Skip to content

SSH agent forwarding #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fabiovincenzi wants to merge 374 commits into
base: denis-coric/ssh-flow
Choose a base branch
from
Open

SSH agent forwarding #65

fabiovincenzi wants to merge 374 commits into from

Conversation

@fabiovincenzi
Copy link
Collaborator

@fabiovincenzi fabiovincenzi commented Nov 20, 2025

No description provided.

jescalada and others added 30 commits October 10, 2025 22:25
@jescalada
chore: remove unused test deps and update depcheck script
f7be67c
@jescalada
Merge branch '1150-vitest-migration-from-service' of https://github.c…
c85bb34 
…om/jescalada/git-proxy into 1150-vitest-migration-from-service
@jescalada
fix: reset modules in testProxyRoute and add/replace types for app
b5746d0
@jescalada
fix: CI test script and unused deps
a20d39a
@jescalada
fix: add proper cleanup to proxy tests
fb903c3
@jescalada
chore: temporarily skip proxy tests to prevent errors
73e5d8b
@jescalada
chore: temporarily skip problematic proxy route tests
f1920c9
@jescalada
chore: temporarily add ts-mocha to CLI dev deps
5f4ac95 
This will be removed in a later PR once the new CLI tests are converted to Vitest
@jescalada
chore: update vitest config to limit coverage check to API
52cfaab
@jescalada
chore: exclude more unnecessary files in coverage and include only TS…
c9b324a 
… files
@jescalada
chore: exclude type files from coverage check
a268711
@jescalada
test: rewrite proxy filter tests and new ones for helpers
41abea2
@jescalada
chore: bump vite to latest
65aa650
@jescalada
Merge branch 'main' into 1150-vitest-migration-from-service
4909c03
@jescalada
chore: update package-lock.json and remove unused JS test
51478b0
@jescalada
fix: failing tests and formatting
bfa4374
@jescalada
Merge branch 'main' into 1150-vitest-migration-from-service
b375597
@jescalada
chore: add BlueOak-1.0.0 to allowed licenses list
c3995c5
@jescalada
Merge branch 'main' into 1150-vitest-migration-from-service
4b1adbc
@jescalada
Merge branch 'main' into 1150-vitest-migration-from-service
ef6b730
@jescalada
Merge branch 'main' into 1150-vitest-migration-from-service
2350b59
@jescalada
fix: normalize UI RepositoryData types and props
6c04a0e
@jescalada
refactor: remove duplicate commitTs and CommitData
4e91205
@jescalada
refactor: unify attestation-related types
b5356ac
@jescalada
chore: remove unused UserType and replace with Partial<UserData>
642de69
@jescalada
chore: move ui-only types (UserData, PushData, Route) from src/types/…
99ddef1 
…models.ts to ui/types.ts
@jescalada
refactor: duplicate ContextData types
b5ddbd9
@jescalada
chore: move repo metadata types and fix isAdminUser typings
8740d62
@jescalada
refactor: extra config types into own types file
2db6d4e
@jescalada
chore: generate config types for JWT roleMapping
311a103
@fabiovincenzi
test(ssh): update tests for agent forwarding
c07d5cd
@fabiovincenzi
fix(deps): correct exports conditions order for Vite 7
c10047e
@fabiovincenzi
docs: remove duplicate SSH.md documentation
a656040
@fabiovincenzi
docs: optimize and improve SSH_ARCHITECTURE.md
5114b93
@fabiovincenzi
docs: fix obsolete SSH information in ARCHITECTURE.md
9fff6b7
@fabiovincenzi
fix(ssh): include ssh-agent startup in error message
7bf20b6
@fabiovincenzi
Merge upstream/main: integrate latest changes and fix singleBranch
a4df01c
@fabiovincenzi
docs: fix processor chain count in README (17 -> 16)
7062809
@fabiovincenzi
fix(config): remove personal test repositories from config
2df3916
@fabiovincenzi
refactor(config): remove obsolete getProxyUrl and getSSHProxyUrl func…
db4044a 
…tions

These functions relied on the deprecated 'proxyUrl' config field.
In current versions, the hostname is extracted directly from the repository URL path.
No code in the codebase was using these functions.
@fabiovincenzi
refactor(ssh): remove unnecessary type cast for findUserBySSHKey
06f5052 
The db.findUserBySSHKey method is properly typed in src/db/index.ts,
so the (db as any) cast was unnecessary.
@fabiovincenzi
refactor(routes): remove duplicate JavaScript route files
731ed35 
Remove users.js and config.js as they are superseded by the TypeScript versions (users.ts and config.ts).
@fabiovincenzi
security: remove SSH private keys from repository
1b73bb3 
Remove test SSH private keys that should not be committed.
Add test/.ssh/ to .gitignore to prevent future commits.

