-
Notifications
You must be signed in to change notification settings - Fork 3
205 lines (188 loc) · 10 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
name: CI
on: [push]
jobs:
build_multi_platform:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Set up Go 1.x
uses: actions/setup-go@v5
with:
go-version: '1.20'
- name: Build for multi-platform
run: |
set -xeu
DIST=dist
mkdir $DIST
# (from: https://www.digitalocean.com/community/tutorials/how-to-build-go-executables-for-multiple-platforms-on-ubuntu-16-04)
platforms=("linux/amd64" "darwin/amd64" "windows/amd64" "linux/arm")
for platform in "${platforms[@]}"
do
platform_split=(${platform//\// })
export GOOS=${platform_split[0]}
export GOARCH=${platform_split[1]}
[ $GOOS = "windows" ] && EXTENSION='.exe' || EXTENSION=''
BUILD_PATH=piping-tunnel-$GOOS-$GOARCH
mkdir $BUILD_PATH
# Build
CGO_ENABLED=0 go build -o "${BUILD_PATH}/piping-tunnel${EXTENSION}" main/main.go
done
operational_test:
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
steps:
- name: Build SSH server Dockerfile
run: |
docker build -t ssh-server - <<'EOS'
FROM ubuntu:20.04
RUN apt update
RUN apt install -y openssh-server
RUN mkdir /var/run/sshd
# (base(ja): https://qiita.com/FGtatsuro/items/4893dfb138f70d972904)
RUN useradd -m guest
RUN passwd -d guest
RUN sed -ri 's/^#?PermitEmptyPasswords\s+.*/PermitEmptyPasswords yes/' /etc/ssh/sshd_config
RUN sed -ri 's/^#?UsePAM\s+.*/UsePAM no/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
ENTRYPOINT [ "/usr/sbin/sshd", "-D" ]
EOS
- run: sudo apt install -y socat
- name: Run SSH Server
run: docker run -d -p 2022:22 --init ssh-server
- name: Run Nginx
run: docker run -d -p 8888:80 nginx:alpine
- name: Run Piping Server
run: docker run -d -p 8080:8080 nwtgck/piping-server:v1.2.0
- uses: actions/checkout@v4
- name: Set up Go 1.x
uses: actions/setup-go@v5
with:
go-version: '1.20'
- run: CGO_ENABLED=0 go build -o piping-tunnel main/main.go
- name: Normal tunnel
run: |
set -eux
./piping-tunnel -s http://localhost:8080 server -p 2022 aaa bbb &
./piping-tunnel -s http://localhost:8080 client -p 3322 aaa bbb &
sleep 1
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
- name: Unix socket on server host side
run: |
set -eux
socat UNIX-LISTEN:/tmp/my_nginx_socat TCP:localhost:8888 &
sleep 1
./piping-tunnel -s http://localhost:8080 server --unix-socket=/tmp/my_nginx_socat aaa bbb &
./piping-tunnel -s http://localhost:8080 client -p 8889 aaa bbb &
sleep 1
curl localhost:8889
- name: Unix socket on client host side
run: |
set -eux
./piping-tunnel -s http://localhost:8080 server -p 8888 aaa bbb &
./piping-tunnel -s http://localhost:8080 client --unix-socket=/tmp/my_unginx aaa bbb &
sleep 1
curl --unix-socket /tmp/my_unginx http:/index.html
- name: Encrypt with AES-CTR
run: |
set -eux
./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=aes-ctr --pass=mypass aesctraaa aesctrbbb &
./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=aes-ctr --pass=mypass aesctraaa aesctrbbb &
sleep 1
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
- name: Encrypt with OpenSSL-compabile AES-CTR
run: |
set -eux
./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl1aaa openssl1bbb & echo $! > pid1
./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl1aaa openssl1bbb & echo $! > pid2
sleep 1
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
- name: Encrypt with OpenSSL-compabile AES-CTR using real openssl in server host
run: |
set -eux
curl -sSN http://localhost:8080/openssl2aaa | stdbuf -i0 -o0 openssl aes-256-ctr -d -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | nc localhost 2022 | stdbuf -i0 -o0 openssl aes-256-ctr -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | curl -sSNT - http://localhost:8080/openssl2bbb &
./piping-tunnel -s http://localhost:8080 client -p 3322 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl2aaa openssl2bbb &
