuser}@127.0.0.1 -p 2222 -i ${identity_sshjump} \
-      -o StrictHostKeyChecking=no -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa $sshargs
+    ssh ${sshuser}@127.0.0.1 -p 2222 -i ${identity_sshjump} $sshargs
   else
     # Using the SSH Server as a jumphost (via port-forward proxy), ssh into the desired Node
     ssh -i ${identity} -p ${port} ${sshuser}@${destnode} \
-      -o "ProxyCommand ssh root@127.0.0.1 -p 2222 -i ${identity_sshjump} -o \"StrictHostKeyChecking=no\" \"nc %h %p\"" \
-      -o StrictHostKeyChecking=no -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa $sshargs
+      -o "ProxyCommand ssh root@127.0.0.1 -p 2222 -i ${identity_sshjump} -o \"StrictHostKeyChecking=no\" \"nc %h %p\"" $sshargs
   fi
   # Stop port-forward
   kill -3 ${pid_port_forward} 2>/dev/null
@@ -214,14 +226,18 @@ plugin_main() {
   skip_agent=no
   cleanup_jump=no
   cleanup_agent=no
+  sshargs=""
   while [ $# -gt 0 ] ; do
     nSkip=1
     case $1 in
       "-h" | "--help")
         help
         exit 0
 	      ;;
-      "--cleanup-jump")
+      "-v" | "--verbose" )
+        sshargs="${sshargs} -vvv"
+        ;;
+     "--cleanup-jump")
         cleanup_jump=yes
         ;;
       "--cleanup-agent")
@@ -247,7 +263,7 @@ plugin_main() {
         nSkip=2
         ;;
       "-a" | "--args" )
-        sshargs="$2"
+        sshargs="${sshargs} $2"
         nSkip=2
         ;;
       "--pod-template")
