feat: SSH target manager — GUI editor for remote host configuration #24

New issue

Closed

opened 2026-05-17 14:25:50 -07:00 by pyr0ball · 0 comments

pyr0ball commented

2026-05-17 14:25:50 -07:00

Owner

Summary

Add a settings panel in the Turnstone UI for managing SSH remote targets. Users should be able to add, edit, test, and remove remote hosts without touching config files or the CLI.

UI

Settings → Remote Hosts panel

List of configured targets (name, host, user, connection status indicator)
Add / Edit form:
- Display name — friendly label shown in the sources list
- Host — hostname or IP
- Port — default 22
- Username
- SSH key path — file picker or text field; resolves ~ and env vars
- Test connection button — attempts SSH and reports success/failure inline
Delete with confirmation
Status badge per target: Connected / Unreachable / Not tested

Inline in the Sources panel

When adding a new log source, the SSH target selector should appear as a dropdown of configured hosts (or an inline "+ Add host" shortcut that opens the editor). No config file editing required to go from zero to first remote log pull.

Backend

GET /api/ssh-targets — list configured targets (never return key contents)
POST /api/ssh-targets — create
PATCH /api/ssh-targets/{id} — update
DELETE /api/ssh-targets/{id} — remove
POST /api/ssh-targets/{id}/test — attempt SSH connection, return ok/error with message
Targets persisted in SQLite alongside other Turnstone config
Key path stored as a path reference only — private key never read into the DB or returned by the API

Security notes

Key-based auth only — no password fields in the UI
Key path validated to exist and have correct permissions (warn if world-readable)
Test connection runs a no-op remote command (true) — does not pull any data
Targets scoped to the local Turnstone instance; not synced or exported

Acceptance Criteria

Settings panel lists, adds, edits, and removes SSH targets without file editing
Test connection gives clear pass/fail feedback inline (not a toast that disappears)
SSH target selector available when adding a remote log source
API never returns private key contents
Key path validated at save time with a clear warning if permissions are too open
Empty state copy explains what SSH targets are and why you would add one

Turnstone#22 — SSH remote ingest (uses these targets)
Turnstone#23 — dynamic log discovery (triggered per target)

## Summary Add a settings panel in the Turnstone UI for managing SSH remote targets. Users should be able to add, edit, test, and remove remote hosts without touching config files or the CLI. ## UI ### Settings → Remote Hosts panel - List of configured targets (name, host, user, connection status indicator) - Add / Edit form: - **Display name** — friendly label shown in the sources list - **Host** — hostname or IP - **Port** — default 22 - **Username** - **SSH key path** — file picker or text field; resolves `~` and env vars - **Test connection** button — attempts SSH and reports success/failure inline - Delete with confirmation - Status badge per target: Connected / Unreachable / Not tested ### Inline in the Sources panel When adding a new log source, the SSH target selector should appear as a dropdown of configured hosts (or an inline "+ Add host" shortcut that opens the editor). No config file editing required to go from zero to first remote log pull. ## Backend - `GET /api/ssh-targets` — list configured targets (never return key contents) - `POST /api/ssh-targets` — create - `PATCH /api/ssh-targets/{id}` — update - `DELETE /api/ssh-targets/{id}` — remove - `POST /api/ssh-targets/{id}/test` — attempt SSH connection, return ok/error with message - Targets persisted in SQLite alongside other Turnstone config - Key path stored as a path reference only — private key never read into the DB or returned by the API ## Security notes - Key-based auth only — no password fields in the UI - Key path validated to exist and have correct permissions (warn if world-readable) - Test connection runs a no-op remote command (`true`) — does not pull any data - Targets scoped to the local Turnstone instance; not synced or exported ## Acceptance Criteria - [ ] Settings panel lists, adds, edits, and removes SSH targets without file editing - [ ] Test connection gives clear pass/fail feedback inline (not a toast that disappears) - [ ] SSH target selector available when adding a remote log source - [ ] API never returns private key contents - [ ] Key path validated at save time with a clear warning if permissions are too open - [ ] Empty state copy explains what SSH targets are and why you would add one ## Related - Turnstone#22 — SSH remote ingest (uses these targets) - Turnstone#23 — dynamic log discovery (triggered per target)