Git-Proxy SSH Implementation Summary

Completed Features ✅

1. SSH Server Implementation

Added a new SSH server component to handle SSH protocol communications
Server listens on port 2222 (configurable, the default will be port 22)
Integrated with the existing proxy chain architecture

2. User Authentication Enhancement

Extended user model to include public SSH keys
Added support for multiple SSH keys per user
Implemented user lookup and authentication based on SSH public keys

// User can now store multiple SSH keys
const user = {
  username: string,
  gitAccount: string,
  publicKeys: string[]  // Added this field
}

3. CLI Enhancement

Added new CLI command for managing SSH keys
Users can add their public keys through the CLI

git-proxy keys add <public-key>  # New command

4. SSH Authentication Flow

Implemented SSH handshake process:
1. Client connects with SSH key
2. Server looks up user by public key
3. If authenticated, request enters the proxy chain
4. Chain processes request similar to HTTPS workflow

5. Proxy Chain Integration

Modified proxy chain to handle SSH connections
Maintained consistent authorization and validation steps regardless of protocol

In Progress 🔄

Enhanced Remote Communication

Extending pullRemote.js to support both SSH and HTTPS protocols
Protocol selection based on user request and configuration (hardcoded for GitHub initially as POC)

// Current implementation being enhanced
if (gitProtocol === 'ssh') {
  // SSH protocol using native git
  cloneUrl = action.url.replace('https://github.com/', 'git@github.com:');
  execSync(`git clone ${cloneUrl}`, {
    cwd: action.proxyGitPath,
    stdio: 'pipe',
  });
} else {
  // HTTPS protocol using isomorphic-git
  await git.clone({
    fs,
    http: gitHttpClient,
    url: cloneUrl,
    onAuth: () => ({
      username,
      password,
    }),
    dir: `${action.proxyGitPath}/${action.repoName}`,
  });
}

To Do 📝

1. UI Enhancements

Add SSH key management to user interface
- Add new SSH keys
- Delete existing keys
- View all registered keys
Implement user-friendly key validation and formatting

2. Complete SSH Operation Support

Ensure all Git operations work seamlessly over SSH:
- Clone
- Push
- Pull
- Fetch
- Other Git operations

Architecture Overview

sequenceDiagram
    participant Client
    participant SSHServer
    participant ProxyChain
    participant GitHub

    Client->>SSHServer: SSH Connection with Key
    SSHServer->>SSHServer: Authenticate via Public Key
    SSHServer->>ProxyChain: Forward Request
    ProxyChain->>ProxyChain: Process Request
    ProxyChain->>GitHub: Execute Git Operation
    GitHub->>ProxyChain: Response
    ProxyChain->>SSHServer: Forward Response
    SSHServer->>Client: Return Result

This implementation provides a more secure and flexible way to interact with Git-Proxy, allowing users to leverage SSH keys for authentication while maintaining all the security and control features of the proxy chain.

Security: Api endpoints should not expose user credentials #4

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions