cloudx-proxy 0.4.4__py3-none-any.whl → 0.4.5__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- cloudx_proxy/_version.py +2 -2
- cloudx_proxy/setup.py +13 -7
- {cloudx_proxy-0.4.4.dist-info → cloudx_proxy-0.4.5.dist-info}/METADATA +25 -1
- cloudx_proxy-0.4.5.dist-info/RECORD +12 -0
- cloudx_proxy-0.4.4.dist-info/RECORD +0 -12
- {cloudx_proxy-0.4.4.dist-info → cloudx_proxy-0.4.5.dist-info}/LICENSE +0 -0
- {cloudx_proxy-0.4.4.dist-info → cloudx_proxy-0.4.5.dist-info}/WHEEL +0 -0
- {cloudx_proxy-0.4.4.dist-info → cloudx_proxy-0.4.5.dist-info}/entry_points.txt +0 -0
- {cloudx_proxy-0.4.4.dist-info → cloudx_proxy-0.4.5.dist-info}/top_level.txt +0 -0
cloudx_proxy/_version.py
CHANGED
cloudx_proxy/setup.py
CHANGED
|
@@ -224,15 +224,21 @@ class CloudXSetup:
|
|
|
224
224
|
self.print_status("Invalid input", False, 2)
|
|
225
225
|
return False
|
|
226
226
|
|
|
227
|
-
# Create
|
|
228
|
-
|
|
227
|
+
# Create possible title variations for the 1Password item
|
|
228
|
+
ssh_key_title_with_prefix = f"cloudX SSH Key - {self.ssh_key}"
|
|
229
|
+
ssh_key_title_without_prefix = self.ssh_key
|
|
229
230
|
|
|
230
|
-
# Check if a key with
|
|
231
|
+
# Check if a key with either title exists in 1Password
|
|
231
232
|
ssh_keys = list_ssh_keys()
|
|
232
|
-
|
|
233
|
+
|
|
234
|
+
# First check for our prefixed format, then for a plain key with the same name
|
|
235
|
+
existing_key = next((key for key in ssh_keys if key['title'] == ssh_key_title_with_prefix), None)
|
|
236
|
+
if not existing_key:
|
|
237
|
+
existing_key = next((key for key in ssh_keys if key['title'] == ssh_key_title_without_prefix), None)
|
|
233
238
|
|
|
234
239
|
if existing_key:
|
|
235
|
-
|
|
240
|
+
key_title = existing_key['title']
|
|
241
|
+
self.print_status(f"SSH key '{key_title}' already exists in 1Password", True, 2)
|
|
236
242
|
# Get the public key
|
|
237
243
|
result = subprocess.run(
|
|
238
244
|
['op', 'item', 'get', existing_key['id'], '--fields', 'public key'],
|
|
@@ -249,8 +255,8 @@ class CloudXSetup:
|
|
|
249
255
|
return True
|
|
250
256
|
else:
|
|
251
257
|
# Create a new SSH key in 1Password
|
|
252
|
-
self.print_status(f"Creating new SSH key '{
|
|
253
|
-
success, public_key, item_id = create_ssh_key(
|
|
258
|
+
self.print_status(f"Creating new SSH key '{ssh_key_title_with_prefix}' in 1Password...", None, 2)
|
|
259
|
+
success, public_key, item_id = create_ssh_key(ssh_key_title_with_prefix, selected_vault)
|
|
254
260
|
|
|
255
261
|
if not success:
|
|
256
262
|
self.print_status("Failed to create SSH key in 1Password", False, 2)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.2
|
|
2
2
|
Name: cloudx-proxy
|
|
3
|
-
Version: 0.4.
|
|
3
|
+
Version: 0.4.5
|
|
4
4
|
Summary: SSH proxy command to connect VSCode with Cloud9/CloudX instance using AWS Systems Manager
|
|
5
5
|
Author-email: easytocloud <info@easytocloud.com>
|
|
6
6
|
License: MIT License
|
|
@@ -224,6 +224,30 @@ When adding new instances to an existing environment, you can choose to:
|
|
|
224
224
|
|
|
225
225
|
This three-tier structure offers better maintainability by reducing duplication and making it clear which settings apply broadly and which are specific to an environment or host.
