Passthrough mode

[rcarmo]

Following up on #341, we should look at a way to have piku "step out of the way" for unfettered ssh sessions, probably depending on a specific key. Quoting myself from that thread:

You'd do --passthrough (or add an environment variable to authorized_keys, which actually seems better) to "open up" for extra commands, with piku only handling deploys.

Then you could set up another key with the default "restricted" behavior for CI. We'd probably even remove the run command, since I keep forgetting to use '-t' for sane terminal handling

There are some security implications here, but I too would like to avoid having to do workarounds (like logging in as another user) just to get at the piku environment for some trivial app-specific tasks, and don't really like using the run command.

[chr15m]

@rcarmo what's the ideal implementation here for you? How does this sound:

• Env var like 'PIKU_SSH_PASSHTROUGH=1' in authorized_keys.
• If set, some kind of @click catch-all handler (instead of per-command special cases like the scp one already merged).

I took a quick look at the possibility of Click catch-all and nothing jumped out but hopefully there's a sane way to implement this.

[rcarmo]

That was broadly what I was trying to test before work caught up with me. Was trying with a second key first just to isolate things.

[chr15m]

Did you work out a good way to do a "wildcard" command with Click? Or bypass click entirely?

[rcarmo]

IIRC there should be a fallback default.