Sort out SSH configuration in MCP gateway

Signed-off-by: Nikola Forró <[email protected]>

Author: nforro

Containerfile.mcp

@@ -34,14 +34,22 @@ RUN mkdir /git-repos && chmod -R o+rwX /git-repos
 COPY files/Current-IT-Root-CAs.pem /etc/pki/ca-trust/source/anchors/
 RUN update-ca-trust
 
+# Configure jump host for internal dist-git
+COPY <<EOF /etc/ssh/ssh_config.d/00-dist-git.conf
+Host iad2
+   Hostname bastion-iad2.corp.redhat.com
+   GSSAPIAuthentication yes
+Host pkgs.devel.redhat.com
+   ProxyJump iad2
+EOF
+# Set up internal dist-git and GitLab SSH host keys
+COPY files/internal_dist-git_host_keys /etc/ssh/ssh_known_hosts
+RUN ssh-keyscan bastion-iad2.corp.redhat.com gitlab.com >> /etc/ssh/ssh_known_hosts
+
 USER mcp
 ENV HOME=/home/mcp
 WORKDIR $HOME
 
 ENV PYTHONPATH=$HOME:$PYTHONPATH
 
-RUN mkdir ~/.ssh \
-      && chmod 0700 ~/.ssh \
-      && ssh-keyscan pkgs.devel.redhat.com >> ~/.ssh/known_hosts
-
 CMD ["/bin/bash"]

files/internal_dist-git_host_keys

@@ -0,0 +1,2 @@
+pkgs.devel.redhat.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDT8I6l839M7tb6V/Le8x3pGo3sTo6SG/kMrVwPQ6kUtxuaWKBLCmI1HVawfRbBz4fO+8AifdKjtOKUHcI6iPr8=
+pkgs.devel.redhat.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsc8DV5JsCx3dhD5BF2PPnUxZQsVWQ0ODLegg+3Sf898NrEtQaQiIgMf826whS0HLIcj1aspMe0W83zGH7GZEPMW3Y/Xche1kFdfmsnovdWwxE01edFN2B7h56NYB+Ec3zqd1/QUGeAKa+hde42/JFHyl2jrA+xbnhmaCcGvZFtLAQ4gCi7j/MY/2SHuFC+kj7LcyNMUC3GdY9IpbtrY2SRUBQa+WMw4X1rrTWpn0dyCLLu5eE+xGZ9aAkZjNyMQRPuG13ilWVWkU6olIphnT9lJ245P9xabuQOuMGxm0oih0zJLc/e5SH4HYj7MDXnKXXYMBuzlwqA7L73HVSwhGD