Add ssh tunnel to zmNinja authentication methods. #1103
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request enables zmNinja to establish a connection to a ZM server via a reverse ssh tunnel with local forwarding ports to http, https, ZM event server, MQTT and so on. In the zmNinja settings page, a new option called "use ssh tunnel" has been added for specifying parameters to use to setup the tunnel. The parameters are for remote username, password, host and port, a list of forwarded ports and an option to include a ngrok api key so that the ngrok host and port can be obtained. Private keys are stored in the system keychain.
The ssh client runs in the main process and uses the electron IPC interface to exchange messages with the render process for security purposes. In addition, the list of remote ports that can be opened in the system port range are limited to a list of ports specified in the main process.
The code to setup a ssh tunnel proxy is from a npm package called ssh_tunnel_proxy. To test the tunnel configuration there is a command line interface that allows specification of tunnel parameters from a config file and establishes a tunnel with these parameters. When running the cli interface the desktop version of zmNinja can connect to the remote ports, provided that the keys and other parameters are configured correctly for the remote host.
Currently I am grappling with finding the best method of including external node modules as part of the electronjs main process. I have only tested the desktop version of this fork and it works well. I have also tested ssh tunneling on android under termux and that works as well. Once the bundling of external node modules has been resolved this fork should run on all platforms. Another item is to verify that connecting to multiple servers works.
There are a few other changes in the fork, namely upgrading to the latest version of electron and fixing a few minor issues with debug logging.
I'm currently researching install and build procedures for including external modules and native node modules such as keytar.
As a workaround to include dependent modules in a distribution build:
cd node_modules/ssh_tunnel_proxynpm iAfter this the desktop version can be built:
npm run dist-linTo run in debug mode without having to build zmNinja distributions, I use:
./node_modules/electron/dist/electron --inspect electron_js/main.jsAnd for some unknown reason, after building an error occurs where a native node module cannot be loaded. If an error is thrown when running the unbuilt package, where keytar.node is not found do:
npm remove ssh_tunnel_proxynpm i ssh_tunnel_proxy