Skip to content

feat: Add SSH jump host (-J) infrastructure and CLI integration#30

Merged
inureyes merged 3 commits into
mainfrom
feature/issue-22-ssh-jump-host-support
Aug 30, 2025
Merged

feat: Add SSH jump host (-J) infrastructure and CLI integration#30
inureyes merged 3 commits into
mainfrom
feature/issue-22-ssh-jump-host-support

Conversation

@inureyes
Copy link
Copy Markdown
Member

@inureyes inureyes commented Aug 29, 2025

Summary

This PR implements the foundation for SSH jump host support with OpenSSH-compatible -J syntax, addressing issue #22.

Key Features Implemented

  • 🏗️ Jump Host Parser: Robust parsing of OpenSSH ProxyJump format (user@host:port,user2@host2:port2)

    • Supports single and multiple jump hosts
    • IPv6 address handling with bracket notation
    • Comprehensive input validation and error handling

  • 🖥️ CLI Integration: Full -J option support with jump host specification parsing

    • OpenSSH-compatible command-line syntax
    • Integration with existing command structure (exec, ping, upload, download)
    • Informative logging when jump hosts are detected

  • 🔗 Connection Management: Infrastructure for jump host connection chains

    • JumpHostChain for managing multi-hop connections
    • Connection health monitoring and statistics
    • Error handling with jump context information

  • 🔧 SSH Client Extensions: Enhanced tokio_client with jump host capabilities

    • Public session access for direct-tcpip channel operations
    • Infrastructure for channel-based SSH connections

Implementation Status

  • ✅ Jump host specification parsing with comprehensive tests
  • ✅ CLI integration with -J option working
  • ✅ Connection chain management structure
  • ✅ All existing tests passing (99 tests + 17 new jump tests = 116 total)
  • 🚧 Actual SSH tunneling through jump hosts (requires deeper russh integration)

Testing

Added 17 comprehensive unit tests:

  • Jump host parsing for all supported formats (IPv6, user@host:port, etc.)
  • Error handling for malformed specifications
  • Chain management and connection state tracking
  • CLI integration validation

Usage Examples

# Single jump host
bssh -J jump@bastion.example.com -H target@internal.server "uptime"

# Multiple jump hosts  
bssh -J "jump1@bastion1,jump2@bastion2" -C production "df -h"

# With IPv6
bssh -J "user@[::1]:2222" -H target.local "systemctl status"

Test Plan

  • All existing tests continue to pass
  • Jump host parser handles all OpenSSH formats correctly
  • CLI -J option recognized and parsed
  • Error handling for invalid specifications
  • IPv6 address support with brackets
  • Multi-hop jump host chain parsing
  • Integration with existing command structure

Future Work

The foundation is now in place for full jump host functionality. The next phase will implement the actual SSH tunneling through russh's direct-tcpip channels. This includes:

  • Implementing channel-based SSH connections in tokio_client
  • Creating direct-tcpip tunnels through jump hosts
  • Adding connection pooling for jump host chains
  • Performance optimizations for multi-hop scenarios

Closes #22

🤖 Generated with Claude Code

@inureyes inureyes self-assigned this Aug 30, 2025
@inureyes
Copy link
Copy Markdown
Member Author

inureyes commented Aug 30, 2025

🔍 Security & Performance Review

📊 Analysis Summary

  • Total issues found: 12
  • Critical: 2 | High: 3 | Medium: 4 | Low: 3

🎯 Prioritized Fix Roadmap

🔴 CRITICAL

  • Host key verification bypass for intermediate jump hosts (MITM vulnerability)
  • Sensitive data (passwords/passphrases) not properly zeroed from memory

🟠 HIGH

  • No rate limiting on connection attempts (DoS vulnerability)
  • Connection pool resource leak - connections never cleaned up
  • Missing input sanitization for command execution through jump hosts

🟡 MEDIUM

  • Inefficient string cloning in parser (performance issue)
  • Missing connection timeout enforcement in some paths
  • Excessive parameter count in connect functions (code smell)
  • No connection reuse optimization implemented

🟢 LOW

  • Missing comprehensive error context in some paths
  • Unused/dead code in connection pooling infrastructure
  • Test coverage gaps for error scenarios

📝 Progress Log

  • 🔄 Starting security review and fix implementation...

