{"id":26608135,"url":"https://github.com/mobydeck/ssh2incus","last_synced_at":"2025-03-23T23:38:14.657Z","repository":{"id":284044860,"uuid":"953638243","full_name":"mobydeck/ssh2incus","owner":"mobydeck","description":"SSH server for Incus instances","archived":false,"fork":false,"pushed_at":"2025-03-23T20:35:51.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-23T21:28:15.687Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mobydeck.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-23T20:05:41.000Z","updated_at":"2025-03-23T20:35:45.000Z","dependencies_parsed_at":"2025-03-23T21:39:02.088Z","dependency_job_id":null,"html_url":"https://github.com/mobydeck/ssh2incus","commit_stats":null,"previous_names":["mobydeck/ssh2incus"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobydeck%2Fssh2incus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobydeck%2Fssh2incus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobydeck%2Fssh2incus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobydeck%2Fssh2incus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mobydeck","download_url":"https://codeload.github.com/mobydeck/ssh2incus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245186921,"owners_count":20574553,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-23T23:38:14.203Z","updated_at":"2025-03-23T23:38:14.636Z","avatar_url":"https://github.com/mobydeck.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ssh2incus – SSH server for Incus instances\n\n**ssh2incus** is an git remote add origin https://github.com/mobydeck/ssh2incus.git.\nIt uses Incus API in order to establish a connection with an instance and create a session.\n\n## Features\n\n- Authentication using existing host OS SSH keys via `authorized_keys`\n- SSH Agent forwarding into an instance session\n- Full support for PTY (terminal) mode and remote command execution\n- Full support for SCP and SFTP (SFTP server is embedded into `ssh2incus`)\n- Full Ansible support\n- Local port forwarding support\n- Graceful termination via OS signals (SIGINT, SIGTERM)\n\n## Enterprise Features\n\n- Authentication using any possible method (keys, passwords, external API integration, LDAP etc)\n- Web browser based access to an instance shell using JWT tokens\n- 24/7 technical support and new feature development\n\n## Installation\n\nDownload the latest package from **Releases** to an Incus host and install \n\n#### On Ubuntu / Debian\n\n```\napt-get install -f ./ssh2incus_0.1.0-0_amd64.deb\n```\n\n#### On RHEL / Fedora / CentOS / AlmaLinux / Rocky Linux\n\n```\nyum install ./ssh2incus-0.1.0-0.x86_64.rpm\n```\n\n#### Enable and start ssh2incus service\n\n```\nsystemctl enable ssh2incus.service\nsystemctl start ssh2incus.service\n```\n\n#### Checking logs\n\n```\njournalctl -f -u ssh2incus.service\n```\n\n## Basic Connection\n\nTo establish an SSH connection to an instance running on Incus host, run:\n\n```\nssh -p 2222 [instance-user@]instance-name[.project-name][+host-user]@incus-host\n```\n\nand substitute the following\n\n- `host-user` – active user on Incus host such as `root`\n- `instance-name` – active instance on Incus host\n- `project-name` – Incus project the instance is running under\n- `instance-user` – active user in Incus instance (_optional, defaults to_ `root`)\n- `incus-host` – Incus host hostname or IP\n\n### Examples\n\nTo connect to an instance `ubuntu` running on Incus host with IP `1.2.3.4` as `root` user and authenticate\nas `root` on Incus host, run:\n\n```\nssh -p 2222 ubuntu@1.2.3.4\n```\n\nTo connect to an instance `ubuntu` running on Incus host with IP `1.2.3.4` as `root` user and authenticate\nas `admin` on Incus host, run:\n\n```\nssh -p 2222 ubuntu+admin@1.2.3.4\n```\n\nTo connect to an instance `ubuntu` running on Incus host with IP `1.2.3.4` as `ubuntu` user and authenticate\nas `root` on Incus host, run:\n\n```\nssh -p 2222 ubuntu@ubuntu+root@1.2.3.4\n```\n\nTo connect to an instance `ubuntu` under `project1` project running on Incus host with IP `1.2.3.4` as `ubuntu`\nuser and authenticate as `root` on Incus host, run:\n\n```\nssh -p 2222 ubuntu@ubuntu.project1+root@1.2.3.4\n```\n\n## Advanced Connection\n\n### SSH Agent forwarding\n\n`ssh2incus` supports SSH Agent forwarding. To make it work in an instance, it will automatically add a\nproxy socket device to Incus instance and remove it once SSH connection is closed.