[Docs]: Multiplex SSH session to jumphost

[FloLaco]

Change Type

Addition

Area

Functionality/features

Proposed Changes

Since suzieq nor asyncssh does not support multiplexing ssh session, I've found a way to do it. I'll try to put all configuration needed here for work for other persons interested.

• You need to have a ssh config file with DynamicForward and ProxyCommand option :

host  jumpserver
   IdentityFile   /home/suzieq/parquet/ssh_cred_conf/id_rsa
   IdentitiesOnly   yes
   user   your_username
   hostname   IP_of_your_jumpserver
   Protocol  2
   Port  22
   StrictHostKeyChecking   no
   DynamicForward 127.0.0.1:2226

host * !jumpserver
   Protocol  2
   StrictHostKeyChecking  no
   ProxyCommand nc -X 5 -x 127.0.0.1:2226 %h %p

• You need the netcat openbsd binary. If you use the official docker image of suzieq, you need to create a custom image :

FROM ddutt/suzieq:0.19.1

USER root
RUN apt-get update \
    && apt-get install -y \
        netcat-openbsd

USER suzieq

• When starting the poller, you need to provide the ssh config file with the --ssh-config-file option
• As we are opening a proxy socks session to the jumphost, we have to do it "manually" (= not via python). If you use the official docker image of suzieq, you can add a entrypoint.sh file which start the jumpserver session and then start suzieq :

entrypoint.sh

#! /bin/bash
ssh jumpserver -F /home/suzieq/parquet/ssh_cred_conf/config -N &
sq-poller --no-coalescer -I $1 -c parquet/suzieq.cfg.yml --ssh-config-file /home/suzieq/parquet/ssh_cred_conf/config

• Don't use the jumpserver option in the suzieq inventory Sufficient config :

devices:
- name: devices-without-jump-hosts
  transport: ssh
  ignore-known-hosts: true
  port: 22

• PR https://github.com/netenglabs/suzieq/pull/812 should be merged