sleep 1
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
- name: Encrypt with OpenSSL-compabile AES-CTR using real openssl in client host
run: |
set -eux
./piping-tunnel -s http://localhost:8080 server -p 2022 --symmetric --cipher-type=openssl-aes-256-ctr --pbkdf2='{"iter":100000,"hash":"sha256"}' --pass=mypass openssl3aaa openssl3bbb &
curl -NsS http://localhost:8080/openssl3bbb | stdbuf -i0 -o0 openssl aes-256-ctr -d -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | nc -l -p 3322 | stdbuf -i0 -o0 openssl aes-256-ctr -pass "pass:mypass" -bufsize 1 -pbkdf2 -iter 100000 -md sha256 | curl -NsST - http://localhost:8080/openssl3aaa &
sleep 1
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 3322 -o 'StrictHostKeyChecking no' guest@localhost hostname
- name: yamux
run: |
set -eux
# Run server-host with yamux
./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux aaa-yamux bbb-yamux & echo $! > pid1
# Run client-host with yamux
./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux aaa-yamux bbb-yamux & echo $! > pid2
sleep 1
# Check whether ssh multiple times
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost hostname
ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost ls -l /
kill $(cat pid1) && kill $(cat pid2)
- name: yamux (encrypt with AES-CTR)
run: |
set -eux
# Run server-host with yamux (encrypt with AES-CTR)
./piping-tunnel -s http://localhost:8080 server -p 2022 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-yamux bbb-yamux & echo $! > pid1
# Run client-host with yamux (encrypt with AES-CTR)
./piping-tunnel -s http://localhost:8080 client -p 4422 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-yamux bbb-yamux & echo $! > pid2
sleep 1
# Check whether ssh multiple times
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost hostname
ssh -p 4422 -o 'StrictHostKeyChecking no' guest@localhost ls -l /
kill $(cat pid1) && kill $(cat pid2)
- name: yamux SOCKS
run: |
set -eux
# Run socks with yamux
./piping-tunnel -s http://localhost:8080 socks --yamux aaa-socks bbb-socks & echo $! > pid1
# Run client-host with yamux
./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux aaa-socks bbb-socks & echo $! > pid2
sleep 1
# NOTE: Depends on external resource: example.com
curl -x socks5h://localhost:1081 https://example.com
kill $(cat pid1) && kill $(cat pid2)
- name: yamux SOCKS (encrypt with AES-CTR)
run: |
set -eux
# Run socks with yamux (encrypt with AES-CTR)
./piping-tunnel -s http://localhost:8080 socks --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-socks bbb-socks & echo $! > pid1
# Run client-host with yamux (encrypt with AES-CTR)
./piping-tunnel -s http://localhost:8080 client -p 1081 --yamux --symmetric --cipher-type=aes-ctr --pass=mypass aaa-socks bbb-socks & echo $! > pid2
sleep 1
# NOTE: Depends on external resource: example.com
curl -x socks5h://localhost:1081 https://example.com
kill $(cat pid1) && kill $(cat pid2)
- name: pmux
run: |
set -eux
# Run server-host1 with pmux
./piping-tunnel -s http://localhost:8080 server -p 2022 --pmux aaa-pmux bbb-pmux & echo $! > pid1
sleep 1
# pmux allows multiple clients in one set of paths
# Run client-host1 with pmux
./piping-tunnel -s http://localhost:8080 client -p 5522 --pmux aaa-pmux bbb-pmux & echo $! > pid2
# Run client-host2 with pmux
./piping-tunnel -s http://localhost:8080 client -p 6622 --pmux aaa-pmux bbb-pmux & echo $! > pid3
sleep 2
# Check whether ssh multiple times
# (base: -o option: https://www.cyberithub.com/ssh-host-key-verification-failed-error-in-linux/)
ssh -p 5522 -o 'StrictHostKeyChecking no' guest@localhost hostname
ssh -p 5522 -o 'StrictHostKeyChecking no' guest@localhost ls -l /
ssh -p 6622 -o 'StrictHostKeyChecking no' guest@localhost ls -l /
kill $(cat pid1) && kill $(cat pid2) && kill $(cat pid3)