feat: glsh: introduce ssh-config subcommand for generating ssh configs

Igorrequested to merge
glsh-ssh-config into master

This introduces a new glsh subcommand: glsh ssh-config. The purpose of this subcommand is to generate the appropriate SSH configuration to be able to SSH into our hosts by proxying through a bastion.

This tool replaces the awful ProxyCommand incantation that we used to have. That setup broke on environment names containing dashes, see https://gitlab.com/gitlab-com/gl-infra/production-engineering/-/merge_requests/446.

That config has grown and changed over the years and since it is not managed anywhere, many people have not updated theirs. This tooling brings a uniform way to install and update SSH client configuration to the org.

Docs in production-engineering will be updated if this command is merged.

Usage

glsh ssh-config

This will write ProxyJump directives for each environment to ~/.ssh/config.d/glsh, and add Include config.d/* to ~/.ssh/config.

If the SSH username does not match the local machine user, the SSH username can be provided via:

glsh ssh-config --user iwiedler

This username will be remembered in ~/.ssh/glsh_user_name, so it does not need to be provided again when re-generating the config.

Migration guide

Backup existing ~/.ssh/config.

Remove the previous ssh config from ~/.ssh/config.

Generate the new ssh config:

glsh ssh-config --user YOUR_SSH_USER

Verify that SSH is still working:

ssh -O stop console-01-sv-gprd.c.gitlab-production.internal
ssh console-01-sv-gprd.c.gitlab-production.internal hostname

refs gitlab-com/gl-infra/production-engineering#26738 (closed)

Edited by Igor

Merge request reports