|
|
226
226
|
|
|
227
|
+
### Security Model: AWS and SSH Integration
|
|
228
|
+
|
|
229
|
+
cloudX-proxy implements a unique dual-layer security approach that combines AWS's robust authentication mechanisms with SSH's connection handling capabilities:
|
|
230
|
+
|
|
231
|
+
#### AWS Security Layer (Primary)
|
|
232
|
+
The primary security boundary is enforced through AWS Systems Manager (SSM) and EC2 Instance Connect. This layer provides:
|
|
233
|
+
- **Access Control**: Only authenticated AWS users with appropriate IAM permissions can establish SSM sessions
|
|
234
|
+
- **Dynamic Key Authorization**: EC2 Instance Connect allows temporary injection of SSH public keys, valid only for a single session
|
|
235
|
+
- **Network Security**: No inbound SSH ports need to be exposed, as all connections are established through AWS SSM's secure tunneling
|
|
236
|
+
- **Audit Trail**: All connection attempts and key pushes are logged in AWS CloudTrail
|
|
237
|
+
|
|
238
|
+
#### SSH Layer (Secondary)
|
|
239
|
+
SSH serves primarily as a connection handler rather than the main security mechanism:
|
|
240
|
+
- **Ephemeral Authentication**: The SSH key pair is used only to establish the connection through the SSM tunnel
|
|
241
|
+
- **Session Management**: SSH handles the actual terminal session, file transfers, and multiplexing
|
|
242
|
+
- **Key Flexibility**: Since keys are pushed dynamically for each session, the same key can safely be used across multiple instances
|
|
243
|
+
- **Zero Trust Model**: Even if a key is compromised, access still requires valid AWS credentials and permissions
|
|
244
|
+
|
|
245
|
+
This architecture means that:
|
|
246
|
+
1. The security of the connection relies primarily on AWS IAM permissions and SSM session management
|
|
247
|
+
2. SSH keys can be reused across instances without security implications
|
|
248
|
+
3. Each connection gets a fresh key authorization through EC2 Instance Connect
|
|
249
|
+
4. Instances remain completely closed to direct SSH access from the internet
|
|
250
|
+
|
|
227
251
|
### VSCode Configuration
|
|
228
252
|
|
|
229
253
|
1. Install the "Remote - SSH" extension in VSCode
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
cloudx_proxy/_1password.py,sha256=uxyCfVvO1eQrOfYRojst_LN2DV4fIwxM5moaQTn3wQY,5853
|
|
2
|
+
cloudx_proxy/__init__.py,sha256=ZZ2O_m9OFJm18AxMSuYJt4UjSuSqyJlYRaZMoets498,61
|
|
3
|
+
cloudx_proxy/_version.py,sha256=YrJwLVAkXjdo87YWYyrI7_B7BOSjbDIJ_FAFmb7g_vc,511
|
|
4
|
+
cloudx_proxy/cli.py,sha256=5IcfYFACUOa4pqSKuHucqZionI9P8n5ZLvtzyXYeTvw,4218
|
|
5
|
+
cloudx_proxy/core.py,sha256=RF3bX5MQiokRKjYEPnfWdKywGdtoVUvV2xZqm9uOl1g,8135
|
|
6
|
+
cloudx_proxy/setup.py,sha256=TMFSo3-RusvQ5G7_I0vUPtZG18yDnogQbRDxGxVtNnM,38632
|
|
7
|
+
cloudx_proxy-0.4.5.dist-info/LICENSE,sha256=i7P2OR4zsJYsMWcCUDe_B9ZfGi9bU0K5I2nKfDrW_N8,1068
|
|
8
|
+
cloudx_proxy-0.4.5.dist-info/METADATA,sha256=heC8F4kGgkmgSy-8SdqpgsKsGZ27N3xNkZI8wR3nogw,18522
|
|
9
|
+
cloudx_proxy-0.4.5.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
|
|
10
|
+
cloudx_proxy-0.4.5.dist-info/entry_points.txt,sha256=HGt743N2lVlKd7O1qWq3C0aEHyS5PjPnxzDHh7hwtSg,54
|
|
11
|
+
cloudx_proxy-0.4.5.dist-info/top_level.txt,sha256=2wtEote1db21j-VvkCJFfT-dLlauuG5indjggYh3xDg,13
|
|
12
|
+
cloudx_proxy-0.4.5.dist-info/RECORD,,
|
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
cloudx_proxy/_1password.py,sha256=uxyCfVvO1eQrOfYRojst_LN2DV4fIwxM5moaQTn3wQY,5853
|
|
2
|
-
cloudx_proxy/__init__.py,sha256=ZZ2O_m9OFJm18AxMSuYJt4UjSuSqyJlYRaZMoets498,61
|
|
3
|
-
cloudx_proxy/_version.py,sha256=rQpExgwkkSMYhPbtDdfhSejoe7mM9tgzyWoNno0mgIw,511
|
|
4
|
-
cloudx_proxy/cli.py,sha256=5IcfYFACUOa4pqSKuHucqZionI9P8n5ZLvtzyXYeTvw,4218
|
|
5
|
-
cloudx_proxy/core.py,sha256=RF3bX5MQiokRKjYEPnfWdKywGdtoVUvV2xZqm9uOl1g,8135
|
|
6
|
-
cloudx_proxy/setup.py,sha256=11DsAVt6L4d3VmuJNpU07-QdF3FwahOUpJyLDksMeaE,38216
|
|
7
|
-
cloudx_proxy-0.4.4.dist-info/LICENSE,sha256=i7P2OR4zsJYsMWcCUDe_B9ZfGi9bU0K5I2nKfDrW_N8,1068
|
|
8
|
-
cloudx_proxy-0.4.4.dist-info/METADATA,sha256=22Yrnn7514Dd8eYte1c03xXpSjMhgATvwIftn1A95iQ,16757
|
|
9
|
-
cloudx_proxy-0.4.4.dist-info/WHEEL,sha256=jB7zZ3N9hIM9adW7qlTAyycLYW9npaWKLRzaoVcLKcM,91
|
|
10
|
-
cloudx_proxy-0.4.4.dist-info/entry_points.txt,sha256=HGt743N2lVlKd7O1qWq3C0aEHyS5PjPnxzDHh7hwtSg,54
|
|
11
|
-
cloudx_proxy-0.4.4.dist-info/top_level.txt,sha256=2wtEote1db21j-VvkCJFfT-dLlauuG5indjggYh3xDg,13
|
|
12
|
-
cloudx_proxy-0.4.4.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|