2 unstable releases
0.2.1 | Oct 31, 2023 |
---|---|
0.1.1 | May 27, 2022 |
#12 in #ssh-config
22KB
349 lines
Roameo
Overview
This small Rust project is a wrapper around a few ioctls and similar to make it easier to test for certain platform state quickly and easily. Examples include being able to test whether we're currently connected to a specific Wi-Fi SSID.
It is intended for use in cases such as ssh_config(5)
's Match exec
clause,
which would allow different OpenSSH client configurations, depending on which
wireless network we're currently connected to. For example, using the
ProxyJump
configuration option to go through a jump host when on a network
other than the corporate/office network.
This could be done with a few lines of shell script wrapped around command line tools, but I was looking for an excuse to write some Rust code, and going direct with ioctls is less likely to break.
Supported Platforms
Linux is my primary operating system and is the best supported. I do also run and test this code on MacOS, OpenBSD and FreeBSD too, but some of the functionality (ESSID matching for example) are lagging behind a little.
The intent is to support anything Unix-like pretty-well equally.
Example Configuration
Here's an example ssh_config(5)
configuration fragment to illustrate how this code might be used:
Match host 10.0.0.? !exec "roameo -e CorporateWiFi"
ProxyJump me@jumphost.corp.net:2222
ForwardAgent yes
DynamicForward 3128
This hypothetical example:
- Matches hosts on the 10.0.0.0/24 subnet -- presumably our hypothetical corporate network subnet, and
- Uses
Match exec
with roameo to match the case where we are not on the Wi-Fi network called CorporateWiFi -- presumably our hypothetical corporate network Wi-Fi network ESSID.
Essentially, this gives us specific SSH client configuration for the case where we're trying to access corporate resources, but from a network other than the corporate network.
The example then goes on to set a jump host, agent forwarding and SOCKS5 proxy tunnelling automatically. Whereas when we're on the corporate network, these would not necessarily apply.
Future Functionality
The initial version only supports matching against an ESSID or a specific source IP address. Functionality planned but not yet implemented includes:
- Matching against IPv6 addresses and subnets
- Matching any Wi-Fi connectivity, or any IPv6 (global) addressing
- Matching VPN and other tunnels
- Better support for non-Linux platforms
- Refactor to be more Rusty
Comments and pull requests welcome.
Dependencies
~6–15MB
~186K SLoC