\n\nTo enable SSH agent on your local system, run:\n\n```\neval `ssh-agent`\n```\n\nTo enable SSH Agent forwarding when connecting to an instance add `-A` to your `ssh` command\n\n```\nssh -A -p 2222 ubuntu@1.2.3.4\n```\n\n### Local port forwarding\n\nLocal port forwarding allows forwarding connections on a local port to a port on Incus instance.\n\nTo forward local port `8080` listening on `127.0.0.1` to port `80` on `ubuntu` instance, run:\n\n```\nssh -L 127.0.0.1:8080::80 -p 2222 ubuntu@1.2.3.4\n```\n\n`ssh2incus` will automatically resolve the IP address of an instance to create\nport forwarding tunnel.\n\n### Using Incus host as SSH Proxy / Bastion\n\nYou can access an Incus instance by using Incus host's SSH server as a Proxy / Bastion.\nThe easiest way is to add additional configuration to your `~/.ssh/config`\n\n```\nHost incus1\n  Hostname localhost\n  Port 2222\n  ProxyJump incus-host\n\nHost incus-host\n  Hostname 1.2.3.4\n  User root\n```\n\nNow to connect to `ubuntu` instance as `root`, run:\n\n```\nssh ubuntu@incus1\n```\n\n\u003e Using this method has additional security benefits and port 2222 is not exposed to the public\n\n## Server Management\n\n### Graceful Termination\n\nThe server has built-in support for graceful termination via OS signals. When receiving SIGINT (Ctrl+C) or SIGTERM signals, the server will:\n\n1. Stop accepting new connections\n2. Allow existing connections to complete their work (up to a 5-second timeout)\n3. Shut down cleanly\n\n### Ansible\n\n#### Examples\n\n```\nansible.cfg:\n\n[defaults]\nhost_key_checking = False\nremote_tmp = /tmp/.ansible-${USER}\n```\n\n```\ninventory:\n\n# Direct connection to port 2222\n[incus1]\ninstance-a ansible_user=root+c1 ansible_host=1.2.3.4 ansible_port=2222\ninstance-b ansible_user=root+u1+ubuntu ansible_host=1.2.3.4 ansible_port=2222 become=yes\n\n# Connection using ProxyJump configured in ssh config \n[incus2]\ninstance-c ansible_user=root+c1 ansible_host=incus1\ninstance-d ansible_user=root+u1+ubuntu ansible_host=incus1 become=yes\n```\n\n```\nplaybook.yml:\n\n---\n- hosts: incus1,incus2\n  become: no\n  become_method: sudo\n\n  tasks:\n    - command: env\n    - command: ip addr\n```\n\n\n## Configuration Options\n\nBy default `ssh2incus` will listen on port `2222` and allow authentication for `root` and users who belong to the groups\n`adm,incus` on Ubuntu / Debian Incus host and `wheel,incus` on RHEL Incus host.\n\nTo add a user to one of those groups run as root `usermod -aG incus your-host-user`\n\nTo run `ssh2incus` with custom configuration options you can edit `/etc/default/ssh2incus`.\nThe following options can be added to `ARGS=`\n\n```\n  -c, --client-cert string   client certificate for remote\n  -k, --client-key string    client key for remote\n  -d, --debug                enable debug log\n  -g, --groups string        list of groups members of which allowed to connect (default \"incus\")\n      --healthcheck string   enable Incus health check every X minutes, e.g. \"5m\"\n  -h, --help                 print help\n  -l, --listen string        listen on :2222 or 127.0.0.1:2222 (default \":2222\")\n      --noauth               disable SSH authentication completely\n  -r, --remote string        Incus remote defined in config.yml, e.g. my-remote\n  -t, --server-cert string   server certificate for remote\n      --shell string         shell access command: login, su or default shell\n  -s, --socket string        Incus socket or use INCUS_SOCKET\n  -u, --url string           Incus remote url starting with https://\n  -v, --version              print version\n```\n\nFor example, to enable debug log and listen on localhost change the line to `ARGS=-d -l 127.0.0.1:2222`\n\n### Firewall\n\nIf you have firewall enabled on your Incus host, you may need to allow connections to port `2222`\n\nOn Ubuntu / Debian\n\n```\nufw allow 2222/tcp\nufw reload\n```\n\nOn RHEL / CentOS / AlmaLinux\n\n```\nfirewall-cmd --permanent --add-port=2222/tcp\nfirewall-cmd --reload\n```\n\n## Support\n\nCommunity support is available through **GitHub Issues**.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobydeck%2Fssh2incus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmobydeck%2Fssh2incus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobydeck%2Fssh2incus/lists"}