[GH-ISSUE #43] Cannot impersonate a selfPlaySession command #14

New issue

Closed

opened 2026-05-07 00:17:25 +02:00 by BreizhHardware · 3 comments

BreizhHardware commented

2026-05-07 00:17:25 +02:00

Owner

Originally created by @snk33 on GitHub (Nov 13, 2020).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/43

Hello,

We're doing a PoC to see how The Bastion could work for us but we're having some issue using selfPlaySession via adminSudo.

Our goal is to be able to play some user's session to be able to check what has been done on a server, in case something went wrong.

Command is sent from an admin account with these settings :
adminSudo -- --sudo-as USER --sudo-cmd selfPlaySession -- --id ID

Example output (with admin/user replaced) :

---bastion--------------------------------------the-bastion-3.00.01---
=> launching a bastion command or connection, impersonating another user
--------------------------------------------------------------------------------
~ ADMIN SUDO: admin, you'll now impersonate user, this has been logged.
---bastion--------------------------------------the-bastion-3.00.01---
=> replay a past session
--------------------------------------------------------------------------------
~       ID: 3c5135b19531
~  Started: 2020/11/13 12:57:41
~    Ended: 2020/11/13 12:57:58
~ Duration: 0d+00:00:16.600744
~     Type: ssh
~     From: 10.254.254.103:50462 (10.254.254.103)
~      Via: user@10.254.254.100:22
~       To: root@10.254.3.1:22 (10.254.3.1)
~  RetCode: 0
~ 
~ Press '+' to play faster
~ Press '-' to play slower
~ Press '1' to restore normal playing speed
~ 
~ When you're ready to replay session 3c5135b19531, press ENTER.
~ Starting from the next line, the Total Recall begins. Press CTRL+C to jolt awake.

We cannot press ENTER to make the session plays :(

Is there another (undocumented) way to play a session from a specific account ?

If not, could you either fix this stdin issue or add some --autoplay option to selfPlaySession plugin to bypass this ?

Thanks !

Originally created by @snk33 on GitHub (Nov 13, 2020). Original GitHub issue: https://github.com/ovh/the-bastion/issues/43 Hello, We're doing a PoC to see how The Bastion could work for us but we're having some issue using selfPlaySession via adminSudo. Our goal is to be able to play some user's session to be able to check what has been done on a server, in case something went wrong. Command is sent from an admin account with these settings : `adminSudo -- --sudo-as USER --sudo-cmd selfPlaySession -- --id ID` Example output (with admin/user replaced) : ``` ---bastion--------------------------------------the-bastion-3.00.01--- => launching a bastion command or connection, impersonating another user -------------------------------------------------------------------------------- ~ ADMIN SUDO: admin, you'll now impersonate user, this has been logged. ---bastion--------------------------------------the-bastion-3.00.01--- => replay a past session -------------------------------------------------------------------------------- ~ ID: 3c5135b19531 ~ Started: 2020/11/13 12:57:41 ~ Ended: 2020/11/13 12:57:58 ~ Duration: 0d+00:00:16.600744 ~ Type: ssh ~ From: 10.254.254.103:50462 (10.254.254.103) ~ Via: user@10.254.254.100:22 ~ To: root@10.254.3.1:22 (10.254.3.1) ~ RetCode: 0 ~ ~ Press '+' to play faster ~ Press '-' to play slower ~ Press '1' to restore normal playing speed ~ ~ When you're ready to replay session 3c5135b19531, press ENTER. ~ Starting from the next line, the Total Recall begins. Press CTRL+C to jolt awake. ``` We cannot press ENTER to make the session plays :( Is there another (undocumented) way to play a session from a specific account ? If not, could you either fix this stdin issue or add some --autoplay option to selfPlaySession plugin to bypass this ? Thanks !

BreizhHardware

2026-05-07 00:17:25 +02:00

closed this issue
added the
bug
label

BreizhHardware commented

2026-05-07 00:17:26 +02:00

Author

Owner

@speed47 commented on GitHub (Nov 13, 2020):

Thanks for the report!

We've never used selfReplaySession with adminSudo (as we have a LOT of records, usually we push them to some other server and then do the research/replays there), but your use case is completely legit.

The fix is pretty straighforward: connecting the STDIN of adminSudo to what's executed below. Implementing this change in a dev branch so you can test.

@speed47 commented on GitHub (Nov 13, 2020): Thanks for the report! We've never used `selfReplaySession` with `adminSudo` (as we have a LOT of records, usually we push them to some other server and then do the research/replays there), but your use case is completely legit. The fix is pretty straighforward: connecting the STDIN of adminSudo to what's executed below. Implementing this change in a dev branch so you can test.

BreizhHardware commented

2026-05-07 00:17:26 +02:00

Author

Owner

@snk33 commented on GitHub (Nov 13, 2020):

Thanks, I've tried to add expects_stdin to the execute call of adminSudo and it's working !

I've done a PR -> https://github.com/ovh/the-bastion/pull/44

PS : Sorry for branch name, I've done it through webUI :)

@snk33 commented on GitHub (Nov 13, 2020): Thanks, I've tried to add expects_stdin to the execute call of adminSudo and it's working ! I've done a PR -> https://github.com/ovh/the-bastion/pull/44 PS : Sorry for branch name, I've done it through webUI :)

BreizhHardware commented

2026-05-07 00:17:26 +02:00

Author

Owner

@speed47 commented on GitHub (Nov 13, 2020):

Haha, you beat me to it! ;)

@speed47 commented on GitHub (Nov 13, 2020): Haha, you beat me to it! ;)

BreizhHardware referenced this issue

2026-05-07 00:19:39 +02:00

[PR #14] [MERGED] chore: Update readme to point to dockerhub image #170