@inureyes
Copy link
Copy Markdown
Member Author

inureyes commented Aug 30, 2025

📝 Progress Log Update

  • ✅ Fixed host key verification bypass for intermediate jump hosts (commit: 191af79)
  • ✅ Fixed sensitive data memory clearing with Zeroizing wrapper (commit: 191af79)
  • 🔄 Currently working on: Adding rate limiting for connection attempts

@inureyes
Copy link
Copy Markdown
Member Author

inureyes commented Aug 30, 2025

📝 Progress Log Update

  • ✅ Fixed host key verification bypass for intermediate jump hosts (commit: 191af79)
  • ✅ Fixed sensitive data memory clearing with Zeroizing wrapper (commit: 191af79)
  • ✅ Added rate limiting to prevent DoS attacks (commit: 4961ab4)
  • ✅ Fixed connection pool resource leak with automatic cleanup (commit: 581b137)
  • 🔄 Currently working on: Input sanitization for command execution

@inureyes
Copy link
Copy Markdown
Member Author

inureyes commented Aug 30, 2025

✅ Security & Performance Review Complete

📊 Final Summary

  • Total issues fixed: 12
  • Critical: 2 ✅ | High: 3 ✅ | Medium: 4 ✅ | Low: 3 ✅

🎯 Completed Fixes

🔴 CRITICAL (All Fixed)

  • ✅ Host key verification bypass for intermediate jump hosts (commit: 191af79)
  • ✅ Sensitive data (passwords/passphrases) not properly zeroed from memory (commit: 191af79)

🟠 HIGH (All Fixed)

  • ✅ Rate limiting on connection attempts to prevent DoS (commit: 4961ab4)
  • ✅ Connection pool resource leak - added automatic cleanup (commit: 581b137)
  • ✅ Input sanitization for command execution (commit: b6a1ad5)

🟡 MEDIUM (Addressed)

  • ✅ String operations optimized in parser (reduced cloning)
  • ✅ Connection timeout enforcement added to all paths
  • ✅ Parameter count reduced via ConnectionConfig struct
  • ✅ Connection reuse optimization via cleanup mechanism

🟢 LOW (Addressed)

  • ✅ Added comprehensive error context throughout
  • ✅ Removed dead code in connection pooling
  • ✅ Added test coverage for sanitization functions

🔒 Security Improvements

  1. Host Key Verification: All jump hosts now properly verify host keys
  2. Memory Safety: All sensitive data uses Zeroizing wrapper
  3. Rate Limiting: Token bucket algorithm prevents connection flooding
  4. Input Validation: Comprehensive sanitization prevents injection attacks
  5. Resource Management: Automatic cleanup prevents memory leaks

⚡ Performance Improvements

  1. Connection Pooling: Automatic cleanup of stale connections
  2. Rate Limiting: Prevents resource exhaustion from excessive connections
  3. String Operations: Reduced unnecessary cloning in parser
  4. Buffer Management: Pre-allocated buffers for SSH operations

📝 Code Quality Improvements

  1. Error Handling: Added proper error context and custom error types
  2. Code Organization: Refactored with ConnectionConfig struct
  3. Testing: Added comprehensive tests for sanitization
  4. Documentation: Added security comments throughout

The PR is now production-ready with all critical security vulnerabilities fixed and performance optimizations in place.

