Module: TrainPlugins::Juniper::SshAskpass

Included in:

BastionProxy

Defined in:

lib/train-juniper/connection/ssh_askpass.rb

Overview

SSH_ASKPASS script management for automated password authentication

Instance Method Summary

• #create_ssh_askpass_script(password) ⇒ String

  Create temporary SSH_ASKPASS script for automated password authentication.

• #create_unix_askpass_script(password) ⇒ String private

  Create Unix shell script for SSH_ASKPASS.

• #create_windows_askpass_script(password) ⇒ String private

  Create Windows PowerShell script for SSH_ASKPASS.

• #setup_bastion_password_auth ⇒ Object

  Set up SSH_ASKPASS for bastion password authentication.

Instance Method Details

#create_ssh_askpass_script(password) ⇒ String

Create temporary SSH_ASKPASS script for automated password authentication

Parameters:

• password (String) —

  The password to use

Returns:

• (String) —

  Path to the created script

# File 'lib/train-juniper/connection/ssh_askpass.rb', line 23

def create_ssh_askpass_script(password)
  if Gem.win_platform?
    create_windows_askpass_script(password)
  else
    create_unix_askpass_script(password)
  end
end

#create_unix_askpass_script(password) ⇒ String (private)

Create Unix shell script for SSH_ASKPASS

Parameters:

• password (String) —

  The password to use

Returns:

• (String) —

  Path to the created script

# File 'lib/train-juniper/connection/ssh_askpass.rb', line 58

def create_unix_askpass_script(password)
  script = Tempfile.new(['ssh_askpass', '.sh'])
  script.write("#!/bin/bash\necho '#{password}'\n")
  script.close
  File.chmod(0o755, script.path)

  @logger.debug("Created SSH_ASKPASS script at #{script.path}")
  script.path
end

#create_windows_askpass_script(password) ⇒ String (private)

Create Windows PowerShell script for SSH_ASKPASS

Parameters:

• password (String) —

  The password to use

Returns:

• (String) —

  Path to the wrapper batch file

# File 'lib/train-juniper/connection/ssh_askpass.rb', line 36

def create_windows_askpass_script(password)
  # :nocov:
  # Create Windows PowerShell script
  script = Tempfile.new(['ssh_askpass', '.ps1'])
  # PowerShell handles escaping better, just escape quotes
  escaped_password = password.gsub("'", "''")
  script.write("Write-Output '#{escaped_password}'\r\n")
  script.close

  # Create a wrapper batch file to execute PowerShell with bypass policy
  wrapper = Tempfile.new(['ssh_askpass_wrapper', '.bat'])
  wrapper.write("@echo off\r\npowershell.exe -ExecutionPolicy Bypass -File \"#{script.path}\"\r\n")
  wrapper.close

  @logger.debug("Created SSH_ASKPASS PowerShell script at #{script.path} with wrapper at #{wrapper.path}")
  wrapper.path
  # :nocov:
end

#setup_bastion_password_auth ⇒ Object

Set up SSH_ASKPASS for bastion password authentication

# File 'lib/train-juniper/connection/ssh_askpass.rb', line 10

def setup_bastion_password_auth
  bastion_password = @options[:bastion_password] || @options[:password]
  return unless bastion_password

  @ssh_askpass_script = create_ssh_askpass_script(bastion_password)
  ENV['SSH_ASKPASS'] = @ssh_askpass_script
  ENV['SSH_ASKPASS_REQUIRE'] = 'force'
  @logger.debug('Configured SSH_ASKPASS for automated bastion authentication')
end