Note: These keys were previously pushed to origin in commit bc0b2f6
and should be considered compromised.
@fabiovincenzi
build: add @types/ssh2 to fix TypeScript compilation errors
bfed68a
@fabiovincenzi
security: fix CodeQL command injection and URL sanitization issues
7662e6a 
- Add '--' separator in git clone to prevent flag injection via repo names
- Validate SSH host key paths to prevent command injection in ssh-keygen
- Use strict equality for GitHub/GitLab hostname checks to prevent subdomain spoofing
- Add .gitignore entry for test/.ssh/ directory

Fixes CodeQL security alerts:
- Second order command injection (2 instances)
- Incomplete URL substring sanitization (2 instances)
- Uncontrolled command line (1 instance)
@fabiovincenzi
refactor(test): convert remaining test files from JavaScript to TypeS…
4230bc5 
…cript

Converted pullRemote, performance, and SSH integration tests to TypeScript
for better type safety and consistency with the codebase migration.
@fabiovincenzi
fix(ssh): comprehensive security enhancements and validation improvem…
0ff683e 
…ents

This commit addresses multiple security concerns identified in the PR review:

**Security Enhancements:**
- Add SSH agent socket path validation to prevent command injection
- Implement repository path validation with stricter rules (hostname, no traversal, .git extension)
- Add host key verification using hardcoded trusted fingerprints (prevents MITM attacks)
- Add chunk count limit (10,000) to prevent memory fragmentation attacks
- Fix timeout cleanup in error paths to prevent memory leaks

**Type Safety Improvements:**
- Add SSH2ServerOptions interface for proper server configuration typing
- Add SSH2ConnectionInternals interface for internal ssh2 protocol types
- Replace Function type with proper signature in _handlers

**Configuration Changes:**
- Use fixed path for proxy host keys (.ssh/proxy_host_key)
- Ensure consistent host key location across all SSH operations

**Security Tests:**
- Add comprehensive security test suite (test/ssh/security.test.ts)
- Test repository path validation (traversal, special chars, invalid formats)
- Test command injection prevention
- Test pack data chunk limits

All 34 SSH tests passing (27 server + 7 security tests).
fabiovincenzi and others added 12 commits December 18, 2025 16:44
@fabiovincenzi @jescalada
Update src/proxy/ssh/AgentForwarding.ts
e3e60da 
Co-authored-by: Juan Escalada <97265671+jescalada@users.noreply.github.com>
Signed-off-by: Fabio Vincenzi <93596376+fabiovincenzi@users.noreply.github.com>
@fabiovincenzi
fix(ssh): remove password auth and add error for missing SSH identities
3ad0105
@fabiovincenzi
chore: merge changes
4cf238e
@fabiovincenzi
docs(ssh): emphasize .git requirement in repository URLs
0d2e4e1
@fabiovincenzi @jescalada
Update src/proxy/ssh/server.ts
07f15ef 
Co-authored-by: Juan Escalada <97265671+jescalada@users.noreply.github.com>
Signed-off-by: Fabio Vincenzi <93596376+fabiovincenzi@users.noreply.github.com>
@fabiovincenzi
Merge branch 'ssh-agent-on-pr987' of https://github.com/fabiovincenzi…
62c93e2 
…/git-proxy into ssh-agent-on-pr987
@fabiovincenzi
fix(ssh): use default dual-stack binding for IPv4/IPv6 support
5ccd921
@fabiovincenzi
fix(ssh): use default dual-stack binding for IPv4/IPv6 support
67c1016
@fabiovincenzi
Merge branch 'ssh-agent-on-pr987' of https://github.com/fabiovincenzi…
c1d92b5 
…/git-proxy into ssh-agent-on-pr987
@fabiovincenzi
test: fix User constructor calls and SSH agent forwarding mock
a648e84
@fabiovincenzi
fix: correct SSH fingerprint verification and refactor pullRemote tests
acc66d0
@fabiovincenzi
test: increase memory leak threshold for flaky performance test
bb17668
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dcoric dcoric dcoric left review comments

@jescalada jescalada jescalada requested changes

+1 more reviewer

@dgl dgl dgl left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@fabiovincenzi @dgl @dcoric @jescalada @kriswest @tabathad @coopernetes @andypols