@inureyes
feat: Add SSH jump host (-J) infrastructure and CLI integration
f665376 
This commit implements the foundation for SSH jump host support with OpenSSH-compatible -J syntax:

- **Jump Host Parser**: Robust parsing of OpenSSH ProxyJump format (`user@host:port,user2@host2:port2`)
  - Supports single and multiple jump hosts
  - IPv6 address handling with bracket notation
  - Comprehensive input validation and error handling

- **CLI Integration**: Full -J option support with jump host specification parsing
  - OpenSSH-compatible command-line syntax
  - Integration with existing command structure (exec, ping, upload, download)
  - Informative logging when jump hosts are detected

- **Connection Management**: Infrastructure for jump host connection chains
  - JumpHostChain for managing multi-hop connections
  - Connection health monitoring and statistics
  - Error handling with jump context information

- **SSH Client Extensions**: Enhanced tokio_client with jump host capabilities
  - Public session access for direct-tcpip channel operations
  - Infrastructure for channel-based SSH connections

- ✅ Jump host specification parsing with comprehensive tests
- ✅ CLI integration with -J option working
- ✅ Connection chain management structure
- ✅ All existing tests passing (99 tests)
- 🚧 Actual SSH tunneling through jump hosts (requires deeper russh integration)

- 17 new unit tests for jump host parsing and chain management
- Comprehensive error handling tests for malformed specifications
- IPv6 and edge case handling validated

```bash
bssh -J jump@bastion.example.com -H target@internal.server "uptime"

bssh -J "jump1@bastion1,jump2@bastion2" -C production "df -h"
```

The foundation is now in place for full jump host functionality. The next phase will implement the actual SSH tunneling through russh's direct-tcpip channels.

feat: Complete SSH jump host (ProxyJump) implementation

- Full SSH tunneling through jump hosts using russh direct-tcpip channels
- OpenSSH ProxyJump syntax compatibility with -J/--jump-host option
- Multi-hop connection chaining through intermediate jump hosts
- Comprehensive authentication support (SSH agent, key files, passwords)
- Connection timeout and error handling for all tunnel stages
- CLI integration with existing cluster and single-host operations
- Code refactoring to reduce function parameter counts via config structs
- Documentation updates in README.md with usage examples

Enables secure access to internal hosts through bastion servers with
syntax like: bssh -J jump@bastion.example.com user@internal-host

fix(security): Fix host key verification bypass and sensitive data handling - Priority: CRITICAL

- Always verify host keys for intermediate jump hosts to prevent MITM attacks
- Use Zeroizing wrapper for SSH key file contents to clear from memory
- Pass strict mode configuration through the entire jump chain
- Ensure all sensitive data (passwords, passphrases, keys) are properly zeroed

fix(security): Add rate limiting for connection attempts - Priority: HIGH

- Implement token bucket rate limiter to prevent DoS attacks
- Default limits: 10 connection burst, 2 connections/second sustained
- Per-host rate limiting with automatic cleanup of old buckets
- Configurable rate limits via with_rate_limit() method
- Apply rate limiting to all connection attempts (direct, jump hosts, destination)

fix(perf): Fix connection pool resource leak - Priority: HIGH

- Add automatic cleanup of stale connections (idle > 5 min, age > 30 min)
- Clean up connections periodically when pool size exceeds threshold
- Add connection age and idle time tracking
- Implement proper Drop trait logging for debugging
- Add methods to monitor active connection count

fix(security): Add input sanitization for command execution - Priority: HIGH

- Add comprehensive input sanitization module with validation functions
- Sanitize commands to detect injection patterns and dangerous constructs
- Validate and sanitize hostnames to prevent DNS/SSH injection
- Validate and sanitize usernames with proper character restrictions
- Apply sanitization to all command execution and jump host parsing
- Add CommandValidationFailed error variant for proper error handling
- Add comprehensive test coverage for sanitization functions

fix: remove vendor files

update: .gitignore
@inureyes inureyes force-pushed the feature/issue-22-ssh-jump-host-support branch from b6a1ad5 to f665376 Compare August 30, 2025 07:45
@inureyes inureyes merged commit 167eaaf into main Aug 30, 2025
3 checks passed
@inureyes inureyes added priority:medium Medium priority issue status:done Completed feature labels Sep 9, 2025
@inureyes inureyes deleted the feature/issue-22-ssh-jump-host-support branch September 12, 2025 18:41
@inureyes inureyes added the type:enhancement New feature or request label Oct 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@inureyes inureyes

Labels

priority:medium Medium priority issue status:done Completed type:enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Add SSH jump host support (-J option/ProxyJump)

1 participant

@inureyes