Consul for "End users" aka connect humans to services

Hi there

I’m quite new to consul and I think I have understand the basic principals of its architecture.

I have the following use case which is of course not a common use case:

I want to connect humans to services.

Lets say:
I define a ssh service

service {
  name = "ssh"
  id = "ssh-1"
  port = 22
  connect {
    sidecar_service {}
  }
}

I register that service:

consul services register consul.d/ssh.hcl

consul catalog services:

consul
ssh
ssh-sidecar-proxy

Then I connect that service
consul connect proxy -sidecar-for ssh-1

Now what I want is to run a “consul agent” on a client system which automatically connects to the allowed services, so that the client can run

ssh ssh.service.consul

Is such a scenario possible which consul? I don’t want to use a termination proxy. I want that the end user is part of the consul environment.

Thank you and BR
Chris

Hi @h8h,

Just to clarify, do you want the user to have an identity within the service mesh, and be able to create intentions which allow specific users access to SSH to a given server?

If not, have you taken a look at Consul’s ingress gateway? It provides a way for users/services outside the mesh to communicate with services running inside the mesh.

You could expose each SSH server on its own TCP listener, and then instruct clients to connect to the server using ssh -p <port> ssh-1.ingress.consul. Alternatively they could use a program like sshsrv which would handle the SRV port lookup, and allow the user to connect using sshsrv ssh-1.ingress.consul.

1 Like