Debuggable scanner VM

[FrimIdan]

No description provided.

[ghost]

Great addition, we need to be able to debug the scanner instances, I've got a couple of comments.

[ghost]

I think this should be in the AWS specific configuration not the top level one

[FrimIdan]

why? key-pair is only an AWS term?

[ghost]

we can avoid this if we use the VMClarity host as a bastion:

ssh -J ubuntu@<vmclarity-server-public-ip> ubuntu@<vmclarity-scanner-private-ip>

[FrimIdan]

Tested it by just attaching the key-pair to the scanner vm and open ssh port but got an error

$ ssh -i ~/Portshift/vmclarity/idan-key-pair.pem -J ubuntu@ec2-13-40-25-155.eu-west-2.compute.amazonaws.com ubuntu@10.0.0.189
Warning: Permanently added 'ec2-13-40-25-155.eu-west-2.compute.amazonaws.com' (ED25519) to the list of known hosts.
ubuntu@ec2-13-40-25-155.eu-west-2.compute.amazonaws.com: Permission denied (publickey).
kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

TBH I don't think it is bad for debug purpose to open the scanner cli vm publicly to SSH - it is only SSH

[ghost]

Was idan-key-pair.pem the same key you used for both the VMClarity server and the debug scanner? IIRC if you need different keys then you have to use either the ssh args flag or use ~/.ssh/config to configure it.

[FrimIdan]

It was the same key. I'm assuming the reason is that the connection over the private ip is not working.

[ghost]

ah yeah, we need to fix that, then perhaps we can drop this

[FrimIdan]

so you want to wait with this PR?

[ghost]

i think we can land this as is, and then follow up with a cleanup once we fix the private network, we've got other things we need to fix for the private network stuff too so that should be fine