Merge branch 'master' into fix-connection-closed-by-remote-host-issue

yokawasa · yokawasa · commit 5f4285547565 · 2022-08-14T14:52:26.000+09:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,13 +2,22 @@
 
 All notable changes to the "kubectl-plugin-ssh-jump" extension will be documented in this file.
 
-## 0.8.0
+## 0.7.3
 
+- Fix `Connection closed by remote host connection closed by unknown port 65535` issue ([#16](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/16))
+  - Add RSA workaround options (`-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa`)to commands in ProxyCommand only if the local OpenSSH version >= `8.5`
+
+## 0.7.2
+
+- Fix `Bad configuration option: pubkeyacceptedalgorithms` issue ([#18](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/18))
+  - Add OpenSSH version check
+  - Add RSA workaround options (`-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa`) introduced in [ssh-jump-0.7.1](https://github.com/yokawasa/kubectl-plugin-ssh-jump/releases/tag/0.7.1) only if the local OpenSSH version >= `8.5`
 - Add verbose option (`-v|--verbose`)
 
 ## 0.7.1
 
-- Fix `root@127.0.0.1: Permission denied (publickey)` issue ([#13](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/13)) by adding options like `-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa` which works for newer ssh client scenario
+- Fix `root@127.0.0.1: Permission denied (publickey)` issue ([#13](https://github.com/yokawasa/kubectl-plugin-ssh-jump/issues/13))
+  - Add options like `-o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa` which works for newer ssh client (`OpenSSH 8.5+`) scenario
 
 ## 0.7.0
 
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-0.8.0
+0.7.3
diff --git a/kubectl-ssh-jump b/kubectl-ssh-jump
@@ -82,6 +82,10 @@ get_node_list(){
   echo ""
 }
 
+get_openssh_verion_number() {
+  ssh -V 2>&1 | awk -F'[_,]' '{print $2+0}'
+}
+
 cleanup_sshjump_pod(){
   echo "Clearning up SSH Jump host (Pod)..."
   kubectl delete pod sshjump
@@ -198,14 +202,21 @@ run_ssh_node(){
   cat ${pubkey_sshjump} | \
     kubectl exec -i sshjump -- /bin/bash -c "cat > /root/.ssh/authorized_keys"
 
+  # Add default ssh option
+  sshargs="${sshargs} -o StrictHostKeyChecking=no"
+ 
+  # Add RSA workaround options if the local OpenSSH version >= 8.5
+  sshversion=$(get_openssh_verion_number)
+  if [ $(echo "${sshversion} >= 8.5" | bc) -eq 1 ]; then
+    sshargs="${sshargs} -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa"
+  fi
+
   if [ "${destnode}" = "sshjump" ]; then
-    ssh ${sshuser}@127.0.0.1 -p 2222 -i ${identity_sshjump} \
-      -o StrictHostKeyChecking=no -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa $sshargs
+    ssh ${sshuser}@127.0.0.1 -p 2222 -i ${identity_sshjump} ${sshargs}
   else
     # Using the SSH Server as a jumphost (via port-forward proxy), ssh into the desired Node
     ssh -i ${identity} -p ${port} ${sshuser}@${destnode} \
-      -o "ProxyCommand ssh root@127.0.0.1 -p 2222 -i ${identity_sshjump} -o \"StrictHostKeyChecking=no\" \"nc %h %p\"" \
-      -o StrictHostKeyChecking=no -o HostkeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa $sshargs
+      -o "ProxyCommand ssh root@127.0.0.1 -p 2222 -i ${identity_sshjump} ${sshargs} \"nc %h %p\"" ${sshargs}
   fi
   # Stop port-forward
   kill -3 ${pid_port_forward} 2>/dev/null
@@ -215,7 +226,6 @@ plugin_main() {
   skip_agent=no
   cleanup_jump=no
   cleanup_agent=no
-  verbose=no
   sshargs=""
   while [ $# -gt 0 ] ; do
     nSkip=1
