Changes proposed architecture for ssh MITM driver

Signed-off-by: Bella Khizgiyaev <bkhizgiy@redhat.com>

Author: bkhizgiy

packages/jumpstarter-driver-ssh-mitm/README.md

@@ -1,7 +1,8 @@
 # SSH MITM Driver
 
-`jumpstarter-driver-ssh-mitm` provides secure SSH proxy functionality where private keys
-are stored on the exporter and never transmitted to clients.
+`jumpstarter-driver-ssh-mitm` provides a secure SSH proxy layer where private keys
+are stored on the exporter and never transmitted to clients. It is designed to be
+used as a child of `SSHWrapper`.
 
 ## Installation
 
@@ -10,52 +11,72 @@ are stored on the exporter and never transmitted to clients.
 $ pip3 install --extra-index-url {{index_url}} jumpstarter-driver-ssh-mitm
 ```
 
+## Architecture
+
+```
+SSHWrapper --> SSHMITM --> TcpNetwork --> DUT
+```
+
+- **SSHWrapper**: Handles SSH CLI and command execution
+- **SSHMITM**: Provides authenticated proxy connection (stores the SSH key)
+- **TcpNetwork**: Raw TCP connection to the DUT
+
 ## Configuration
 
-Example configuration with inline key:
+The command name is determined by the key in the `export` section. Use `ssh_mitm` to get the `j ssh_mitm` command:
 
 ```yaml
 export:
-  ssh_mitm:
-    type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
+  ssh_mitm:  # ← This gives you "j ssh_mitm" command
+    type: jumpstarter_driver_ssh.driver.SSHWrapper
     config:
-      default_username: "root"
-      ssh_identity: |
-        -----BEGIN OPENSSH PRIVATE KEY-----
-        ...
-        -----END OPENSSH PRIVATE KEY-----
+      default_username: root
     children:
       tcp:
-        type: jumpstarter_driver_network.driver.TcpNetwork
+        type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
         config:
-          host: "192.168.1.100"
-          port: 22
+          ssh_identity_file: /path/to/private/key
+          default_username: root
+        children:
+          tcp:
+            type: jumpstarter_driver_network.driver.TcpNetwork
+            config:
+              host: 192.168.1.100
+              port: 22
 ```
 
-Example configuration with key file:
+Or with inline key:
 
 ```yaml
 export:
-  ssh_mitm:
-    type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
+  ssh_mitm:  # ← This gives you "j ssh_mitm" command
+    type: jumpstarter_driver_ssh.driver.SSHWrapper
     config:
-      default_username: "root"
-      ssh_identity_file: "/path/to/private/key"
+      default_username: root
     children:
       tcp:
-        type: jumpstarter_driver_network.driver.TcpNetwork
+        type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
         config:
-          host: "192.168.1.100"
-          port: 22
+          default_username: root
+          ssh_identity: |
+            -----BEGIN OPENSSH PRIVATE KEY-----
+            ...
+            -----END OPENSSH PRIVATE KEY-----
+        children:
+          tcp:
+            type: jumpstarter_driver_network.driver.TcpNetwork
+            config:
+              host: 192.168.1.100
+              port: 22
 ```
 
-### Config parameters
+### SSHMITM Config parameters
 
-| Parameter         | Description                                              | Type | Required | Default |
-| ----------------- | -------------------------------------------------------- | ---- | -------- | ------- |
-| default_username  | Default SSH username                                     | str  | no       | ""      |
-| ssh_identity      | SSH private key content (inline)                         | str  | no*      | None    |
-| ssh_identity_file | Path to SSH private key file                             | str  | no*      | None    |
+| Parameter         | Description                              | Type  | Required | Default |
+| ----------------- | ---------------------------------------- | ----- | -------- | ------- |
+| default_username  | SSH username for DUT connection          | str   | no       | ""      |
+| ssh_identity      | SSH private key content (inline)         | str   | no*      | None    |
+| ssh_identity_file | Path to SSH private key file             | str   | no*      | None    |
 
 \* Either `ssh_identity` or `ssh_identity_file` must be provided.
 
@@ -65,28 +86,26 @@ export:
 
 ## Usage
 
+Since SSHMITM is used as a child of SSHWrapper, you use the configured command name (e.g., `ssh_mitm`):
+
 ```bash
 # Execute a command
 j ssh_mitm whoami
 
-# Interactive shell (native SSH via port forwarding)
-j ssh_mitm shell
+# Interactive shell
+j ssh_mitm
 
-# Interactive shell (gRPC REPL, no local SSH required)
-j ssh_mitm shell --repl
+# With arguments
+j ssh_mitm ls -la /tmp
 
-# Port forward for ssh/scp/rsync
-j ssh_mitm forward -p 2222
-# Then: ssh -p 2222 localhost
+# With SSH flags
+j ssh_mitm -v hostname
 ```
 
+**Note**: The command name (`ssh_mitm`) is determined by the key in your exporter config's `export` section. You can use any name you prefer.
+
 ## API Reference
 
 ```{eval-rst}
 .. autoclass:: jumpstarter_driver_ssh_mitm.driver.SSHMITM()
 ```
-
-```{eval-rst}
-.. autoclass:: jumpstarter_driver_ssh_mitm.client.SSHMITMClient()
-    :members: execute, run
-```

packages/jumpstarter-driver-ssh-mitm/examples/exporter.yaml

@@ -3,22 +3,31 @@ kind: ExporterConfig
 metadata:
   namespace: default
   name: ssh-mitm-example
+endpoint: "grpc.jumpstarter.example.com:443"
+token: "your-exporter-token"
 export:
+  # "j ssh_mitm" command - secure SSH with key on server
   ssh_mitm:
-    type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
+    type: jumpstarter_driver_ssh.driver.SSHWrapper
     config:
-      default_username: "root"
-      # Option 1: Provide SSH key directly in config
-      ssh_identity: |
-        -----BEGIN OPENSSH PRIVATE KEY-----
-        b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAFwAAAAdz
-        c2gtcnNhAAAAAwEAAQAAAQEAy... (your private key here)
-        -----END OPENSSH PRIVATE KEY-----
-      # Option 2: Or provide path to key file (uncomment to use)
-      # ssh_identity_file: "/path/to/your/private/key"
+      # Change to the user you will SSH as on the DUT
+      default_username: root
     children:
       tcp:
-        type: jumpstarter_driver_network.driver.TcpNetwork
+        type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
         config:
-          host: "192.168.1.100"
-          port: 22
+          # Must match the user on the DUT
+          default_username: root
+          # Option 1: Path to key file (on exporter machine)
+          ssh_identity_file: /etc/jumpstarter/ssh_keys/dut_key
+          # Option 2: Inline key (from secret management)
+          # ssh_identity: |
+          #   -----BEGIN OPENSSH PRIVATE KEY-----
+          #   ...key content...
+          #   -----END OPENSSH PRIVATE KEY-----
+        children:
+          tcp:
+            type: jumpstarter_driver_network.driver.TcpNetwork
+            config:
+              host: 192.168.1.100
+              port: 22